clean up rpc hack

This commit is contained in:
Chris PeBenito 2005-11-25 17:39:35 +00:00
parent d828b5ca8f
commit f00434fae9
3 changed files with 22 additions and 4 deletions

View File

@ -132,6 +132,23 @@ interface(`rpc_udp_sendto',`
allow rpc_t $1:udp_socket recvfrom;
')
########################################
## <summary>
## Do not audit attempts to get the attributes
## of the NFS export file.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
interface(`rpc_dontaudit_getattr_exports',`
gen_require(`
type exports_t;
')
dontaudit $1 exports_t:file getattr;
')
########################################
## <summary>
## Allow read access to exports.

View File

@ -1,5 +1,5 @@
policy_module(rpc,1.0.1)
policy_module(rpc,1.0.2)
########################################
#
@ -71,9 +71,6 @@ optional_policy(`nis',`
nis_read_ypserv_config(rpcd_t)
')
# FIXME
dontaudit userdomain exports_t:file getattr;
########################################
#
# NFSD local policy

View File

@ -365,6 +365,10 @@ template(`base_user_template',`
quota_dontaudit_getattr_db($1_t)
')
optional_policy(`rpc',`
rpc_dontaudit_getattr_exports($1_t)
')
optional_policy(`rpm',`
files_getattr_var_lib_dir($1_t)
files_search_var_lib($1_t)