more sediff

2005-10-24 14:15:29 +00:00 · 2005-10-24 14:15:29 +00:00 · 34e722f3cd
commit 34e722f3cd
parent fa16f25281
6 changed files with 16 additions and 2 deletions
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@ -46,7 +46,7 @@ network_port(amavisd_recv, tcp,10024,s0)
 network_port(amavisd_send, tcp,10025,s0)
 network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
 network_port(auth, tcp,113,s0)
-type biff_port_t, port_type; dnl network_port(biff) # no defined portcon in current strict
+type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
 network_port(clamd, tcp,3310,s0)
 network_port(clockspeed, udp,4041,s0)
 network_port(comsat, udp,512,s0)
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@ -43,6 +43,7 @@ fs_associate_tmpfs(apm_bios_t)
 type cardmgr_dev_t, device_node;
 fs_associate(cardmgr_dev_t)
 fs_associate_tmpfs(cardmgr_dev_t)
+files_tmp_file(cardmgr_dev_t)

 #
 # clock_device_t is the type of
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@ -53,9 +53,11 @@ allow configfs_t self:filesystem associate;
 genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)

 type eventpollfs_t, filesystem_type;
+allow eventpollfs_t self:filesystem associate;
 genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)

 type futexfs_t, filesystem_type;
+allow futexfs_t self:filesystem associate;
 genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)

 type hugetlbfs_t, filesystem_type;
@ -68,6 +70,7 @@ allow inotifyfs_t self:filesystem associate;
 genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)

 type nfsd_fs_t, filesystem_type;
+allow nfsd_fs_t self:filesystem associate;
 genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)

 type ramfs_t, filesystem_type;
@ -80,6 +83,7 @@ genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
 genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)

 type rpc_pipefs_t, filesystem_type;
+allow rpc_pipefs_t self:filesystem associate;
 genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)

 #
@ -144,6 +148,7 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
 #
 type removable_t, filesystem_type, noxattrfs;
 allow removable_t noxattrfs:filesystem associate;
+files_type(removable_t)

 #
 # nfs_t is the default type for NFS file systems
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@ -221,6 +221,10 @@ ifdef(`targeted_policy',`
 	unconfined_domain_template(kernel_t)
 ')

+optional_policy(`nis.te',`
+	nis_use_ypbind(kernel_t)
+')
+
 optional_policy(`rpc.te',`
 	# nfs kernel server needs kernel UDP access.  It is less risky and painful
 	# to just give it everything.
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@ -57,7 +57,7 @@ corenet_tcp_sendrecv_all_ports(distccd_t)
 corenet_udp_sendrecv_all_ports(distccd_t)
 corenet_tcp_bind_all_nodes(distccd_t)
 corenet_udp_bind_all_nodes(distccd_t)
-corenet_tcp_bind_distcc_port(distccd_t)
+corenet_tcp_bind_distccd_port(distccd_t)

 dev_read_sysfs(distccd_t)

--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@ -91,6 +91,10 @@ logging_send_syslog_msg(getty_t)

 miscfiles_read_localization(getty_t)

+optional_policy(`nscd.te',`
+	nscd_use_socket(getty_t)
+')
+
 optional_policy(`ppp.te',`
 	ppp_domtrans(getty_t)
 ')