trunk: another round of nsswitch from dan.

2007-12-06 16:04:14 +00:00 · 2007-12-06 16:04:14 +00:00 · 09e21686ea
parent 74d920c3b5
commit 09e21686ea
12 changed files with 21 additions and 94 deletions
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@ -1,5 +1,5 @@

-policy_module(vpn,1.6.0)
+policy_module(vpn,1.6.1)

 ########################################
 #
@ -82,6 +82,8 @@ files_read_etc_runtime_files(vpnc_t)
 files_read_etc_files(vpnc_t)
 files_dontaudit_search_home(vpnc_t)

+auth_use_nsswitch(vpnc_t)
+
 libs_exec_ld_so(vpnc_t)
 libs_exec_lib_files(vpnc_t)
 libs_use_ld_so(vpnc_t)
@ -110,11 +112,3 @@ optional_policy(`
 		networkmanager_dbus_chat(vpnc_t)
 	')
 ')
-
-optional_policy(`
-        nis_use_ypbind(vpnc_t)
-')
-
-optional_policy(`
-	nscd_socket_use(vpnc_t)
-')
--- a/policy/modules/apps/thunderbird.if
+++ b/policy/modules/apps/thunderbird.if
@ -62,7 +62,6 @@ template(`thunderbird_per_role_template',`
 	allow $1_thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind };
 	allow $1_thunderbird_t self:tcp_socket create_socket_perms;
 	allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write };
- 	allow $1_thunderbird_t self:netlink_route_socket r_netlink_socket_perms;

 	# Access ~/.thunderbird
 	manage_dirs_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
@ -146,16 +145,14 @@ template(`thunderbird_per_role_template',`
 	# Access ~/.thunderbird
 	fs_search_auto_mountpoints($1_thunderbird_t)
 	
+	auth_use_nsswitch($1_thunderbird_t)
+
 	libs_use_shared_libs($1_thunderbird_t)
 	libs_use_ld_so($1_thunderbird_t)

 	miscfiles_read_fonts($1_thunderbird_t)
 	miscfiles_read_localization($1_thunderbird_t)

-	sysnet_read_config($1_thunderbird_t)
-	# Allow DNS
-	sysnet_dns_name_resolve($1_thunderbird_t)
-
 	userdom_manage_user_tmp_dirs($1,$1_thunderbird_t)
 	userdom_read_user_tmp_files($1,$1_thunderbird_t)
 	userdom_write_user_tmp_sockets($1,$1_thunderbird_t)
@ -341,14 +338,6 @@ template(`thunderbird_per_role_template',`
 		mozilla_dbus_chat($1, $1_thunderbird_t)
 	')

-	optional_policy(`
-		nis_use_ypbind($1_thunderbird_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use($1_thunderbird_t)
-	')
-
 	ifdef(`TODO',`
 		# FIXME: Rules were removed to centralize policy in a gnome_app macro
 		# A similar thing might be necessary for mozilla compiled without GNOME
--- a/policy/modules/apps/thunderbird.te
+++ b/policy/modules/apps/thunderbird.te
@ -1,5 +1,5 @@

-policy_module(thunderbird,1.4.1)
+policy_module(thunderbird,1.4.2)

 ########################################
 #
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@ -87,6 +87,8 @@ template(`mta_base_mail_template',`
 	# It wants to check for nscd
 	files_dontaudit_search_pids($1_mail_t)

+	auth_use_nsswitch($1_mail_t)
+
 	libs_use_ld_so($1_mail_t)
 	libs_use_shared_libs($1_mail_t)

@ -94,17 +96,6 @@ template(`mta_base_mail_template',`

 	miscfiles_read_localization($1_mail_t)

-	sysnet_read_config($1_mail_t)
-	sysnet_dns_name_resolve($1_mail_t)
-
-	optional_policy(`
-		nis_use_ypbind($1_mail_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use($1_mail_t)
-	')
-
 	optional_policy(`
 		postfix_domtrans_user_mail_handler($1_mail_t)
 	')
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@ -1,5 +1,5 @@

-policy_module(mta,1.8.1)
+policy_module(mta,1.8.2)

 ########################################
 #
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@ -1,5 +1,5 @@

-policy_module(postgresql,1.4.2)
+policy_module(postgresql,1.4.3)

 #################################
 #
@ -42,7 +42,6 @@ allow postgresql_t self:tcp_socket create_stream_socket_perms;
 allow postgresql_t self:udp_socket create_stream_socket_perms;
 allow postgresql_t self:unix_dgram_socket create_socket_perms;
 allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
-allow postgresql_t self:netlink_route_socket r_netlink_socket_perms;

 manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
 manage_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
@ -116,6 +115,8 @@ files_search_etc(postgresql_t)
 files_read_etc_runtime_files(postgresql_t)
 files_read_usr_files(postgresql_t)

+auth_use_nsswitch(postgresql_t)
+
 init_read_utmp(postgresql_t)

 libs_use_ld_so(postgresql_t)
@ -127,9 +128,6 @@ miscfiles_read_localization(postgresql_t)

 seutil_dontaudit_search_config(postgresql_t)

-sysnet_read_config(postgresql_t)
-sysnet_use_ldap(postgresql_t)
-
 userdom_dontaudit_search_sysadm_home_dirs(postgresql_t)
 userdom_dontaudit_use_sysadm_ttys(postgresql_t)
 userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
@ -161,10 +159,6 @@ optional_policy(`
 	kerberos_use(postgresql_t)
 ')

-optional_policy(`
-	nis_use_ypbind(postgresql_t)
-')
-
 optional_policy(`
 	seutil_sigchld_newrole(postgresql_t)
 ')
--- a/policy/modules/services/rshd.te
+++ b/policy/modules/services/rshd.te
@ -1,5 +1,5 @@

