[patch 31/35] amanda policy update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

RH policy updates to the amanda module, none of these look controversial
Index: refpolicy/policy/modules/admin/amanda.fc
===================================================================
--- refpolicy.orig/policy/modules/admin/amanda.fc	2008-07-19 19:15:44.000000000 +0200
+++ refpolicy/policy/modules/admin/amanda.fc	2008-08-03 21:51:13.000000000 +0200
@@ -3,6 +3,7 @@
 /etc/amanda/.*/tapelist(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
 /etc/amandates				gen_context(system_u:object_r:amanda_amandates_t,s0)
 /etc/dumpdates				gen_context(system_u:object_r:amanda_dumpdates_t,s0)
+/etc/amanda/.*/index(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
 
 /root/restore			-d	gen_context(system_u:object_r:amanda_recover_dir_t,s0)
 
Index: refpolicy/policy/modules/admin/amanda.te
===================================================================
--- refpolicy.orig/policy/modules/admin/amanda.te	2008-08-03 16:47:00.000000000 +0200
+++ refpolicy/policy/modules/admin/amanda.te	2008-08-03 21:51:13.000000000 +0200
@@ -82,8 +82,9 @@
 allow amanda_t amanda_config_t:file { getattr read };
 
 # access to amandas data structure
-allow amanda_t amanda_data_t:dir { read search write };
-allow amanda_t amanda_data_t:file manage_file_perms;
+manage_dirs_pattern(amanda_t, amanda_data_t, amanda_data_t)
+manage_files_pattern(amanda_t, amanda_data_t, amanda_data_t)
+filetrans_pattern(amanda_t, amanda_config_t, amanda_data_t, { file dir })
 
 # access to amanda_dumpdates_t
 allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
@@ -146,6 +147,8 @@
 fs_list_all(amanda_t)
 
 storage_raw_read_fixed_disk(amanda_t)
+storage_read_tape(amanda_t)
+storage_write_tape(amanda_t)
 
 # Added for targeted policy
 term_use_unallocated_ttys(amanda_t)
@@ -220,6 +223,7 @@
 auth_use_nsswitch(amanda_recover_t)
 
 fstools_domtrans(amanda_t)
+fstools_signal(amanda_t)
 
 libs_use_ld_so(amanda_recover_t)
 libs_use_shared_libs(amanda_recover_t)

-- 
David Härdeman

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux