trunk: reorganize amanda and bind

2007-10-12 17:50:11 +00:00 · 2007-10-12 17:50:11 +00:00 · f48782758e
commit f48782758e
parent bc01b352f6
2 changed files with 19 additions and 20 deletions
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@ -112,8 +112,8 @@ kernel_read_kernel_sysctls(amanda_t)
 kernel_dontaudit_getattr_unlabeled_files(amanda_t)
 kernel_dontaudit_read_proc_symlinks(amanda_t)

-# Added for targeted policy
-term_use_unallocated_ttys(amanda_t)
+corecmd_exec_shell(amanda_t)
+corecmd_exec_bin(amanda_t)

 corenet_all_recvfrom_unlabeled(amanda_t)
 corenet_all_recvfrom_netlabel(amanda_t)
@ -132,11 +132,6 @@ corenet_tcp_bind_all_rpc_ports(amanda_t)
 dev_getattr_all_blk_files(amanda_t)
 dev_getattr_all_chr_files(amanda_t)

-fs_getattr_xattr_fs(amanda_t)
-fs_list_all(amanda_t)
-
-storage_raw_read_fixed_disk(amanda_t)
-
 files_read_etc_files(amanda_t)
 files_read_etc_runtime_files(amanda_t)
 files_list_all(amanda_t)
@ -147,8 +142,13 @@ files_read_all_chr_files(amanda_t)
 files_getattr_all_pipes(amanda_t)
 files_getattr_all_sockets(amanda_t)

-corecmd_exec_shell(amanda_t)
-corecmd_exec_bin(amanda_t)
+fs_getattr_xattr_fs(amanda_t)
+fs_list_all(amanda_t)
+
+storage_raw_read_fixed_disk(amanda_t)
+
+# Added for targeted policy
+term_use_unallocated_ttys(amanda_t)

 auth_use_nsswitch(amanda_t)
 auth_read_shadow(amanda_t)
@ -193,6 +193,9 @@ files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file
 kernel_read_system_state(amanda_recover_t)
 kernel_read_kernel_sysctls(amanda_recover_t)

+corecmd_exec_shell(amanda_recover_t)
+corecmd_exec_bin(amanda_recover_t)
+
 corenet_all_recvfrom_unlabeled(amanda_recover_t)
 corenet_all_recvfrom_netlabel(amanda_recover_t)
 corenet_tcp_sendrecv_all_if(amanda_recover_t)
@ -207,9 +210,6 @@ corenet_tcp_bind_reserved_port(amanda_recover_t)
 corenet_tcp_connect_amanda_port(amanda_recover_t)
 corenet_sendrecv_amanda_client_packets(amanda_recover_t)

-corecmd_exec_shell(amanda_recover_t)
-corecmd_exec_bin(amanda_recover_t)
-
 domain_use_interactive_fds(amanda_recover_t)

 files_read_etc_files(amanda_recover_t)
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@ -100,6 +100,8 @@ kernel_read_kernel_sysctls(named_t)
 kernel_read_system_state(named_t)
 kernel_read_network_state(named_t)

+corecmd_search_bin(named_t)
+
 corenet_all_recvfrom_unlabeled(named_t)
 corenet_all_recvfrom_netlabel(named_t)
 corenet_tcp_sendrecv_all_if(named_t)
@ -122,12 +124,6 @@ corenet_udp_bind_all_unreserved_ports(named_t)

 dev_read_sysfs(named_t)
 dev_read_rand(named_t)
-
-fs_getattr_all_fs(named_t)
-fs_search_auto_mountpoints(named_t)
-
-corecmd_search_bin(named_t)
-
 dev_read_urand(named_t)

 domain_use_interactive_fds(named_t)
@ -135,6 +131,9 @@ domain_use_interactive_fds(named_t)
 files_read_etc_files(named_t)
 files_read_etc_runtime_files(named_t)

+fs_getattr_all_fs(named_t)
+fs_search_auto_mountpoints(named_t)
+
 auth_use_nsswitch(named_t)

 libs_use_ld_so(named_t)
@ -232,13 +231,13 @@ corenet_tcp_sendrecv_all_ports(ndc_t)
 corenet_tcp_connect_rndc_port(ndc_t)
 corenet_sendrecv_rndc_client_packets(ndc_t)

-fs_getattr_xattr_fs(ndc_t)
-
 domain_use_interactive_fds(ndc_t)

 files_read_etc_files(ndc_t)
 files_search_pids(ndc_t)

+fs_getattr_xattr_fs(ndc_t)
+
 init_use_fds(ndc_t)
 init_use_script_ptys(ndc_t)