a few TODO fixes, and deprecate mount_send_nfs_client_request().

2006-07-05 19:15:23 +00:00 · 2006-07-05 19:15:23 +00:00 · f35fed5eef
commit f35fed5eef
parent 2cc4072ca6
33 changed files with 45 additions and 165 deletions
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@ -1,5 +1,5 @@
-policy_module(amanda,1.3.3)
+policy_module(amanda,1.3.4)
 #######################################
 #
@ -248,10 +248,6 @@ sysnet_read_config(amanda_recover_t)
 userdom_search_sysadm_home_content_dirs(amanda_recover_t)
 optional_policy(`
 	mount_send_nfs_client_request(amanda_recover_t)
 ')
 optional_policy(`
 	nis_use_ypbind(amanda_recover_t)
 ')
--- a/refpolicy/policy/modules/admin/dpkg.te
+++ b/refpolicy/policy/modules/admin/dpkg.te
@ -1,5 +1,5 @@
-policy_module(dpkg,1.0.2)
+policy_module(dpkg,1.0.3)
 ########################################
 #
@ -181,10 +181,6 @@ ifdef(`targeted_policy',`
 #	cron_system_entry(dpkg_t,dpkg_exec_t)
 #')
 optional_policy(`
 	mount_send_nfs_client_request(dpkg_t)
 ')
 optional_policy(`
 	nis_use_ypbind(dpkg_t)
 ')
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@ -1,5 +1,5 @@
-policy_module(rpm,1.3.8)
+policy_module(rpm,1.3.9)
 ########################################
 #
@ -190,10 +190,6 @@ optional_policy(`
 	cron_system_entry(rpm_t,rpm_exec_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(rpm_t)
 ')
 optional_policy(`
 	nis_use_ypbind(rpm_t)
 ')
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@ -1,5 +1,5 @@
-policy_module(vpn,1.2.2)
+policy_module(vpn,1.2.3)
 ########################################
 #
@ -112,10 +112,6 @@ optional_policy(`
 	')
 ')
 optional_policy(`
        mount_send_nfs_client_request(vpnc_t)
 ')
 optional_policy(`
        nis_use_ypbind(vpnc_t)
 ')
--- a/refpolicy/policy/modules/apps/uml.if
+++ b/refpolicy/policy/modules/apps/uml.if
@ -184,10 +184,6 @@ template(`uml_per_userdomain_template',`
 	userdom_use_user_terminals($1,$1_uml_t)
 	optional_policy(`
 		mount_send_nfs_client_request($1_uml_t)
 	')
 	optional_policy(`
 		nis_use_ypbind($1_uml_t)
 	')
--- a/refpolicy/policy/modules/apps/uml.te
+++ b/refpolicy/policy/modules/apps/uml.te
@ -1,5 +1,5 @@
-policy_module(uml,1.0.1)
+policy_module(uml,1.0.2)
 ########################################
 #
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@ -1,5 +1,5 @@
-policy_module(kernel,1.3.12)
+policy_module(kernel,1.3.13)
 ########################################
 #
@ -273,7 +273,7 @@ optional_policy(`
 ')
 optional_policy(`
-	portmap_udp_send(kernel_t)
+	portmap_udp_chat(kernel_t)
 ')
 optional_policy(`
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@ -1,5 +1,5 @@
-policy_module(bind,1.1.5)
+policy_module(bind,1.1.6)
 ########################################
 #
@ -182,10 +182,6 @@ optional_policy(`
 	')
 ')
 optional_policy(`
 	mount_send_nfs_client_request(named_t)
 ')
 optional_policy(`
 	# this seems like fds that arent being
 	# closed.  these should probably be
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@ -1,5 +1,5 @@
-policy_module(cyrus,1.1.2)
+policy_module(cyrus,1.1.3)
 ########################################
 #
@ -122,10 +122,6 @@ optional_policy(`
 	cron_system_entry(cyrus_t,cyrus_exec_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(cyrus_t)
 ')
 optional_policy(`
 	nis_use_ypbind(cyrus_t)
 ')
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@ -166,10 +166,9 @@ template(`dbus_per_userdomain_template',`
 		nscd_socket_use($1_dbusd_t)
 	')
-	ifdef(`TODO',`
+	optional_policy(`
-	ifdef(`xdm.te', `
+		xserver_use_xdm_fds($1_dbusd_t)
-	can_pipe_xdm($1_dbusd_t)
+		xserver_rw_xdm_pipes($1_dbusd_t)
 	')
 	')
 ')
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@ -1,5 +1,5 @@
-policy_module(dbus,1.2.5)
+policy_module(dbus,1.2.6)
 gen_require(`
 	class dbus { send_msg acquire_svc };
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@ -1,5 +1,5 @@
-policy_module(dhcp,1.1.1)
+policy_module(dhcp,1.1.2)
 ########################################
 #
@ -123,10 +123,6 @@ optional_policy(`
 	bind_read_dnssec_keys(dhcpd_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(dhcpd_t)
 ')
 optional_policy(`
 	nis_use_ypbind(dhcpd_t)
 ')
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@ -1,5 +1,5 @@
-policy_module(i18n_input,1.1.2)
+policy_module(i18n_input,1.1.3)
 ########################################
 #
@ -105,10 +105,6 @@ optional_policy(`
 	canna_stream_connect(i18n_input_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(i18n_input_t)
 ')
 optional_policy(`
 	nis_use_ypbind(i18n_input_t)
 ')
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@ -1,5 +1,5 @@
-policy_module(inetd,1.1.3)
+policy_module(inetd,1.1.4)
 ########################################
 #
@ -145,10 +145,6 @@ optional_policy(`
 	amanda_search_lib(inetd_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(inetd_t)
 ')
