[389-devel] commit: changed selinux policy to support fifos (named pipes)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To ssh://git.fedorahosted.org/git/389/ds.git
  c177c34..b2e2a3f  master -> master

commit b2e2a3f5294707e1ccf2b25fd281ce3653dac819
Author: Nathan Kinder <nkinder@xxxxxxxxxx>
Date:   Mon Nov 23 09:48:50 2009 -0800

   Allow dirsrv_t to log to a fifo in SELinux policy.
This patch changes the SELinux dirsrv policy to allow ns-slapd to 
   log to a fifo file.
   Author: nkinder (Thanks!)
   Tested on RHEL5 i386

diff --git a/selinux/dirsrv.if b/selinux/dirsrv.if
index 80b478f..b8e1a7f 100644
--- a/selinux/dirsrv.if
+++ b/selinux/dirsrv.if
@@ -77,6 +77,7 @@ interface(`dirsrv_manage_log',`

       allow $1 dirsrv_var_log_t:dir manage_dir_perms;
       allow $1 dirsrv_var_log_t:file manage_file_perms;
+       allow $1 dirsrv_var_log_t:fifo_file: manage_fifo_file_perms;
')

#######################################
diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index 60901f2..ef09fb2 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -105,6 +105,7 @@ files_var_lib_filetrans(dirsrv_t,dirsrv_var_lib_t, { file dir sock_file }) 

# log files
manage_files_pattern(dirsrv_t, dirsrv_var_log_t, dirsrv_var_log_t)
+manage_fifo_files_pattern(dirsrv_t, dirsrv_var_log_t, dirsrv_var_log_t)
allow dirsrv_t dirsrv_var_log_t:dir { setattr };
logging_log_filetrans(dirsrv_t,dirsrv_var_log_t,{ sock_file file dir })

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
389-devel mailing list
389-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux