From c5561c777d1f2e5212b3c4202f90f22a86a98e89 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 6 Mar 2007 15:35:02 +0000
Subject: [PATCH] patches for lvm and ricci fixes from Dan Walsh.

---
 Changelog                        |  2 ++
 policy/modules/services/ricci.te |  7 ++++---
 policy/modules/system/lvm.if     | 23 ++++++++++++++++++++++-
 policy/modules/system/lvm.te     |  4 +++-
 4 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/Changelog b/Changelog
index c92f63ef..482a5318 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Patch for lvm fixes from Dan Walsh.
+- Patch for ricci fixes from Dan Walsh.
 - Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
 - Patch for kerberized telnet fixes from Dan Walsh.
 - Patch for kerberized ftp and other ftp fixes from Dan Walsh.
diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te
index 9ff934b4..19ca5157 100644
--- a/policy/modules/services/ricci.te
+++ b/policy/modules/services/ricci.te
@@ -1,5 +1,5 @@
 
-policy_module(ricci,1.0.1)
+policy_module(ricci,1.0.2)
 
 ########################################
 #
@@ -486,18 +486,19 @@ libs_use_shared_libs(ricci_modstorage_t)
 logging_send_syslog_msg(ricci_modstorage_t)
 
 lvm_domtrans(ricci_modstorage_t)
-lvm_read_config(ricci_modstorage_t)
+lvm_manage_config(ricci_modstorage_t)
 
 miscfiles_read_localization(ricci_modstorage_t)
 
 modutils_read_module_deps(ricci_modstorage_t)
 
 optional_policy(`
+	ccs_stream_connect(ricci_modstorage_t)
 	ccs_read_config(ricci_modstorage_t)
 ')
 
 optional_policy(`
-	lvm_domtrans(ricci_modstorage_t)
+	nscd_socket_use(ricci_modstorage_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
index a4bd4f3c..515f94d8 100644
--- a/policy/modules/system/lvm.if
+++ b/policy/modules/system/lvm.if
@@ -63,10 +63,31 @@ interface(`lvm_run',`
 #
 interface(`lvm_read_config',`
 	gen_require(`
-		type lvm_t, lvm_etc_t;
+		type lvm_etc_t;
 	')
 
 	files_search_etc($1)
 	allow $1 lvm_etc_t:dir list_dir_perms;
 	read_files_pattern($1,lvm_etc_t,lvm_etc_t)
 ')
+
+########################################
+## <summary>
+##	Manage LVM configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`lvm_manage_config',`
+	gen_require(`
+		type lvm_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1,lvm_etc_t,lvm_etc_t)
+	manage_files_pattern($1,lvm_etc_t,lvm_etc_t)
+')
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 360df310..d4c508d3 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
 
-policy_module(lvm,1.5.1)
+policy_module(lvm,1.5.2)
 
 ########################################
 #
@@ -96,6 +96,7 @@ files_list_usr(clvmd_t)
 fs_getattr_all_fs(clvmd_t)
 fs_search_auto_mountpoints(clvmd_t)
 fs_dontaudit_list_tmpfs(clvmd_t)
+fs_dontaudit_read_removable_files(clvmd_t)
 
 storage_dontaudit_getattr_removable_dev(clvmd_t)
 
@@ -218,6 +219,7 @@ selinux_compute_relabel_context(lvm_t)
 selinux_compute_user_contexts(lvm_t)
 
 dev_create_generic_chr_files(lvm_t)
+dev_delete_generic_dirs(lvm_t)
 dev_read_rand(lvm_t)
 dev_read_urand(lvm_t)
 dev_rw_lvm_control(lvm_t)