From 33d087189ddb72c4dcdedd3080bb4c3254a4c501 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 25 Nov 2005 19:41:25 +0000 Subject: [PATCH] remove rhgb_domain and update for optional_policy() behavior change --- docs/macro_conversion_guide | 56 +++++++++++++++---------------------- 1 file changed, 23 insertions(+), 33 deletions(-) diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide index a6f50faf6..c5e93cd5e 100644 --- a/docs/macro_conversion_guide +++ b/docs/macro_conversion_guide @@ -87,7 +87,7 @@ corecmd_exec_shell($1) files_read_etc_runtime_files($1) mta_append_spool($1) ifdef(`TODO',` -optional_policy(`arpwatch.te',` +optional_policy(`arpwatch',` # why is mail delivered to a directory of type arpwatch_data_t? allow mta_delivery_agent arpwatch_data_t:dir search; ') @@ -105,25 +105,25 @@ allow mta_user_agent privmail:fd use; allow mta_user_agent privmail:process sigchld; allow mta_user_agent privmail:fifo_file { read write }; allow mta_user_agent sysadm_t:fifo_file { read write }; -optional_policy(`arpwatch.te',` +optional_policy(`arpwatch',` # why is mail delivered to a directory of type arpwatch_data_t? allow mta_user_agent arpwatch_tmp_t:file rw_file_perms; ifdef(`hide_broken_symptoms', ` dontaudit mta_user_agent arpwatch_t:packet_socket { read write }; ') ') -optional_policy(`cron.te',` +optional_policy(`cron',` cron_sigchld($1) cron_read_system_job_tmp_files($1) ') -optional_policy(`logrotate.te',` +optional_policy(`logrotate',` logrotate_read_tmp_files($1) ') # # nscd_client_domain: complete # -optional_policy(`nscd.te',` +optional_policy(`nscd',` nscd_use_socket($1) ') @@ -135,14 +135,14 @@ domain_wide_inherit_fd($1) # # privlog: complete # -optional_policy(`logging.te',` +optional_policy(`logging',` logging_send_syslog_msg($1) ') # # privmail: complete # -optional_policy(`mta.te',` +optional_policy(`mta',` mta_send_mail($1) ') @@ -209,7 +209,7 @@ seutil_read_default_contexts($1) # # web_client_domain: # -optional_policy(`squid.te',` +optional_policy(`squid',` squid_use($1) ') @@ -386,7 +386,7 @@ selinux_compute_user_contexts($1) # # can_kerberos(): complete # -optional_policy(`kerberos.te',` +optional_policy(`kerberos',` kerberos_use($1) ') @@ -417,7 +417,7 @@ corenet_udp_sendrecv_all_ports($1) corenet_tcp_bind_all_nodes($1) corenet_udp_bind_all_nodes($1) sysnet_read_config($1) -optional_policy(`mount.te',` +optional_policy(`mount',` mount_send_nfs_client_request($1) ') @@ -440,7 +440,7 @@ sysnet_read_config($1) # (remove _port_t from $2): corenet_tcp_sendrecv_$2_port($1) corenet_udp_sendrecv_$2_port($1) -optional_policy(`mount.te',` +optional_policy(`mount',` mount_send_nfs_client_request($1) ') @@ -720,14 +720,14 @@ allow $1 $2:unix_dgram_socket sendto; # # can_winbind(): complete # -optional_policy(`samba.te',` +optional_policy(`samba',` samba_connect_winbind($1) ') # # can_ypbind(): complete # -optional_policy(`nis.te',` +optional_policy(`nis',` nis_use_ypbind($1) ') @@ -777,17 +777,12 @@ ifdef(`targeted_policy',` term_dontaudit_use_generic_pty($1_t) files_dontaudit_read_root_file($1_t) ') -optional_policy(`selinuxutil.te',` +optional_policy(`selinuxutil',` seutil_sigchld_newrole($1_t) ') -optional_policy(`udev.te', ` +optional_policy(`udev',` udev_read_db($1_t) ') -ifdef(`TODO',` -optional_policy(`rhgb.te',` - rhgb_domain($1_t) -') -') dnl end TODO # # daemon_domain(): @@ -823,17 +818,12 @@ ifdef(`targeted_policy', ` term_dontaudit_use_generic_pty($1_t) files_dontaudit_read_root_file($1_t) ') -optional_policy(`selinuxutil.te',` +optional_policy(`selinuxutil',` seutil_sigchld_newrole($1_t) ') -optional_policy(`udev.te', ` +optional_policy(`udev',` udev_read_db($1_t) ') -ifdef(`TODO',` -optional_policy(`rhgb.te',` - rhgb_domain($1_t) -') -') dnl end TODO # # daemon_sub_domain(): @@ -905,7 +895,7 @@ allow $1 self:msgq create_msgq_perms; allow $1 self:msg { send receive }; fs_search_auto_mountpoints($1) userdom_use_unpriv_users_fd($1) -optional_policy(`nis.te',` +optional_policy(`nis',` nis_use_ypbind($1) ') @@ -945,7 +935,7 @@ ifdef(`targeted_policy',` term_dontaudit_use_generic_pty($1_t) files_dontaudit_read_root_file($1_t) ') -optional_policy(`udev.te',` +optional_policy(`udev',` udev_read_db($1_t) ') @@ -968,7 +958,7 @@ allow $1_t self:tcp_socket connected_stream_socket_perms; allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms; allow $1_t self:capability { setuid setgid }; files_search_home($1_t) -optional_policy(`kerberos.te',` +optional_policy(`kerberos',` kerberos_use($1_t) ') #end for identd @@ -999,10 +989,10 @@ libs_use_shared_libs($1_t) logging_send_syslog_msg($1_t) miscfiles_read_localization($1_t) sysnet_read_config($1_t) -optional_policy(`nis.te',` +optional_policy(`nis',` nis_use_ypbind($1_t) ') -optional_policy(`nscd.te',` +optional_policy(`nscd',` nscd_use_socket($1_t) ') @@ -1136,7 +1126,7 @@ allow $1 $2:lnk_file { getattr read }; # # system_crond_entry(): # -optional_policy(`cron.te',` +optional_policy(`cron',` cron_system_entry($2,$1) ')