RH updates to the iscsi module, none of which seem controversial...
Index: refpolicy/policy/modules/system/iscsi.fc
===================================================================
--- refpolicy.orig/policy/modules/system/iscsi.fc 2008-07-19 19:15:43.000000000 +0200
+++ refpolicy/policy/modules/system/iscsi.fc 2008-08-03 21:29:52.000000000 +0200
@@ -1,5 +1,5 @@
/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
-/var/lib/iscsi(/.*)? -- gen_context(system_u:object_r:iscsi_var_lib_t,s0)
-/var/lock/iscsi(/.*)? -- gen_context(system_u:object_r:iscsi_lock_t,s0)
+/var/lib/iscsi(/.*)? gen_context(system_u:object_r:iscsi_var_lib_t,s0)
+/var/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
Index: refpolicy/policy/modules/system/iscsi.te
===================================================================
--- refpolicy.orig/policy/modules/system/iscsi.te 2008-07-19 19:15:43.000000000 +0200
+++ refpolicy/policy/modules/system/iscsi.te 2008-08-03 21:29:52.000000000 +0200
@@ -29,7 +29,7 @@
#
allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
-allow iscsid_t self:process { setrlimit setsched };
+allow iscsid_t self:process { setrlimit setsched signal };
allow iscsid_t self:fifo_file { read write };
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow iscsid_t self:unix_dgram_socket create_socket_perms;
@@ -63,6 +63,7 @@
corenet_tcp_sendrecv_all_ports(iscsid_t)
corenet_tcp_connect_http_port(iscsid_t)
corenet_tcp_connect_iscsi_port(iscsid_t)
+corenet_tcp_connect_isns_port(iscsid_t)
dev_rw_sysfs(iscsid_t)
--
David Härdeman
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
