dnsmasq patch from dan.

2009-07-20 15:40:57 -04:00 · 2009-07-20 15:40:57 -04:00 · 8f17f7c2ee
commit 8f17f7c2ee
parent 93d300831d
2 changed files with 25 additions and 3 deletions
--- a/policy/modules/services/dnsmasq.if
+++ b/policy/modules/services/dnsmasq.if
@ -20,6 +20,25 @@ interface(`dnsmasq_domtrans',`
 	domtrans_pattern($1, dnsmasq_exec_t, dnsmasq_t)
 ')

+########################################
+## <summary>
+##	Execute the dnsmasq init script in the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+interface(`dnsmasq_initrc_domtrans',`
+	gen_require(`
+		type dnsmasq_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
+')
+
 ########################################
 ## <summary>
 ##	Send dnsmasq a signal
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@ -1,5 +1,5 @@

-policy_module(dnsmasq, 1.7.2)
+policy_module(dnsmasq, 1.7.3)

 ########################################
 #
@ -42,8 +42,7 @@ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
 files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)

 kernel_read_kernel_sysctls(dnsmasq_t)
-kernel_list_proc(dnsmasq_t)
-kernel_read_proc_symlinks(dnsmasq_t)
+kernel_read_system_state(dnsmasq_t)

 corenet_all_recvfrom_unlabeled(dnsmasq_t)
 corenet_all_recvfrom_netlabel(dnsmasq_t)
@ -87,6 +86,10 @@ optional_policy(`
 	seutil_sigchld_newrole(dnsmasq_t)
 ')

+optional_policy(`
+	tftp_read_content(dnsmasq_t)
+')
+
 optional_policy(`
 	udev_read_db(dnsmasq_t)
 ')