 # Communicate with the portmapper.
 optional_policy(`
 	portmap_udp_send(inetd_t)
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@ -1,5 +1,5 @@
-policy_module(inn,1.1.2)
+policy_module(inn,1.1.3)
 ########################################
 #
@ -129,10 +129,6 @@ optional_policy(`
 	hostname_exec(innd_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(innd_t)
 ')
 optional_policy(`
 	nis_use_ypbind(innd_t)
 ')
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@ -86,10 +86,6 @@ template(`mailman_domain_template', `
 	sysnet_read_config(mailman_$1_t)
 	optional_policy(`
 		mount_send_nfs_client_request(mailman_$1_t)
 	')
 	optional_policy(`
 		nis_use_ypbind(mailman_$1_t)
 	')
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@ -1,5 +1,5 @@
-policy_module(mailman,1.1.4)
+policy_module(mailman,1.1.5)
 ########################################
 #
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@ -1,5 +1,5 @@
-policy_module(mysql,1.2.4)
+policy_module(mysql,1.2.5)
 ########################################
 #
@ -123,10 +123,6 @@ optional_policy(`
 	daemontools_service_domain(mysqld_t, mysqld_exec_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(mysqld_t)
 ')
 optional_policy(`
 	nis_use_ypbind(mysqld_t)
 ')
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@ -1,5 +1,5 @@
-policy_module(networkmanager,1.3.5)
+policy_module(networkmanager,1.3.6)
 ########################################
 #
@ -148,10 +148,6 @@ optional_policy(`
 	howl_signal(NetworkManager_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(NetworkManager_t)
 ')
 optional_policy(`
 	nis_use_ypbind(NetworkManager_t)
 ')
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@ -1,5 +1,5 @@
-policy_module(nis,1.1.4)
+policy_module(nis,1.1.5)
 ########################################
 #
@ -128,10 +128,6 @@ ifdef(`targeted_policy', `
 	files_dontaudit_read_root_files(ypbind_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(ypbind_t)
 ')
 optional_policy(`
 	seutil_sigchld_newrole(ypbind_t)
 ')
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@ -1,5 +1,5 @@
-policy_module(ntp,1.1.3)
+policy_module(ntp,1.1.4)
 ########################################
 #
@ -138,10 +138,6 @@ optional_policy(`
 	logrotate_exec(ntpd_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(ntpd_t)
 ')
 optional_policy(`
 	nis_use_ypbind(ntpd_t)
 ')
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@ -1,5 +1,5 @@
-policy_module(portmap,1.2.3)
+policy_module(portmap,1.2.4)
 ########################################
 #
@ -107,10 +107,6 @@ optional_policy(`
 	inetd_udp_send(portmap_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(portmap_t)
 ')
 optional_policy(`
 	nis_use_ypbind(portmap_t)
 	nis_udp_send_ypbind(portmap_t)
@ -132,25 +128,6 @@ optional_policy(`
 	udev_read_db(portmap_t)
 ')
 ifdef(`TODO',`
 ifdef(`rpcd.te',`can_udp_send(portmap_t, rpcd_t)')
 allow portmap_t rpcd_t:udp_socket sendto;
 allow rpcd_t portmap_t:udp_socket recvfrom;
 ifdef(`lpd.te',`can_udp_send(portmap_t, lpd_t)')
 allow portmap_t lpd_t:udp_socket sendto;
 allow lpd_t portmap_t:udp_socket recvfrom;
 can_udp_send(portmap_t, kernel_t)
 allow portmap_t kernel_t:udp_socket sendto;
 allow kernel_t portmap_t:udp_socket recvfrom;
 can_udp_send(kernel_t, portmap_t)
 allow kernel_t portmap_t:udp_socket sendto;
 allow portmap_t kernel_t:udp_socket recvfrom;
 ') dnl end TODO
 ########################################
 #
 # Portmap helper local policy
@ -202,10 +179,6 @@ ifdef(`targeted_policy', `
 	term_dontaudit_use_generic_ptys(portmap_helper_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(portmap_helper_t)
 ')
 optional_policy(`
 	nis_use_ypbind(portmap_helper_t)
 ')
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@ -1,5 +1,5 @@
-policy_module(postfix,1.2.8)
+policy_module(postfix,1.2.9)
 ########################################
 #
@ -180,10 +180,6 @@ optional_policy(`
 	mailman_manage_data_files(postfix_master_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(postfix_master_t)
 ')
 optional_policy(`
 	nis_use_ypbind(postfix_master_t)
 ')
