LinuxLists.cc - [refpolicy] [PATCH 0/8] Fix invalid interface calls

2014-08-08 12:16:28

Subject: [refpolicy] [PATCH 0/8] Fix invalid interface calls

Found a few inconsistencies in the policy while scripting up some QA.

Sven Vermeulen (8):
Use logging_search_logs, not logging_search_log
Use logging_search_logs, not logging_search_log
Use files_search_etc, not logging_search_etc
Use files_search_etc, not logging_search_etc
Use files_search_etc, not files_search_config
Use corecmd_search_bin, not corecmd_searh_bin
Use fs_search_tmpfs, not files_search_tmpfs
Use domain_auto_trans, not auto_trans

ircd.if | 2 +-
monop.if | 2 +-
networkmanager.if | 2 +-
nslcd.if | 2 +-
rsync.if | 2 +-
smstools.if | 2 +-
tgtd.if | 2 +-
zarafa.if | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)

--
1.8.5.5

2014-08-08 12:16:29

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/8] Use logging_search_logs, not logging_search_log

Signed-off-by: Sven Vermeulen <[email protected]>
---
ircd.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ircd.if b/ircd.if
index ade9803..1a88664 100644
--- a/ircd.if
+++ b/ircd.if
@@ -34,7 +34,7 @@ interface(`ircd_admin',`
files_search_etc($1)
admin_pattern($1, ircd_etc_t)

- logging_search_log($1)
+ logging_search_logs($1)
admin_pattern($1, ircd_log_t)

files_search_var_lib($1)
--
1.8.5.5

2014-08-08 12:16:30

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 2/8] Use logging_search_logs, not logging_search_log

Signed-off-by: Sven Vermeulen <[email protected]>
---
zarafa.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zarafa.if b/zarafa.if
index 36e32df..83b4ca5 100644
--- a/zarafa.if
+++ b/zarafa.if
@@ -163,7 +163,7 @@ interface(`zarafa_admin',`
files_search_tmp($1)
admin_pattern($1, { zarafa_deliver_tmp_t zarafa_indexer_tmp_t zarafa_server_tmp_t })

- logging_search_log($1)
+ logging_search_logs($1)
admin_pattern($1, zarafa_logfile)

files_search_var_lib($1)
--
1.8.5.5

2014-08-08 12:16:31

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 3/8] Use files_search_etc, not logging_search_etc

Signed-off-by: Sven Vermeulen <[email protected]>
---
monop.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monop.if b/monop.if
index 8fdaece..a6ec137 100644
--- a/monop.if
+++ b/monop.if
@@ -31,7 +31,7 @@ interface(`monop_admin',`
role_transition $2 monopd_initrc_exec_t system_r;
allow $2 system_r;

- logging_search_etc($1)
+ files_search_etc($1)
admin_pattern($1, monopd_etc_t)

files_search_pids($1)
--
1.8.5.5

2014-08-08 12:16:32

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 4/8] Use files_search_etc, not logging_search_etc

Signed-off-by: Sven Vermeulen <[email protected]>
---
networkmanager.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/networkmanager.if b/networkmanager.if
index 86dc29d..baebe99 100644
--- a/networkmanager.if
+++ b/networkmanager.if
@@ -302,7 +302,7 @@ interface(`networkmanager_admin',`
role_transition $2 NetworkManager_initrc_exec_t system_r;
allow $2 system_r;

- logging_search_etc($1)
+ files_search_etc($1)
admin_pattern($1, { NetworkManager_etc_t NetworkManager_etc_rw_t })

logging_search_logs($1)
--
1.8.5.5

2014-08-08 12:16:33

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 5/8] Use files_search_etc, not files_search_config

Signed-off-by: Sven Vermeulen <[email protected]>
---
smstools.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/smstools.if b/smstools.if
index cbfe369..81136f0 100644
--- a/smstools.if
+++ b/smstools.if
@@ -32,7 +32,7 @@ interface(`smstools_admin',`
role_transition $2 smsd_initrc_exec_t system_r;
allow $2 system_r;

- files_search_config($1)
+ files_search_etc($1)
admin_pattern($1, smsd_conf_t)

files_search_var_lib($1)
--
1.8.5.5

2014-08-08 12:16:35

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 7/8] Use fs_search_tmpfs, not files_search_tmpfs

Signed-off-by: Sven Vermeulen <[email protected]>
---
tgtd.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tgtd.if b/tgtd.if
index 5406b6e..dc5b46e 100644
--- a/tgtd.if
+++ b/tgtd.if
@@ -97,6 +97,6 @@ interface(`tgtd_admin',`
files_search_tmp($1)
admin_pattern($1, tgtd_tmp_t)

- files_search_tmpfs($1)
+ fs_search_tmpfs($1)
admin_pattern($1, tgtd_tmpfs_t)
')
--
1.8.5.5

2014-08-08 12:16:36

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 8/8] Use domain_auto_trans, not auto_trans

Signed-off-by: Sven Vermeulen <[email protected]>
---
rsync.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rsync.if b/rsync.if
index f1140ef..431471b 100644
--- a/rsync.if
+++ b/rsync.if
@@ -50,7 +50,7 @@ interface(`rsync_entry_spec_domtrans',`
')

corecmd_search_bin($1)
- auto_trans($1, rsync_exec_t, $2)
+ domain_auto_trans($1, rsync_exec_t, $2)
')

########################################
--
1.8.5.5

2014-08-08 12:16:34

by sven.vermeulen

[permalink] [raw]

Subject: [refpolicy] [PATCH 6/8] Use corecmd_search_bin, not corecmd_searh_bin

Signed-off-by: Sven Vermeulen <[email protected]>
---
nslcd.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nslcd.if b/nslcd.if
index 97df768..bbd7cac 100644
--- a/nslcd.if
+++ b/nslcd.if
@@ -15,7 +15,7 @@ interface(`nslcd_domtrans',`
type nslcd_t, nslcd_exec_t;
')

- corecmd_searh_bin($1)
+ corecmd_search_bin($1)
domtrans_pattern($1, nslcd_exec_t, nslcd_t)
')

--
1.8.5.5

2014-08-14 19:45:56

by cpebenito

[permalink] [raw]

Subject: [refpolicy] [PATCH 0/8] Fix invalid interface calls

On 8/8/2014 8:16 AM, Sven Vermeulen wrote:
> Found a few inconsistencies in the policy while scripting up some QA.
>
> Sven Vermeulen (8):
> Use logging_search_logs, not logging_search_log
> Use logging_search_logs, not logging_search_log
> Use files_search_etc, not logging_search_etc
> Use files_search_etc, not logging_search_etc
> Use files_search_etc, not files_search_config
> Use corecmd_search_bin, not corecmd_searh_bin
> Use fs_search_tmpfs, not files_search_tmpfs
> Use domain_auto_trans, not auto_trans
>
> ircd.if | 2 +-
> monop.if | 2 +-
> networkmanager.if | 2 +-
> nslcd.if | 2 +-
> rsync.if | 2 +-
> smstools.if | 2 +-
> tgtd.if | 2 +-
> zarafa.if | 2 +-
> 8 files changed, 8 insertions(+), 8 deletions(-)

This set is merged.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com