Fix typo

2013-07-26 17:16:36 +02:00 · 2013-07-26 17:16:36 +02:00 · 4c142c0a6c
commit 4c142c0a6c
parent 993bf37643
1 changed files with 66 additions and 45 deletions
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@ -13080,7 +13080,7 @@ index 3fe3cb8..b8e08c6 100644
 +	')
 ')
 diff --git a/condor.te b/condor.te
-index 3f2b672..8dee63d 100644
+index 3f2b672..95daaa7 100644
 --- a/condor.te
 +++ b/condor.te
@@ -46,6 +46,9 @@ files_lock_file(condor_var_lock_t)
@ -13111,7 +13111,14 @@ index 3f2b672..8dee63d 100644
 
 manage_dirs_pattern(condor_domain, condor_log_t, condor_log_t)
 append_files_pattern(condor_domain, condor_log_t, condor_log_t)
-@@ -91,8 +99,6 @@ kernel_read_system_state(condor_domain)
+@@ -86,13 +94,12 @@ allow condor_domain condor_master_t:tcp_socket getattr;
+ 
+ kernel_read_kernel_sysctls(condor_domain)
+ kernel_read_network_state(condor_domain)
+-kernel_read_system_state(condor_domain)
+
+
+ 
 corecmd_exec_bin(condor_domain)
 corecmd_exec_shell(condor_domain)
 
@ -13120,7 +13127,7 @@ index 3f2b672..8dee63d 100644
 corenet_tcp_sendrecv_generic_if(condor_domain)
 corenet_tcp_sendrecv_generic_node(condor_domain)
 
-@@ -106,9 +112,7 @@ dev_read_rand(condor_domain)
+@@ -106,9 +113,7 @@ dev_read_rand(condor_domain)
 dev_read_sysfs(condor_domain)
 dev_read_urand(condor_domain)
 
@ -13131,7 +13138,7 @@ index 3f2b672..8dee63d 100644
 
 tunable_policy(`condor_tcp_network_connect',`
 	corenet_sendrecv_all_client_packets(condor_domain)
-@@ -125,7 +129,7 @@ optional_policy(`
+@@ -125,7 +130,7 @@ optional_policy(`
 # Master local policy
 #
 
@ -13140,18 +13147,16 @@ index 3f2b672..8dee63d 100644
 
 allow condor_master_t condor_domain:process { sigkill signal };
 
-@@ -133,6 +137,10 @@ manage_dirs_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
+@@ -133,6 +138,8 @@ manage_dirs_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
 manage_files_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
 files_tmp_filetrans(condor_master_t, condor_master_tmp_t, { file dir })
 
 +can_exec(condor_master_t, condor_master_exec_t)
-+
-+kernel_read_system_state(condor_master_tmp_t)
 +
 corenet_udp_sendrecv_generic_if(condor_master_t)
 corenet_udp_sendrecv_generic_node(condor_master_t)
 corenet_tcp_bind_generic_node(condor_master_t)
-@@ -150,7 +158,7 @@ corenet_tcp_sendrecv_amqp_port(condor_master_t)
+@@ -150,7 +157,7 @@ corenet_tcp_sendrecv_amqp_port(condor_master_t)
 
 domain_read_all_domains_state(condor_master_t)
 
@ -13160,7 +13165,7 @@ index 3f2b672..8dee63d 100644
 
 optional_policy(`
 	mta_send_mail(condor_master_t)
-@@ -169,6 +177,8 @@ allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
+@@ -169,6 +176,8 @@ allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
 
 kernel_read_network_state(condor_collector_t)
 
@ -13169,7 +13174,7 @@ index 3f2b672..8dee63d 100644
 #####################################
 #
 # Negotiator local policy
-@@ -178,6 +188,8 @@ allow condor_negotiator_t self:capability { setuid setgid };
+@@ -178,6 +187,8 @@ allow condor_negotiator_t self:capability { setuid setgid };
 allow condor_negotiator_t condor_master_t:tcp_socket rw_stream_socket_perms;
 allow condor_negotiator_t condor_master_t:udp_socket getattr;
 
@ -13178,7 +13183,7 @@ index 3f2b672..8dee63d 100644
 ######################################
 #
 # Procd local policy
-@@ -201,6 +213,8 @@ allow condor_schedd_t condor_master_t:udp_socket getattr;
+@@ -201,6 +212,8 @@ allow condor_schedd_t condor_master_t:udp_socket getattr;
 
 allow condor_schedd_t condor_var_lock_t:dir manage_file_perms;
 
