add missing interface

This commit is contained in:
Chris PeBenito 2005-10-12 17:32:41 +00:00
parent be4690a5ae
commit 4c71994852
2 changed files with 21 additions and 21 deletions

View File

@ -360,6 +360,7 @@ optional_policy(`mta.te',`
optional_policy(`mysql.te',` optional_policy(`mysql.te',`
mysql_stream_connect(httpd_t) mysql_stream_connect(httpd_t)
mysql_rw_db_socket(httpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis.te',`
@ -389,16 +390,6 @@ allow httpd_t home_root_t:dir getattr;
dontaudit httpd_t sysadm_home_dir_t:dir getattr; dontaudit httpd_t sysadm_home_dir_t:dir getattr;
allow httpd_sys_script_t var_spool_t:dir getattr; allow httpd_sys_script_t var_spool_t:dir getattr;
optional_policy(`mysql.te',`
allow httpd_t mysqld_db_t:dir search;
allow httpd_t mysqld_db_t:sock_file rw_file_perms;
')
optional_policy(`mysql.te',`
allow httpd_sys_script_t mysqld_db_t:dir search;
allow httpd_sys_script_t mysqld_db_t:sock_file rw_file_perms;
')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
if (httpd_enable_homedirs) { if (httpd_enable_homedirs) {
allow httpd_t user_home_dir_t:dir { getattr search }; allow httpd_t user_home_dir_t:dir { getattr search };
@ -615,6 +606,7 @@ ifdef(`distro_redhat',`
optional_policy(`mysql.te',` optional_policy(`mysql.te',`
mysql_stream_connect(httpd_sys_script_t) mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_socket(httpd_sys_script_t)
') ')
######################################## ########################################

View File

@ -11,7 +11,6 @@
interface(`mysql_signal',` interface(`mysql_signal',`
gen_require(` gen_require(`
type mysqld_t; type mysqld_t;
class process signal;
') ')
allow $1 mysqld_t:process signal; allow $1 mysqld_t:process signal;
@ -28,9 +27,6 @@ interface(`mysql_signal',`
interface(`mysql_stream_connect',` interface(`mysql_stream_connect',`
gen_require(` gen_require(`
type mysqld_t, mysqld_var_run_t; type mysqld_t, mysqld_var_run_t;
class unix_stream_socket connectto;
class dir search;
class sock_file write;
') ')
allow $1 mysqld_var_run_t:dir search; allow $1 mysqld_var_run_t:dir search;
@ -49,9 +45,6 @@ interface(`mysql_stream_connect',`
interface(`mysql_read_config',` interface(`mysql_read_config',`
gen_require(` gen_require(`
type mysqld_etc_t; type mysqld_etc_t;
class dir { getattr read search };
class file { read getattr };
class lnk_file { getattr read };
') ')
allow $1 mysqld_etc_t:dir { getattr read search }; allow $1 mysqld_etc_t:dir { getattr read search };
@ -73,7 +66,6 @@ interface(`mysql_read_config',`
interface(`mysql_search_db_dir',` interface(`mysql_search_db_dir',`
gen_require(` gen_require(`
type mysqld_db_t; type mysqld_db_t;
class dir search;
') ')
files_search_var_lib($1) files_search_var_lib($1)
@ -91,7 +83,6 @@ interface(`mysql_search_db_dir',`
interface(`mysql_rw_db_dir',` interface(`mysql_rw_db_dir',`
gen_require(` gen_require(`
type mysqld_db_t; type mysqld_db_t;
class rw_dir_perms;
') ')
files_search_var_lib($1) files_search_var_lib($1)
@ -109,13 +100,31 @@ interface(`mysql_rw_db_dir',`
interface(`mysql_manage_db_dir',` interface(`mysql_manage_db_dir',`
gen_require(` gen_require(`
type mysql_db_t; type mysql_db_t;
class create_dir_perms;
') ')
files_search_var_lib($1) files_search_var_lib($1)
allow $1 mysqld_db_t:dir create_dir_perms; allow $1 mysqld_db_t:dir create_dir_perms;
') ')
########################################
## <summary>
## Read and write to the MySQL database
## named socket.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`mysql_rw_db_socket',`
gen_require(`
type mysqld_db_t;
')
files_search_var_lib($1)
allow $1 mysqld_db_t:dir search;
allow $1 mysqld_db_t:sock_file rw_file_perms;
')
######################################## ########################################
## <summary> ## <summary>
## Write to the MySQL log. ## Write to the MySQL log.
@ -127,7 +136,6 @@ interface(`mysql_manage_db_dir',`
interface(`mysql_write_log',` interface(`mysql_write_log',`
gen_require(` gen_require(`
type mysqld_log_t; type mysqld_log_t;
class file { write append setattr ioctl };
') ')
logging_search_logs($1) logging_search_logs($1)