Allow mozilla_plugin to create nsplugin_home_t directories

Allow hugetlbfs_t to be on device_t file system Fix for ajaxterm policy Fix type in dbus_delete_pid_files Change openvpn to only allow search of users home dir
2010-09-09 09:55:31 -04:00 · 2010-09-09 09:55:31 -04:00 · da07333345
commit da07333345
parent 5f5963be01
6 changed files with 23 additions and 3 deletions
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@ -355,6 +355,7 @@ optional_policy(`
 optional_policy(`
 	nsplugin_domtrans(mozilla_plugin_t)
 	nsplugin_rw_exec(mozilla_plugin_t)
+	nsplugin_manage_home_dirs(mozilla_plugin_t)
 	nsplugin_manage_home_files(mozilla_plugin_t)
 ')

--- a/policy/modules/apps/nsplugin.if
+++ b/policy/modules/apps/nsplugin.if
@ -282,6 +282,24 @@ interface(`nsplugin_manage_home_files',`
 	manage_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
 ')

+########################################
+## <summary>
+##	manage nnsplugin home dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`nsplugin_manage_home_dirs',`
+	gen_require(`
+		type nsplugin_home_t;
+	')
+
+	manage_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
+')
+
 ########################################
 ## <summary>
 ##	Allow attempts to read and write to
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@ -102,6 +102,7 @@ type hugetlbfs_t;
 fs_type(hugetlbfs_t)
 files_mountpoint(hugetlbfs_t)
 fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
+dev_associate_sysfs(hugetlbfs_t)

 type ibmasmfs_t;
 fs_type(ibmasmfs_t)
--- a/policy/modules/services/ajaxterm.te
+++ b/policy/modules/services/ajaxterm.te
@ -30,7 +30,7 @@ allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
 allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
 allow ajaxterm_t self:tcp_socket create_stream_socket_perms;

-allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom;
+allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
 term_create_pty(ajaxterm_t, ajaxterm_devpts_t)

 manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@ -516,7 +516,7 @@ interface(`dbus_unconfined',`
 #
 interface(`dbus_delete_pid_files',`
 	gen_require(`
-		type dbus_var_run_t;
+		type system_dbusd_var_run_t;
 	')

 	delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@ -125,7 +125,7 @@ userdom_read_home_certs(openvpn_t)
 userdom_attach_admin_tun_iface(openvpn_t)

 tunable_policy(`openvpn_enable_homedirs',`
-	userdom_read_user_home_content_files(openvpn_t)
+	userdom_search_user_home_dirs(openvpn_t)
 ')

 tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`