diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te index a5f6f45..f3a48e3 100644 --- a/policy/modules/admin/amanda.te +++ b/policy/modules/admin/amanda.te @@ -94,7 +94,7 @@ can_exec(amanda_t,amanda_inetd_exec_t) # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists) allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms; allow amanda_t amanda_gnutarlists_t:file manage_file_perms; -allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms; +allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms; manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t) manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t) diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te index ad75558..653c2c9 100644 --- a/policy/modules/services/gpm.te +++ b/policy/modules/services/gpm.te @@ -41,8 +41,8 @@ files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir }) allow gpm_t gpm_var_run_t:file manage_file_perms; files_pid_filetrans(gpm_t,gpm_var_run_t,file) -allow gpm_t gpmctl_t:sock_file manage_file_perms; -allow gpm_t gpmctl_t:fifo_file manage_file_perms; +allow gpm_t gpmctl_t:sock_file manage_sock_file_perms; +allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms; dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file }) kernel_read_kernel_sysctls(gpm_t) diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt index 5b5e992..d308697 100644 --- a/policy/support/obj_perm_sets.spt +++ b/policy/support/obj_perm_sets.spt @@ -193,7 +193,7 @@ define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }') define(`create_dir_perms',`{ getattr create }') define(`rename_dir_perms',`{ getattr rename }') define(`delete_dir_perms',`{ getattr rmdir }') -define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }') +define(`manage_dir_perms',`{ create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }') define(`relabelfrom_dir_perms',`{ getattr relabelfrom }') define(`relabelto_dir_perms',`{ getattr relabelto }') define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }') @@ -209,10 +209,10 @@ define(`exec_file_perms',`{ getattr read execute execute_no_trans }') define(`append_file_perms',`{ getattr append lock ioctl }') define(`write_file_perms',`{ getattr write append lock ioctl }') define(`rw_file_perms',`{ getattr read write append ioctl lock }') -define(`create_file_perms',`{ getattr create }') +define(`create_file_perms',`{ getattr create open }') define(`rename_file_perms',`{ getattr rename }') define(`delete_file_perms',`{ getattr unlink }') -define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') +define(`manage_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }') define(`relabelfrom_file_perms',`{ getattr relabelfrom }') define(`relabelto_file_perms',`{ getattr relabelto }') define(`relabel_file_perms',`{ getattr relabelfrom relabelto }') @@ -243,10 +243,10 @@ define(`read_fifo_file_perms',`{ getattr read lock ioctl }') define(`append_fifo_file_perms',`{ getattr append lock ioctl }') define(`write_fifo_file_perms',`{ getattr write append lock ioctl }') define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }') -define(`create_fifo_file_perms',`{ getattr create }') +define(`create_fifo_file_perms',`{ getattr create open }') define(`rename_fifo_file_perms',`{ getattr rename }') define(`delete_fifo_file_perms',`{ getattr unlink }') -define(`manage_fifo_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') +define(`manage_fifo_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }') define(`relabelfrom_fifo_file_perms',`{ getattr relabelfrom }') define(`relabelto_fifo_file_perms',`{ getattr relabelto }') define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }') @@ -279,7 +279,7 @@ define(`rw_blk_file_perms',`{ getattr read write append ioctl lock }') define(`create_blk_file_perms',`{ getattr create }') define(`rename_blk_file_perms',`{ getattr rename }') define(`delete_blk_file_perms',`{ getattr unlink }') -define(`manage_blk_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') +define(`manage_blk_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }') define(`relabelfrom_blk_file_perms',`{ getattr relabelfrom }') define(`relabelto_blk_file_perms',`{ getattr relabelto }') define(`relabel_blk_file_perms',`{ getattr relabelfrom relabelto }') @@ -296,7 +296,7 @@ define(`rw_chr_file_perms',`{ getattr read write append ioctl lock }') define(`create_chr_file_perms',`{ getattr create }') define(`rename_chr_file_perms',`{ getattr rename }') define(`delete_chr_file_perms',`{ getattr unlink }') -define(`manage_chr_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') +define(`manage_chr_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }') define(`relabelfrom_chr_file_perms',`{ getattr relabelfrom }') define(`relabelto_chr_file_perms',`{ getattr relabelto }') define(`relabel_chr_file_perms',`{ getattr relabelfrom relabelto }')