From 102146088464561c6fff73cf42a3a6d93cc27463 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Feb 23 2010 18:58:18 +0000 Subject: Minor tweaks and module version bump for 68cda59. --- diff --git a/policy/modules/services/mysql.fc b/policy/modules/services/mysql.fc index f59c8d5..cc7192c 100644 --- a/policy/modules/services/mysql.fc +++ b/policy/modules/services/mysql.fc @@ -6,7 +6,7 @@ /etc/my\.cnf -- gen_context(system_u:object_r:mysqld_etc_t,s0) /etc/mysql(/.*)? gen_context(system_u:object_r:mysqld_etc_t,s0) /etc/rc\.d/init\.d/mysqld -- gen_context(system_u:object_r:mysqld_initrc_exec_t,s0) -/etc/rc\.d/init\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0) # # /usr @@ -16,7 +16,6 @@ /usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0) /usr/sbin/mysqld(-max)? -- gen_context(system_u:object_r:mysqld_exec_t,s0) - /usr/sbin/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_exec_t,s0) # @@ -28,5 +27,4 @@ /var/log/mysql.* -- gen_context(system_u:object_r:mysqld_log_t,s0) /var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) - -/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0) +/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0) diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if index a5e70e2..7d70e4f 100644 --- a/policy/modules/services/mysql.if +++ b/policy/modules/services/mysql.if @@ -246,7 +246,6 @@ interface(`mysql_write_log',` ## Domain allowed access. ## ## -## # interface(`mysql_read_pid_files',` gen_require(` diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te index a226060..2323ada 100644 --- a/policy/modules/services/mysql.te +++ b/policy/modules/services/mysql.te @@ -1,5 +1,5 @@ -policy_module(mysql, 1.11.1) +policy_module(mysql, 1.11.2) ######################################## # @@ -32,11 +32,6 @@ logging_log_file(mysqld_log_t) type mysqld_tmp_t; files_tmp_file(mysqld_tmp_t) -######################################## -# -# MySQL Manager Declarations -# - type mysqlmanagerd_t; type mysqlmanagerd_exec_t; init_daemon_domain(mysqlmanagerd_t, mysqlmanagerd_exec_t) @@ -182,6 +177,7 @@ mysql_write_log(mysqld_safe_t) # # MySQL Manager Policy # + allow mysqlmanagerd_t self:capability { dac_override kill }; allow mysqlmanagerd_t self:process signal; allow mysqlmanagerd_t self:fifo_file rw_fifo_file_perms; @@ -195,8 +191,16 @@ mysql_search_db(mysqlmanagerd_t) mysql_signal(mysqlmanagerd_t) mysql_stream_connect(mysqlmanagerd_t) +domtrans_pattern(mysqlmanagerd_t, mysqld_exec_t, mysqld_t) + +manage_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t) +manage_sock_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t) +filetrans_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t, { file sock_file }) + kernel_read_system_state(mysqlmanagerd_t) + corecmd_exec_shell(mysqlmanagerd_t) + corenet_all_recvfrom_unlabeled(mysqlmanagerd_t) corenet_all_recvfrom_netlabel(mysqlmanagerd_t) corenet_tcp_sendrecv_generic_if(mysqlmanagerd_t) @@ -207,14 +211,12 @@ corenet_tcp_bind_mysqlmanagerd_port(mysqlmanagerd_t) corenet_tcp_connect_mysqlmanagerd_port(mysqlmanagerd_t) corenet_sendrecv_mysqlmanagerd_server_packets(mysqlmanagerd_var_run_t) corenet_sendrecv_mysqlmanagerd_client_packets(mysqlmanagerd_var_run_t) + dev_read_urand(mysqlmanagerd_t) + files_read_etc_files(mysqlmanagerd_t) files_read_usr_files(mysqlmanagerd_t) miscfiles_read_localization(mysqlmanagerd_t) -userdom_getattr_user_home_dirs(mysqlmanagerd_t) -domtrans_pattern(mysqlmanagerd_t, mysqld_exec_t, mysqld_t) -filetrans_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t, { file sock_file }) -manage_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t) -manage_sock_files_pattern(mysqlmanagerd_t, mysqld_var_run_t, mysqlmanagerd_var_run_t) +userdom_getattr_user_home_dirs(mysqlmanagerd_t)