-policy_module(rshd,1.4.1)
+policy_module(rshd,1.4.2)

 ########################################
 #
@ -52,6 +52,8 @@ files_list_home(rshd_t)
 files_read_etc_files(rshd_t)
 files_search_tmp(rshd_t)

+auth_use_nsswitch(rshd_t)
+
 libs_use_ld_so(rshd_t)
 libs_use_shared_libs(rshd_t)

@ -62,8 +64,6 @@ miscfiles_read_localization(rshd_t)
 seutil_read_config(rshd_t)
 seutil_read_default_contexts(rshd_t)

-sysnet_read_config(rshd_t)
-
 userdom_search_all_users_home_content(rshd_t)

 tunable_policy(`use_nfs_home_dirs',`
@ -80,10 +80,6 @@ optional_policy(`
 	kerberos_use(rshd_t)
 ')

-optional_policy(`
-	nscd_socket_use(rshd_t)
-')
-
 optional_policy(`
 	tcpd_wrapped_domain(rshd_t,rshd_exec_t)
 ')
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@ -1,5 +1,5 @@

-policy_module(samba,1.6.3)
+policy_module(samba,1.6.4)

 #################################
 #
@ -197,10 +197,6 @@ optional_policy(`
 	kerberos_use(samba_net_t)
 ')

-optional_policy(`
-	nscd_socket_use(samba_net_t)
-')
-
 ########################################
 #
 # smbd Local policy
@ -727,10 +723,6 @@ optional_policy(`
 	kerberos_use(winbind_t)
 ')

-optional_policy(`
-	nscd_socket_use(winbind_t)
-')
-
 optional_policy(`
 	seutil_sigchld_newrole(winbind_t)
 ')
@ -760,6 +752,8 @@ term_list_ptys(winbind_helper_t)

 domain_use_interactive_fds(winbind_helper_t)

+auth_use_nsswitch(winbind_helper_t)
+
 libs_use_ld_so(winbind_helper_t)
 libs_use_shared_libs(winbind_helper_t)

@ -767,10 +761,6 @@ logging_send_syslog_msg(winbind_helper_t)

 miscfiles_read_localization(winbind_helper_t) 

-optional_policy(`
-	nscd_socket_use(winbind_helper_t)
-')
-
 optional_policy(`
 	squid_read_log(winbind_helper_t)
 	squid_append_log(winbind_helper_t)
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@ -1,5 +1,5 @@

-policy_module(sendmail,1.6.1)
+policy_module(sendmail,1.6.2)

 ########################################
 #
@ -32,7 +32,6 @@ allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
 allow sendmail_t self:unix_dgram_socket create_socket_perms;
 allow sendmail_t self:tcp_socket create_stream_socket_perms;
 allow sendmail_t self:udp_socket create_socket_perms;
-allow sendmail_t self:netlink_route_socket r_netlink_socket_perms;

 allow sendmail_t sendmail_log_t:dir setattr;
 manage_files_pattern(sendmail_t,sendmail_log_t,sendmail_log_t)
@ -84,6 +83,8 @@ init_use_script_ptys(sendmail_t)
 init_read_utmp(sendmail_t)
 init_dontaudit_write_utmp(sendmail_t)

+auth_use_nsswitch(sendmail_t)
+
 libs_use_ld_so(sendmail_t)
 libs_use_shared_libs(sendmail_t)
 # Read /usr/lib/sasl2/.*
@ -94,9 +95,6 @@ logging_send_syslog_msg(sendmail_t)
 miscfiles_read_certs(sendmail_t)
 miscfiles_read_localization(sendmail_t)

-sysnet_dns_name_resolve(sendmail_t)
-sysnet_read_config(sendmail_t)
-
 userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
 userdom_dontaudit_search_sysadm_home_dirs(sendmail_t)

@ -112,14 +110,6 @@ optional_policy(`
 	clamav_search_lib(sendmail_t)
 ')

-optional_policy(`
-	nis_use_ypbind(sendmail_t)
-')
-
-optional_policy(`
-	nscd_socket_use(sendmail_t)
-')
-
 optional_policy(`
 	postfix_exec_master(sendmail_t)
 	postfix_read_config(sendmail_t)
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@ -101,7 +101,6 @@ allow xdm_t self:fifo_file rw_fifo_file_perms;
 allow xdm_t self:shm create_shm_perms;
 allow xdm_t self:sem create_sem_perms;
 allow xdm_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow xdm_t self:netlink_route_socket r_netlink_socket_perms;
 allow xdm_t self:unix_dgram_socket create_socket_perms;
 allow xdm_t self:tcp_socket create_stream_socket_perms;
 allow xdm_t self:udp_socket create_socket_perms;
@ -335,10 +334,6 @@ optional_policy(`
 	mta_dontaudit_getattr_spool_files(xdm_t)
 ')

-optional_policy(`
-	nscd_socket_use(xdm_t)
-')
-
 optional_policy(`
 	seutil_sigchld_newrole(xdm_t)
 ')
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@ -126,14 +126,6 @@ optional_policy(`
 	locallogin_use_fds(pam_t)
 ')

-optional_policy(`
-	nis_use_ypbind(pam_t)
-')
-
-optional_policy(`
-	nscd_socket_use(pam_t)
-')
-
 ########################################
 #
 # PAM console local policy
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@ -184,10 +184,6 @@ optional_policy(`
 	samba_domtrans_smbmount(mount_t)
 ')

-optional_policy(`
-	nscd_socket_use(mount_t)
-')
-
 ########################################
 #
 # Unconfined mount local policy