Patch for misc fixes to nis ypxfr policy from Dan Walsh.

2007-02-23 19:52:52 +00:00 · 2007-02-23 19:52:52 +00:00 · 4685213857
commit 4685213857
parent aeb54c6dd0
2 changed files with 17 additions and 3 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
 - Patch for misc fixes to nis ypxfr policy from Dan Walsh.
 - Patch to allow apmd to telinit from Dan Walsh.
 - Patch for additional labeling of samba files from Stefan Schulze
  Frielinghaus.
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@ -1,5 +1,5 @@
-policy_module(nis,1.3.1)
+policy_module(nis,1.3.2)
 ########################################
 #
@ -325,15 +325,17 @@ optional_policy(`
 #
 allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
-allow ypxfr_t self:tcp_socket connected_socket_perms;
+allow ypxfr_t self:unix_dgram_socket create_stream_socket_perms;
 allow ypxfr_t self:tcp_socket create_stream_socket_perms;
 allow ypxfr_t self:udp_socket create_socket_perms;
 allow ypxfr_t self:netlink_route_socket r_netlink_socket_perms;
 manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t)
 allow ypxfr_t ypserv_t:tcp_socket { read write };
 allow ypxfr_t ypserv_t:udp_socket { read write };
-read_files_pattern(ypxfr_t,var_yp_t,var_yp_t)
+allow ypxfr_t ypserv_conf_t:file { getattr read };
 corenet_non_ipsec_sendrecv(ypxfr_t)
 corenet_tcp_sendrecv_all_if(ypxfr_t)
@ -355,7 +357,18 @@ corenet_sendrecv_all_client_packets(ypxfr_t)
 files_read_etc_files(ypxfr_t)
 files_search_usr(ypxfr_t)
 init_use_fds(ypxfr_t)
 libs_use_shared_libs(ypxfr_t)
 libs_use_ld_so(ypxfr_t)
 logging_send_syslog_msg(ypxfr_t)
 miscfiles_read_localization(ypxfr_t)
 sysnet_read_config(ypxfr_t)
 ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_ttys(ypxfr_t)
 	term_dontaudit_use_generic_ptys(ypxfr_t)
 ')