trunk: switch daemons from inheriting from all levels to initrc_t sharing to all levels.

This commit is contained in:
Chris PeBenito 2007-08-22 20:21:52 +00:00
parent 8d2c34195e
commit 2af7b42a06
6 changed files with 8 additions and 10 deletions

View File

@ -1,3 +1,5 @@
- Allow initrc_t file descriptors to be inherited regardless of MLS level.
Accordingly drop MLS permissions from daemons that inherit from any level.
- Files and radvd updates from Stefan Schulze Frielinghaus.
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
mls_write_all_levels() and mls_read_all_levels(), for consistency.

View File

@ -1,5 +1,5 @@
policy_module(cups,1.7.1)
policy_module(cups,1.7.2)
########################################
#
@ -165,7 +165,6 @@ domain_read_all_domains_state(cupsd_t)
fs_getattr_all_fs(cupsd_t)
fs_search_auto_mountpoints(cupsd_t)
mls_fd_use_all_levels(cupsd_t)
mls_file_downgrade(cupsd_t)
mls_file_write_all_levels(cupsd_t)
mls_file_read_all_levels(cupsd_t)

View File

@ -1,5 +1,5 @@
policy_module(inetd,1.4.0)
policy_module(inetd,1.4.1)
########################################
#
@ -132,11 +132,9 @@ logging_send_syslog_msg(inetd_t)
miscfiles_read_localization(inetd_t)
# xinetd needs MLS override privileges to work
mls_fd_use_all_levels(inetd_t)
mls_fd_share_all_levels(inetd_t)
mls_socket_read_to_clearance(inetd_t)
mls_process_set_level(inetd_t)
mls_socket_read_to_clearance(inetd_t)
sysnet_read_config(inetd_t)

View File

@ -1,5 +1,5 @@
policy_module(init,1.7.2)
policy_module(init,1.7.3)
gen_require(`
class passwd rootok;
@ -292,6 +292,7 @@ mls_file_write_all_levels(initrc_t)
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
selinux_get_enforce_mode(initrc_t)

View File

@ -1,5 +1,5 @@
policy_module(logging,1.7.1)
policy_module(logging,1.7.2)
########################################
#
@ -155,7 +155,6 @@ miscfiles_read_localization(auditd_t)
mls_file_read_all_levels(auditd_t)
mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
mls_fd_use_all_levels(auditd_t)
seutil_dontaudit_read_config(auditd_t)

View File

@ -1,5 +1,5 @@
policy_module(setrans,1.3.1)
policy_module(setrans,1.3.2)
########################################
#
@ -58,7 +58,6 @@ mls_net_receive_all_levels(setrans_t)
mls_socket_write_all_levels(setrans_t)
mls_process_read_up(setrans_t)
mls_socket_read_all_levels(setrans_t)
mls_fd_use_all_levels(setrans_t)
selinux_compute_access_vector(setrans_t)