From 46852138570c0d40703fcb5f414aeb7c15763aed Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Feb 23 2007 19:52:52 +0000 Subject: Patch for misc fixes to nis ypxfr policy from Dan Walsh. --- diff --git a/Changelog b/Changelog index 58a2252..98bd993 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Patch for misc fixes to nis ypxfr policy from Dan Walsh. - Patch to allow apmd to telinit from Dan Walsh. - Patch for additional labeling of samba files from Stefan Schulze Frielinghaus. diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te index f8cbabd..fc4eea4 100644 --- a/policy/modules/services/nis.te +++ b/policy/modules/services/nis.te @@ -1,5 +1,5 @@ -policy_module(nis,1.3.1) +policy_module(nis,1.3.2) ######################################## # @@ -325,15 +325,17 @@ optional_policy(` # allow ypxfr_t self:unix_stream_socket create_stream_socket_perms; -allow ypxfr_t self:tcp_socket connected_socket_perms; +allow ypxfr_t self:unix_dgram_socket create_stream_socket_perms; +allow ypxfr_t self:tcp_socket create_stream_socket_perms; allow ypxfr_t self:udp_socket create_socket_perms; +allow ypxfr_t self:netlink_route_socket r_netlink_socket_perms; manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t) allow ypxfr_t ypserv_t:tcp_socket { read write }; allow ypxfr_t ypserv_t:udp_socket { read write }; -read_files_pattern(ypxfr_t,var_yp_t,var_yp_t) +allow ypxfr_t ypserv_conf_t:file { getattr read }; corenet_non_ipsec_sendrecv(ypxfr_t) corenet_tcp_sendrecv_all_if(ypxfr_t) @@ -355,7 +357,18 @@ corenet_sendrecv_all_client_packets(ypxfr_t) files_read_etc_files(ypxfr_t) files_search_usr(ypxfr_t) +init_use_fds(ypxfr_t) + libs_use_shared_libs(ypxfr_t) libs_use_ld_so(ypxfr_t) +logging_send_syslog_msg(ypxfr_t) + +miscfiles_read_localization(ypxfr_t) + sysnet_read_config(ypxfr_t) + +ifdef(`targeted_policy',` + term_dontaudit_use_unallocated_ttys(ypxfr_t) + term_dontaudit_use_generic_ptys(ypxfr_t) +')