From 3b0a9c74bb6e9728673e889b55e0503c900e66a7 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Wed, 15 Sep 2010 16:50:07 +0200 Subject: [PATCH] Allow iscsid to manage tgtd semaphores --- policy/modules/services/tgtd.if | 18 ++++++++++++++++++ policy/modules/services/tgtd.te | 4 +++- policy/modules/system/iscsi.te | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if index b113b410..74beaaa5 100644 --- a/policy/modules/services/tgtd.if +++ b/policy/modules/services/tgtd.if @@ -26,3 +26,21 @@ interface(`tgtd_rw_semaphores',` allow $1 tgtd_t:sem rw_sem_perms; ') + +###################################### +## +## Manage tgtd sempaphores. +## +## +## +## Domain allowed access. +## +## +# +interface(`tgtd_manage_semaphores',` + gen_require(` + type tgtd_t; + ') + + allow $1 tgtd_t:sem create_sem_perms; +') diff --git a/policy/modules/services/tgtd.te b/policy/modules/services/tgtd.te index debff69b..108631e1 100644 --- a/policy/modules/services/tgtd.te +++ b/policy/modules/services/tgtd.te @@ -67,4 +67,6 @@ logging_send_syslog_msg(tgtd_t) miscfiles_read_localization(tgtd_t) -iscsi_manage_semaphores(tgtd_t) +optional_policy(` + iscsi_manage_semaphores(tgtd_t) +') diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te index 0787687e..3ab3a47e 100644 --- a/policy/modules/system/iscsi.te +++ b/policy/modules/system/iscsi.te @@ -93,5 +93,5 @@ logging_send_syslog_msg(iscsid_t) miscfiles_read_localization(iscsid_t) optional_policy(` - tgtd_rw_semaphores(iscsid_t) + tgtd_manage_semaphores(iscsid_t) ')