patches for lvm and ricci fixes from Dan Walsh.

2007-03-06 15:35:02 +00:00 · 2007-03-06 15:35:02 +00:00 · c5561c777d
parent f2c69c47b3
commit c5561c777d
4 changed files with 31 additions and 5 deletions
--- a/2
+++ b/2
@ -1,3 +1,5 @@
+- Patch for lvm fixes from Dan Walsh.
+- Patch for ricci fixes from Dan Walsh.
 - Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
 - Patch for kerberized telnet fixes from Dan Walsh.
 - Patch for kerberized ftp and other ftp fixes from Dan Walsh.
--- a/policy/modules/services/ricci.te
+++ b/policy/modules/services/ricci.te
@ -1,5 +1,5 @@

-policy_module(ricci,1.0.1)
+policy_module(ricci,1.0.2)

 ########################################
 #
@ -486,18 +486,19 @@ libs_use_shared_libs(ricci_modstorage_t)
 logging_send_syslog_msg(ricci_modstorage_t)

 lvm_domtrans(ricci_modstorage_t)
-lvm_read_config(ricci_modstorage_t)
+lvm_manage_config(ricci_modstorage_t)

 miscfiles_read_localization(ricci_modstorage_t)

 modutils_read_module_deps(ricci_modstorage_t)

 optional_policy(`
+	ccs_stream_connect(ricci_modstorage_t)
 	ccs_read_config(ricci_modstorage_t)
 ')

 optional_policy(`
-	lvm_domtrans(ricci_modstorage_t)
+	nscd_socket_use(ricci_modstorage_t)
 ')

 optional_policy(`
--- a/policy/modules/system/lvm.if
+++ b/policy/modules/system/lvm.if
@ -63,10 +63,31 @@ interface(`lvm_run',`
 #
 interface(`lvm_read_config',`
 	gen_require(`
-		type lvm_t, lvm_etc_t;
+		type lvm_etc_t;
 	')

 	files_search_etc($1)
 	allow $1 lvm_etc_t:dir list_dir_perms;
 	read_files_pattern($1,lvm_etc_t,lvm_etc_t)
 ')
+
+########################################
+## <summary>
+##	Manage LVM configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`lvm_manage_config',`
+	gen_require(`
+		type lvm_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1,lvm_etc_t,lvm_etc_t)
+	manage_files_pattern($1,lvm_etc_t,lvm_etc_t)
+')
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@ -1,5 +1,5 @@

-policy_module(lvm,1.5.1)
+policy_module(lvm,1.5.2)

 ########################################
 #
@ -96,6 +96,7 @@ files_list_usr(clvmd_t)
 fs_getattr_all_fs(clvmd_t)
 fs_search_auto_mountpoints(clvmd_t)
 fs_dontaudit_list_tmpfs(clvmd_t)
+fs_dontaudit_read_removable_files(clvmd_t)

 storage_dontaudit_getattr_removable_dev(clvmd_t)

@ -218,6 +219,7 @@ selinux_compute_relabel_context(lvm_t)
 selinux_compute_user_contexts(lvm_t)

 dev_create_generic_chr_files(lvm_t)
+dev_delete_generic_dirs(lvm_t)
 dev_read_rand(lvm_t)
 dev_read_urand(lvm_t)
 dev_rw_lvm_control(lvm_t)