@ -13187,7 +13192,7 @@ index 3f2b672..8dee63d 100644
 domtrans_pattern(condor_schedd_t, condor_procd_exec_t, condor_procd_t)
 domtrans_pattern(condor_schedd_t, condor_startd_exec_t, condor_startd_t)
 
-@@ -209,6 +223,8 @@ manage_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
+@@ -209,6 +222,8 @@ manage_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
 relabel_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
 files_tmp_filetrans(condor_schedd_t, condor_schedd_tmp_t, { file dir })
 
@ -13196,7 +13201,7 @@ index 3f2b672..8dee63d 100644
 #####################################
 #
 # Startd local policy
-@@ -233,11 +249,10 @@ domain_read_all_domains_state(condor_startd_t)
+@@ -233,11 +248,10 @@ domain_read_all_domains_state(condor_startd_t)
 mcs_process_set_categories(condor_startd_t)
 
 init_domtrans_script(condor_startd_t)
@ -13209,7 +13214,7 @@ index 3f2b672..8dee63d 100644
 optional_policy(`
 	ssh_basic_client_template(condor_startd, condor_startd_t, system_r)
 	ssh_domtrans(condor_startd_t)
-@@ -249,3 +264,7 @@ optional_policy(`
+@@ -249,3 +263,7 @@ optional_policy(`
 		kerberos_use(condor_startd_ssh_t)
 	')
 ')
@ -52546,10 +52551,10 @@ index 96db654..ff3aadd 100644
 +	virt_rw_svirt_dev(pcscd_t)
 +')
 diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..0aaa891 100644
+index dfd46e4..6667b8a 100644
 --- a/pegasus.fc
 +++ b/pegasus.fc
-@@ -1,15 +1,24 @@
+@@ -1,15 +1,20 @@
 -/etc/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_conf_t,s0)
 +
 +/etc/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_conf_t,s0)
@ -52558,28 +52563,24 @@ index dfd46e4..0aaa891 100644
 -/etc/rc\.d/init\.d/tog-pegasus	--	gen_context(system_u:object_r:pegasus_initrc_exec_t,s0)
 +/usr/sbin/cimserver		--	gen_context(system_u:object_r:pegasus_exec_t,s0)
 +/usr/sbin/init_repository	-- 	gen_context(system_u:object_r:pegasus_exec_t,s0)
-+
+ 
+-/usr/sbin/cimserver	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
+-/usr/sbin/init_repository	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
 +/var/lib/Pegasus(/.*)?			gen_context(system_u:object_r:pegasus_data_t,s0)
-+
+ 
+-/var/cache/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_cache_t,s0)
 +/var/run/tog-pegasus(/.*)?		gen_context(system_u:object_r:pegasus_var_run_t,s0)
-+
+ 
+-/var/lib/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_data_t,s0)
 +/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
-+
+ 
+-/var/run/tog-pegasus(/.*)?	gen_context(system_u:object_r:pegasus_var_run_t,s0)
 +#openlmi agents
 +/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
 +/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
 +/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt --  gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt     --  gen_context(system_u:object_r:pegasus_openlmi_service_exec_t,s0)
 +/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt   --  gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
-+
- 
-/usr/sbin/cimserver	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
-/usr/sbin/init_repository	--	gen_context(system_u:object_r:pegasus_exec_t,s0)
- 
-/var/cache/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_cache_t,s0)
- 
-/var/lib/Pegasus(/.*)?	gen_context(system_u:object_r:pegasus_data_t,s0)
- 
-/var/run/tog-pegasus(/.*)?	gen_context(system_u:object_r:pegasus_var_run_t,s0)
 
 -/usr/share/Pegasus/mof(/.*)?/.*\.mof	gen_context(system_u:object_r:pegasus_mof_t,s0)
 diff --git a/pegasus.if b/pegasus.if
@ -52683,7 +52684,7 @@ index d2fc677..ded726f 100644
 ')
 +
 diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..193d6c3 100644
+index 7bcf327..71ab12b 100644
 --- a/pegasus.te
 +++ b/pegasus.te
@@ -1,17 +1,16 @@
@ -52707,7 +52708,7 @@ index 7bcf327..193d6c3 100644
 type pegasus_cache_t;
 files_type(pegasus_cache_t)
 
