The attached patch updates the (unused) dcc policy to work with the
changes in the FC strict/1.23.10-2 policy. It also makes a couple of
tweaks to the policy
David
Index: domains/program/unused/dcc.te
===================================================================
RCS file: /home/cvs/starfury/etc/selinux/strict/src/policy/domains/program/unused/dcc.te,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 dcc.te
--- domains/program/unused/dcc.te 6 Apr 2005 22:35:54 -0000 1.1.1.1
+++ domains/program/unused/dcc.te 13 Apr 2005 21:33:36 -0000
@@ -53,6 +53,8 @@
dontaudit $1_t root_t:file read;
')
+allow initrc_t dcc_var_run_t:dir rw_dir_perms;
+
##########
##########
@@ -66,7 +68,6 @@
# Runs the dbclean program
allow dccd_t bin_t:dir search;
domain_auto_trans(dccd_t, dcc_dbclean_exec_t, dcc_dbclean_t)
-#can_exec(dccd_t, dcc_dbclean_t)
# The daemon needs to listen on the dcc ports
allow dccd_t dcc_port_t:udp_socket name_bind;
@@ -124,6 +125,9 @@
type dccifd_sock_t, file_type, sysadmfile;
file_type_auto_trans(dccifd_t, dcc_var_t, dccifd_sock_t, sock_file)
+# Reading /proc/meminfo
+allow dccifd_t proc_t:file { getattr read };
+
#
# dccm - sendmail milter client
@@ -170,6 +174,7 @@
# dbclean - database cleanup tool
#
application_domain(dcc_dbclean, `, nscd_client_domain')
+role system_r types dcc_dbclean_t;
dcc_common(dcc_dbclean)
# Updating various files.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
