From 79ca728b5f7d2a259da7c4cacc5c89a0be0b7abd Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 5 Aug 2009 09:54:52 -0400 Subject: [PATCH] fix ordering of interface calls in fstools. --- policy/modules/system/fstools.te | 63 +++++++++++++++----------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te index 49083728..5feb739d 100644 --- a/policy/modules/system/fstools.te +++ b/policy/modules/system/fstools.te @@ -65,7 +65,13 @@ kernel_getattr_core_if(fsadm_t) kernel_rw_unlabeled_dirs(fsadm_t) kernel_rw_unlabeled_blk_files(fsadm_t) -files_getattr_boot_dirs(fsadm_t) +corecmd_exec_bin(fsadm_t) +#RedHat bug #201164 +corecmd_exec_shell(fsadm_t) +# cjp: these are probably not needed: +corecmd_read_bin_files(fsadm_t) +corecmd_read_bin_pipes(fsadm_t) +corecmd_read_bin_sockets(fsadm_t) dev_getattr_all_chr_files(fsadm_t) dev_dontaudit_getattr_all_blk_files(fsadm_t) @@ -86,40 +92,9 @@ dev_getattr_usbfs_dirs(fsadm_t) # Access to /dev/mapper/control dev_rw_lvm_control(fsadm_t) -fs_search_auto_mountpoints(fsadm_t) -fs_getattr_xattr_fs(fsadm_t) -fs_rw_ramfs_pipes(fsadm_t) -fs_rw_tmpfs_files(fsadm_t) -# remount file system to apply changes -fs_remount_xattr_fs(fsadm_t) -# for /dev/shm -fs_search_tmpfs(fsadm_t) -fs_getattr_tmpfs_dirs(fsadm_t) -fs_read_tmpfs_symlinks(fsadm_t) - -mls_file_read_all_levels(fsadm_t) -mls_file_write_all_levels(fsadm_t) - -storage_raw_read_fixed_disk(fsadm_t) -storage_raw_write_fixed_disk(fsadm_t) -storage_raw_read_removable_device(fsadm_t) -storage_raw_write_removable_device(fsadm_t) -storage_read_scsi_generic(fsadm_t) -storage_swapon_fixed_disk(fsadm_t) - -term_use_console(fsadm_t) - -corecmd_exec_bin(fsadm_t) -#RedHat bug #201164 -corecmd_exec_shell(fsadm_t) - -# cjp: these are probably not needed: -corecmd_read_bin_files(fsadm_t) -corecmd_read_bin_pipes(fsadm_t) -corecmd_read_bin_sockets(fsadm_t) - domain_use_interactive_fds(fsadm_t) +files_getattr_boot_dirs(fsadm_t) files_list_home(fsadm_t) files_read_usr_files(fsadm_t) files_read_etc_files(fsadm_t) @@ -133,11 +108,33 @@ files_rw_isid_type_dirs(fsadm_t) files_rw_isid_type_blk_files(fsadm_t) files_read_isid_type_files(fsadm_t) +fs_search_auto_mountpoints(fsadm_t) +fs_getattr_xattr_fs(fsadm_t) +fs_rw_ramfs_pipes(fsadm_t) +fs_rw_tmpfs_files(fsadm_t) +# remount file system to apply changes +fs_remount_xattr_fs(fsadm_t) +# for /dev/shm +fs_search_tmpfs(fsadm_t) +fs_getattr_tmpfs_dirs(fsadm_t) +fs_read_tmpfs_symlinks(fsadm_t) # Recreate /mnt/cdrom. files_manage_mnt_dirs(fsadm_t) # for tune2fs files_search_all(fsadm_t) +mls_file_read_all_levels(fsadm_t) +mls_file_write_all_levels(fsadm_t) + +storage_raw_read_fixed_disk(fsadm_t) +storage_raw_write_fixed_disk(fsadm_t) +storage_raw_read_removable_device(fsadm_t) +storage_raw_write_removable_device(fsadm_t) +storage_read_scsi_generic(fsadm_t) +storage_swapon_fixed_disk(fsadm_t) + +term_use_console(fsadm_t) + init_use_fds(fsadm_t) init_use_script_ptys(fsadm_t) init_dontaudit_getattr_initctl(fsadm_t)