rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk: Logrotate and Bind updates from Vaclav Ovsik.

This commit is contained in:
Chris PeBenito 2008-09-03 14:12:56 +00:00
parent 6cc3f35635
commit e40fa634b2
6 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog
View File

@ -1,3 +1,4 @@
- Logrotate and Bind updates from Vaclav Ovsik.
- Init script file and domain support. - Init script file and domain support.
- Glibc 2.7 fix from Vaclav Ovsik. - Glibc 2.7 fix from Vaclav Ovsik.
- Samba/winbind update from Mike Edenfield. - Samba/winbind update from Mike Edenfield.

5
policy/modules/admin/logrotate.te
View File

@ -1,5 +1,5 @@
policy_module(logrotate, 1.9.1) policy_module(logrotate, 1.9.2)
######################################## ########################################
# #
@ -133,6 +133,9 @@ ifdef(`distro_debian', `
# for syslogd-listfiles # for syslogd-listfiles
logging_read_syslog_config(logrotate_t) logging_read_syslog_config(logrotate_t)
# for "test -x /sbin/syslogd"
logging_check_exec_syslog(logrotate_t)
') ')
optional_policy(` optional_policy(`

2
policy/modules/services/bind.fc
View File

@ -15,6 +15,8 @@
ifdef(`distro_debian',` ifdef(`distro_debian',`
/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0) /etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
/etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0) /etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/bind/named\.conf\.local -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/bind/named\.conf\.options -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) /etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
/var/cache/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0) /var/cache/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
') ')

2
policy/modules/services/bind.te
View File

@ -1,5 +1,5 @@
policy_module(bind, 1.7.0) policy_module(bind, 1.7.1)
######################################## ########################################
# #

20
policy/modules/system/logging.if
View File

@ -366,6 +366,26 @@ interface(`logging_domtrans_klog',`
domtrans_pattern($1,klogd_exec_t,klogd_t) domtrans_pattern($1,klogd_exec_t,klogd_t)
') ')
########################################
## <summary>
## Check if syslogd is executable.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`logging_check_exec_syslog',`
gen_require(`
syslogd_exec_t;
')
corecmd_list_bin($1)
corecmd_read_bin_symlinks($1)
allow $1 syslogd_exec_t:file execute;
')
######################################## ########################################
## <summary> ## <summary>
## Execute syslogd in the syslog domain. ## Execute syslogd in the syslog domain.

2
policy/modules/system/logging.te
View File

@ -1,5 +1,5 @@
policy_module(logging, 1.11.2) policy_module(logging, 1.11.3)
######################################## ########################################
# #