RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixes from sediff

This commit is contained in:
Chris PeBenito 2005-10-27 14:08:53 +00:00
parent ce03837abe
commit fc6198ced0
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
refpolicy/policy/modules/services/nis.te
View File

@ -51,6 +51,7 @@ allow ypbind_t ypbind_tmp_t:file create_file_perms;
files_create_tmp_files(ypbind_t, ypbind_tmp_t, { file dir })
allow ypbind_t ypbind_var_run_t:file manage_file_perms;
allow ypbind_t ypbind_var_run_t:dir rw_dir_perms;
files_create_pid(ypbind_t,ypbind_var_run_t)
allow ypbind_t var_yp_t:dir rw_dir_perms;

8
refpolicy/policy/modules/services/zebra.te
View File

@ -27,7 +27,7 @@ files_pid_file(zebra_var_run_t)
# Local policy
#
allow zebra_t self:capability { setgid setuid net_admin net_raw };
allow zebra_t self:capability { setgid setuid net_admin net_raw net_bind_service };
dontaudit zebra_t self:capability sys_tty_config;
allow zebra_t self:process setcap;
allow zebra_t self:file { ioctl read write getattr lock append };
@ -35,8 +35,8 @@ allow zebra_t self:unix_dgram_socket create_socket_perms;
allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow zebra_t self:netlink_route_socket r_netlink_socket_perms;
allow zebra_t self:tcp_socket create_stream_socket_perms;
allow zebra_t self:udp_socket create_socket_perms;
allow zebra_t self:rawip_socket create_socket_perms;
allow zebra_t self:capability net_bind_service;
allow zebra_t zebra_conf_t:dir r_dir_perms;
allow zebra_t zebra_conf_t:file r_file_perms;
@ -51,7 +51,9 @@ logging_create_log(zebra_t,zebra_log_t,{ sock_file file dir })
allow zebra_t zebra_tmp_t:sock_file create_file_perms;
files_create_tmp_files(zebra_t,zebra_tmp_t,sock_file)
allow zebra_t zebra_var_run_t:file create_file_perms;
allow zebra_t zebra_var_run_t:file manage_file_perms;
allow zebra_t zebra_var_run_t:sock_file manage_file_perms;
allow zebra_t zebra_var_run_t:dir rw_dir_perms;
files_create_pid(zebra_t,zebra_var_run_t, { file sock_file })
kernel_read_system_state(zebra_t)