From fd9deeb8ee9d40325d1003aee60e09b20ea30524 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: May 12 2005 20:49:39 +0000 Subject: reorg and a fix --- diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te index 8445136..92ca0bd 100644 --- a/refpolicy/policy/modules/admin/netutils.te +++ b/refpolicy/policy/modules/admin/netutils.te @@ -121,6 +121,7 @@ filesystem_ignore_get_persistent_filesystem_attributes(ping_t) domain_use_widely_inheritable_file_descriptors(ping_t) files_read_general_system_config(ping_t) +files_ignore_search_system_state_data_directory(ping_t) libraries_use_dynamic_loader(ping_t) libraries_read_shared_libraries(ping_t) @@ -135,25 +136,18 @@ if (user_ping) { } ifdef(`TODO',` +can_ypbind(ping_t) + +domain_auto_trans(sysadm_t, ping_exec_t, ping_t) role sysadm_r types ping_t; -in_user_role(ping_t) +allow ping_t admin_tty_type:chr_file rw_file_perms; +ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;') +in_user_role(ping_t) if (user_ping) { domain_auto_trans(unpriv_userdomain, ping_exec_t, ping_t) ifdef(`gnome-pty-helper.te', `allow ping_t gphdomain:fd use;') } - -# Transition into this domain when you run this program. -domain_auto_trans(sysadm_t, ping_exec_t, ping_t) - -can_ypbind(ping_t) - -# Access the terminal. -allow ping_t admin_tty_type:chr_file rw_file_perms; -ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;') - -# it tries to access /var/run -dontaudit ping_t var_t:dir search; ') dnl end TODO ########################################