From 45b56b01e8051dd4193d5894f5d00cca0d6cda08 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 19 Feb 2008 14:26:59 +0000 Subject: [PATCH] trunk: Backup update on Debian from Vaclav Ovsik. --- Changelog | 3 ++- policy/modules/admin/backup.fc | 6 ++++++ policy/modules/admin/backup.te | 5 +++-- policy/modules/admin/logrotate.fc | 1 - policy/modules/admin/logrotate.te | 2 +- 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Changelog b/Changelog index acaf3781..b1f79179 100644 --- a/Changelog +++ b/Changelog @@ -1,4 +1,5 @@ -- Cracklib update on Deban from Vaclav Ovsik. +- Backup update on Debian from Vaclav Ovsik. +- Cracklib update on Debian from Vaclav Ovsik. - Label /proc/kallsyms with system_map_t. - 64-bit capabilities from Stephen Smalley. - Labeled networking peer object class updates. diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc index b4671aec..223b7f20 100644 --- a/policy/modules/admin/backup.fc +++ b/policy/modules/admin/backup.fc @@ -4,4 +4,10 @@ # backup_store_t, Debian uses /var/backups #/usr/local/bin/backup-script -- gen_context(system_u:object_r:backup_exec_t,s0) + +ifdef(`distro_debian',` +/etc/cron.daily/aptitude -- gen_context(system_u:object_r:backup_exec_t,s0) +/etc/cron.daily/standard -- gen_context(system_u:object_r:backup_exec_t,s0) +') + /var/backups(/.*)? gen_context(system_u:object_r:backup_store_t,s0) diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te index b72d4d67..64c2be4d 100644 --- a/policy/modules/admin/backup.te +++ b/policy/modules/admin/backup.te @@ -1,5 +1,5 @@ -policy_module(backup,1.2.0) +policy_module(backup,1.2.1) ######################################## # @@ -27,7 +27,7 @@ allow backup_t self:tcp_socket create_socket_perms; allow backup_t self:udp_socket create_socket_perms; allow backup_t backup_store_t:file setattr; -create_files_pattern(backup_t,backup_store_t,backup_store_t) +manage_files_pattern(backup_t,backup_store_t,backup_store_t) rw_files_pattern(backup_t,backup_store_t,backup_store_t) read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t) @@ -35,6 +35,7 @@ kernel_read_system_state(backup_t) kernel_read_kernel_sysctls(backup_t) corecmd_exec_bin(backup_t) +corecmd_exec_shell(backup_t) corenet_all_recvfrom_unlabeled(backup_t) corenet_all_recvfrom_netlabel(backup_t) diff --git a/policy/modules/admin/logrotate.fc b/policy/modules/admin/logrotate.fc index e058a17e..36c8de7f 100644 --- a/policy/modules/admin/logrotate.fc +++ b/policy/modules/admin/logrotate.fc @@ -3,7 +3,6 @@ /usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0) ifdef(`distro_debian', ` -/usr/bin/savelog -- gen_context(system_u:object_r:logrotate_exec_t,s0) /var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0) ', ` /var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0) diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te index e2742d26..5b11e37a 100644 --- a/policy/modules/admin/logrotate.te +++ b/policy/modules/admin/logrotate.te @@ -1,5 +1,5 @@ -policy_module(logrotate,1.7.0) +policy_module(logrotate,1.7.1) ######################################## #