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@ -1,5 +1,5 @@
-policy_module(postgresql,1.1.1)
+policy_module(postgresql,1.1.2)
 #################################
 #
@ -169,10 +169,6 @@ optional_policy(`
 	kerberos_use(postgresql_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(postgresql_t)
 ')
 optional_policy(`
 	nis_use_ypbind(postgresql_t)
 ')
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@ -1,5 +1,5 @@
-policy_module(privoxy,1.1.3)
+policy_module(privoxy,1.1.4)
 ########################################
 #
@ -92,10 +92,6 @@ ifdef(`targeted_policy',`
 	files_dontaudit_read_root_files(privoxy_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(privoxy_t)
 ')
 optional_policy(`
 	nis_use_ypbind(privoxy_t)
 ')
--- a/refpolicy/policy/modules/services/roundup.te
+++ b/refpolicy/policy/modules/services/roundup.te
@ -1,5 +1,5 @@
-policy_module(roundup,1.0.1)
+policy_module(roundup,1.0.2)
 ########################################
 #
@ -95,10 +95,6 @@ ifdef(`targeted_policy',`
 	term_dontaudit_use_generic_ptys(roundup_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(roundup_t)
 ')
 optional_policy(`
 	mysql_stream_connect(roundup_t)
 	mysql_search_db(roundup_t)
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@ -103,10 +103,6 @@ template(`rpc_domain_template', `
 		files_dontaudit_read_root_files($1_t)
 	')
 	optional_policy(`
 		mount_send_nfs_client_request($1_t)
 	')
 	optional_policy(`
 		nis_use_ypbind($1_t)
 	')
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@ -1,5 +1,5 @@
-policy_module(rpc,1.2.8)
+policy_module(rpc,1.2.9)
 ########################################
 #
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@ -1,5 +1,5 @@
-policy_module(samba,1.2.7)
+policy_module(samba,1.2.8)
 #################################
 #
@ -283,8 +283,6 @@ logging_send_syslog_msg(smbd_t)
 miscfiles_read_localization(smbd_t)
 miscfiles_read_public_files(smbd_t)
 mount_send_nfs_client_request(smbd_t)
 sysnet_read_config(smbd_t)
 userdom_dontaudit_search_sysadm_home_dirs(smbd_t)
@ -507,7 +505,6 @@ files_read_etc_files(smbmount_t)
 miscfiles_read_localization(smbmount_t)
 mount_use_fds(smbmount_t)
 mount_send_nfs_client_request(smbmount_t)
 libs_use_ld_so(smbmount_t)
 libs_use_shared_libs(smbmount_t)
@ -725,10 +722,6 @@ optional_policy(`
 	kerberos_use(winbind_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(winbind_t)
 ')
 optional_policy(`
 	nscd_socket_use(winbind_t)
 ')
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@ -1,5 +1,5 @@
-policy_module(squid,1.1.1)
+policy_module(squid,1.1.2)
 ########################################
 #
@ -154,10 +154,6 @@ optional_policy(`
 	cron_write_system_job_pipes(squid_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(squid_t)
 ')
 optional_policy(`
 	nis_use_ypbind(squid_t)
 ')
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@ -1,5 +1,5 @@
-policy_module(lvm,1.3.3)
+policy_module(lvm,1.3.4)
 ########################################
 #
@ -110,10 +110,6 @@ ifdef(`targeted_policy', `
 	files_dontaudit_read_root_files(clvmd_t)
 ')
 optional_policy(`
 	mount_send_nfs_client_request(clvmd_t)
 ')
 optional_policy(`
 	nis_use_ypbind(clvmd_t)
 ')
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@ -99,18 +99,25 @@ interface(`mount_use_fds',`
 ##	Allow the mount domain to send nfs requests for mounting
 ##	network drives
 ## </summary>
 ## <desc>
 ##	<p>
 ##	Allow the mount domain to send nfs requests for mounting
 ##	network drives
 ##	</p>
 ##	<p>
 ##	This interface has been deprecated as these rules were
 ##	a side effect of leaked mount file descriptors.  This
 ##	interface has no effect.
 ##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`mount_send_nfs_client_request',`
-	gen_require(`
+	errprint(__file__:__line__:` $0($*) has been deprecated.'__endline__)
 		type mount_t;
 	')
 	allow $1 mount_t:udp_socket rw_socket_perms;
 ')
 ########################################
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@ -1,5 +1,5 @@
-policy_module(mount,1.3.7)
+policy_module(mount,1.3.8)
 ########################################
 #