trunk: rpc update from Vaclav Ovsik.

2008-03-04 19:14:08 +00:00 · 2008-03-04 19:14:08 +00:00 · 01e8ff4ab3
commit 01e8ff4ab3
parent 737fcf232c
3 changed files with 8 additions and 1 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- RPC update from Vaclav Ovsik.
 - Exim updates on Debian from Devin Carrawy.
 - Pam and samba updates from Stefan Schulze Frielinghaus.
 - Backup update on Debian from Vaclav Ovsik.
--- a/policy/modules/services/rpc.fc
+++ b/policy/modules/services/rpc.fc
@ -7,6 +7,7 @@
 # /sbin
 #
 /sbin/rpc\..*		--	gen_context(system_u:object_r:rpcd_exec_t,s0)
+/sbin/sm-notify		--	gen_context(system_u:object_r:rpcd_exec_t,s0)

 #
 # /usr
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@ -1,5 +1,5 @@

-policy_module(rpc,1.7.0)
+policy_module(rpc,1.7.1)

 ########################################
 #
@ -60,10 +60,15 @@ allow rpcd_t rpcd_var_run_t:dir setattr;
 manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
 files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)

+# rpc.statd executes sm-notify
+can_exec(rpcd_t, rpcd_exec_t)
+corecmd_search_bin(rpcd_t)
+
 kernel_read_system_state(rpcd_t) 
 kernel_search_network_state(rpcd_t) 
 # for rpc.rquotad
 kernel_read_sysctl(rpcd_t)  
+kernel_rw_fs_sysctls(rpcd_t)

 fs_list_rpc(rpcd_t)
 fs_read_rpc_files(rpcd_t)