From 95f82b0de8270052d3b7477c2b488d99f50b09ef Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 21 Nov 2005 22:15:11 +0000 Subject: [PATCH] fixes from dan --- refpolicy/policy/modules/system/authlogin.if | 1 + refpolicy/policy/modules/system/corecommands.fc | 4 ++-- refpolicy/policy/modules/system/corecommands.if | 3 +-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if index 8fedb48b0..b43b764c4 100644 --- a/refpolicy/policy/modules/system/authlogin.if +++ b/refpolicy/policy/modules/system/authlogin.if @@ -926,6 +926,7 @@ interface(`auth_use_nsswitch',` allow $1 var_auth_t:dir r_dir_perms; allow $1 var_auth_t:file create_file_perms; + files_list_var_lib($1) sysnet_dns_name_resolve($1) sysnet_use_ldap($1) diff --git a/refpolicy/policy/modules/system/corecommands.fc b/refpolicy/policy/modules/system/corecommands.fc index 298abe096..8fca3983d 100644 --- a/refpolicy/policy/modules/system/corecommands.fc +++ b/refpolicy/policy/modules/system/corecommands.fc @@ -98,8 +98,8 @@ ifdef(`distro_gentoo',` /usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) # these two lines are separate because of a # sorting issue with the java module -/usr/lib/jvm/java.*/jre/bin -d gen_context(system_u:object_r:bin_t,s0) -/usr/lib/jvm/java.*/jre/bin/.* gen_context(system_u:object_r:bin_t,s0) +/usr/lib/jvm/java.*/bin -d gen_context(system_u:object_r:bin_t,s0) +/usr/lib/jvm/java.*/bin/.* gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cups/filter/.* -- gen_context(system_u:object_r:bin_t,s0) diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if index 2057f82d0..00336791b 100644 --- a/refpolicy/policy/modules/system/corecommands.if +++ b/refpolicy/policy/modules/system/corecommands.if @@ -238,10 +238,9 @@ interface(`corecmd_bin_domtrans',` interface(`corecmd_search_sbin',` gen_require(` type sbin_t; - class dir search; ') - allow $1 sbin_t:dir search; + allow $1 sbin_t:dir search_dir_perms; ') ########################################