rpms / selinux-policy

Clone
Source Code
GIT

1031ee Implement cobblerd policy.

18 files Authored by Dominick Grift 14 years ago, Committed by Chris PeBenito 14 years ago,
raw patch tree parent
18 files changed. 546 lines added. 2 lines removed.
policy/modules/kernel/corenetwork.te.in
file modified
+1 -0
policy/modules/kernel/files.if
file modified
+18 -0
policy/modules/services/apache.if
file modified
+21 -0
policy/modules/services/apache.te
file modified
+4 -0
policy/modules/services/bind.if
file modified
+38 -0
policy/modules/services/cobbler.fc
file added
+7
policy/modules/services/cobbler.if
file added
+183
policy/modules/services/cobbler.te
file added
+124
policy/modules/services/dhcp.if
file modified
+19 -0
policy/modules/services/dnsmasq.fc
file modified
+1 -0
policy/modules/services/dnsmasq.if
file modified
+38 -0
policy/modules/services/dnsmasq.te
file modified
+5 -2
policy/modules/services/rsync.fc
file modified
+1 -0
policy/modules/services/rsync.if
file modified
+38 -0
policy/modules/services/rsync.te
file modified
+5 -0
policy/modules/services/tftp.if
file modified
+38 -0
policy/modules/system/miscfiles.fc
file modified
+3 -0
policy/modules/system/sysnetwork.fc
file modified
+2 -0 
    Implement cobblerd policy.
    
    My previous version had a minor bug in admin_role where it was using cobblerd_var_log_t, and cobblerd_var_lib_t instead of cobbler_var_log_t, and cobbler_var_lib_t.
    
    Whilst i was at it, i decided the implement a cobbler_etc_t for cobbler content in /etc. This because you cannot admin a cobbler environment witouth having access to cobbler config files and i dont want to give cobbler_admin access to manage etc_t.
    
    As a consequence if this i also removed the files_read_etc_files(cobblerd_t), as i think that cobbler only needed it to read its own files in /etc. However this is not confirmed, and it may need read access to etc_t afteral.
    
    Also i would like to underscore my reason for using public_content_rw_t. One of the reasons is that i do not want to give cobbler access to manage httpd_sys_content_rw_t. In general i do not want to depend on apache module at all.
    
    Signed-off-by: Dominick Grift <domg472@gmail.com>
    Signed-off-by: Chris PeBenito <pebenito@gentoo.org>
file modified
+1 -0
file modified
+18 -0
file modified
+21 -0
file modified
+4 -0
file modified
+38 -0
file added
+7
file added
+183
file added
+124
file modified
+19 -0
file modified
+1 -0
file modified
+38 -0
file modified
+5 -2
file modified
+1 -0
file modified
+38 -0
file modified
+5 -0
file modified
+38 -0
file modified
+3 -0
file modified
+2 -0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation