diff --git a/Changelog b/Changelog index b9f3917..4fea4ca 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,5 @@ +- Patch for handling restart of nscd when ran from useradd, groupadd, and + admin passwd, from Dan Walsh. - Patch for procmail, spamassassin, and pyzor updates from Dan Walsh. - Patch for setroubleshoot for validating file contexts from Dan Walsh. - Patch for gssd fixes from Dan Walsh. diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if index f71a57f..7d0a394 100644 --- a/policy/modules/admin/usermanage.if +++ b/policy/modules/admin/usermanage.if @@ -101,6 +101,7 @@ interface(`usermanage_run_groupadd',` usermanage_domtrans_groupadd($1) role $2 types groupadd_t; allow groupadd_t $3:chr_file rw_term_perms; + nscd_run(groupadd_t, $2, $3) ') ######################################## @@ -206,6 +207,7 @@ interface(`usermanage_run_admin_passwd',` usermanage_domtrans_admin_passwd($1) role $2 types sysadm_passwd_t; allow sysadm_passwd_t $3:chr_file rw_term_perms; + nscd_run(sysadm_passwd_t, $2, $3) ') ######################################## @@ -258,6 +260,7 @@ interface(`usermanage_run_useradd',` usermanage_domtrans_useradd($1) role $2 types useradd_t; allow useradd_t $3:chr_file rw_term_perms; + nscd_run(useradd_t, $2, $3) ') ######################################## diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te index 56705bc..9e37d63 100644 --- a/policy/modules/admin/usermanage.te +++ b/policy/modules/admin/usermanage.te @@ -1,5 +1,5 @@ -policy_module(usermanage,1.5.1) +policy_module(usermanage,1.5.2) ######################################## # @@ -257,10 +257,6 @@ optional_policy(` ') optional_policy(` - nscd_domtrans(groupadd_t) -') - -optional_policy(` rpm_use_fds(groupadd_t) rpm_rw_pipes(groupadd_t) ') @@ -444,7 +440,6 @@ optional_policy(` ') optional_policy(` - nscd_domtrans(sysadm_passwd_t) nscd_socket_use(sysadm_passwd_t) ') @@ -540,10 +535,6 @@ optional_policy(` ') optional_policy(` - nscd_domtrans(useradd_t) -') - -optional_policy(` rpm_use_fds(useradd_t) rpm_rw_pipes(useradd_t) ') diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if index edeb217..80d8f6d 100644 --- a/policy/modules/services/nscd.if +++ b/policy/modules/services/nscd.if @@ -173,3 +173,34 @@ interface(`nscd_unconfined',` allow $1 nscd_t:nscd *; ') + +######################################## +## +## Execute nscd in the nscd domain, and +## allow the specified role the nscd domain. +## +## +## +## Domain allowed access +## +## +## +## +## The role to be allowed the nscd domain. +## +## +## +## +## The type of the role's terminal. +## +## +# +interface(`nscd_run',` + gen_require(` + type nscd_t; + ') + + nscd_domtrans($1) + role $2 types nscd_t; + dontaudit nscd_t $3:chr_file rw_term_perms; +') diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te index fe31de3..50652cc 100644 --- a/policy/modules/services/nscd.te +++ b/policy/modules/services/nscd.te @@ -1,5 +1,5 @@ -policy_module(nscd,1.3.1) +policy_module(nscd,1.3.2) gen_require(` class nscd all_nscd_perms;