-@@ -30,20 +29,176 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,196 @@ files_type(pegasus_mof_t)
 type pegasus_var_run_t;
 files_pid_file(pegasus_var_run_t)
 
@ -52715,6 +52716,7 @@ index 7bcf327..193d6c3 100644
 +pegasus_openlmi_domain_template(account)
 +pegasus_openlmi_domain_template(logicalfile)
 +pegasus_openlmi_domain_template(networking)
+pegasus_openlmi_domain_template(service)
 +
 +pegasus_openlmi_domain_template(storage)
 +type pegasus_openlmi_storage_tmp_t;
@ -52734,8 +52736,6 @@ index 7bcf327..193d6c3 100644
 +list_dirs_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
 +rw_files_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
 +
-+kernel_read_system_state(pegasus_openlmi_domain)
-+
 +corecmd_exec_bin(pegasus_openlmi_domain)
 +corecmd_exec_shell(pegasus_openlmi_domain)
 +
@ -52832,6 +52832,27 @@ index 7bcf327..193d6c3 100644
 +
 +######################################
 +#
+# pegasus openlmi service local policy
+#
+
+
+init_disable_services(pegasus_openlmi_service_t)
+init_enable_services(pegasus_openlmi_service_t)
+init_reload_services(pegasus_openlmi_service_t)
+init_exec(pegasus_openlmi_service_t)
+
+systemd_config_all_services(pegasus_openlmi_service_t)
+systemd_manage_all_unit_files(pegasus_openlmi_service_t)
+systemd_manage_all_unit_lnk_files(pegasus_openlmi_service_t)
+
+allow pegasus_openlmi_service_t self:udp_socket create_socket_perms;
+
+optional_policy(`
+    dbus_system_bus_client(pegasus_openlmi_service_t)
+')
+
+######################################
+#
 +# pegasus openlmi storage local policy
 +#
 +
@ -52889,7 +52910,7 @@ index 7bcf327..193d6c3 100644
 allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
 
 manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +209,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +229,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
 manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
 manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
 manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@ -52920,7 +52941,7 @@ index 7bcf327..193d6c3 100644
 
 kernel_read_network_state(pegasus_t)
 kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +235,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +255,21 @@ kernel_read_net_sysctls(pegasus_t)
 kernel_read_xen_state(pegasus_t)
 kernel_write_xen_state(pegasus_t)
 
@ -52953,7 +52974,7 @@ index 7bcf327..193d6c3 100644
 
 corecmd_exec_bin(pegasus_t)
 corecmd_exec_shell(pegasus_t)
-@@ -114,6 +263,7 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,6 +283,7 @@ files_getattr_all_dirs(pegasus_t)
 
 auth_use_nsswitch(pegasus_t)
 auth_domtrans_chk_passwd(pegasus_t)
@ -52961,7 +52982,7 @@ index 7bcf327..193d6c3 100644
 
 domain_use_interactive_fds(pegasus_t)
 domain_read_all_domains_state(pegasus_t)
-@@ -128,18 +278,25 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +298,25 @@ init_stream_connect_script(pegasus_t)
 logging_send_audit_msgs(pegasus_t)
 logging_send_syslog_msg(pegasus_t)
 
@ -52979,21 +53000,21 @@ index 7bcf327..193d6c3 100644
 -	dbus_connect_system_bus(pegasus_t)
 +    dbus_system_bus_client(pegasus_t)
 +    dbus_connect_system_bus(pegasus_t)
- 
-	optional_policy(`
-		networkmanager_dbus_chat(pegasus_t)
-	')
+
 +    optional_policy(`
 +	networkmanager_dbus_chat(pegasus_t)
 +    ')
 +')
-+
+ 
+-	optional_policy(`
+-		networkmanager_dbus_chat(pegasus_t)
+-	')
 +optional_policy(`
 +	rhcs_stream_connect_cluster(pegasus_t)
 ')
 
 optional_policy(`
-@@ -151,16 +308,24 @@ optional_policy(`
+@@ -151,16 +328,24 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -53022,7 +53043,7 @@ index 7bcf327..193d6c3 100644
 ')
 
 optional_policy(`
-@@ -168,7 +333,7 @@ optional_policy(`
+@@ -168,7 +353,7 @@ optional_policy(`
 ')
 
 optional_policy(`