2010-01-05 16:33:08

by domg472

[permalink] [raw]
Subject: [refpolicy] [ Patch 1/1] tftp: tftpd_t needs to manage objects in /var/lib/tftpboot

In tftp.te a type tftpdir_rw_t is declared.
ftpd_t has access to manage object of this type.
There was no file context specified for objects with type tftpdir_rw_t.
Assuming that tftpd_t needs to be able to manage its objects in /var/lib like most other domains,
I assume that /var/lib/tftpboot(/.*)? should be labeled tftpdir_rw_t.

Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 72274cd... 25eee43... M policy/modules/services/tftp.fc
policy/modules/services/tftp.fc | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/services/tftp.fc b/policy/modules/services/tftp.fc
index 72274cd..25eee43 100644
--- a/policy/modules/services/tftp.fc
+++ b/policy/modules/services/tftp.fc
@@ -5,4 +5,4 @@
/tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
/tftpboot/.* gen_context(system_u:object_r:tftpdir_t,s0)

-/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
+/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0)
--
1.6.5.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100105/a86131b8/attachment.bin


2010-01-07 14:02:19

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [ Patch 1/1] tftp: tftpd_t needs to manage objects in /var/lib/tftpboot

Duplicate of Dan's Fedora patch.

On Tue, 2010-01-05 at 17:33 +0100, Dominick Grift wrote:
> In tftp.te a type tftpdir_rw_t is declared.
> ftpd_t has access to manage object of this type.
> There was no file context specified for objects with type tftpdir_rw_t.
> Assuming that tftpd_t needs to be able to manage its objects in /var/lib like most other domains,
> I assume that /var/lib/tftpboot(/.*)? should be labeled tftpdir_rw_t.
>
> Signed-off-by: Dominick Grift <[email protected]>
> ---
> :100644 100644 72274cd... 25eee43... M policy/modules/services/tftp.fc
> policy/modules/services/tftp.fc | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/services/tftp.fc b/policy/modules/services/tftp.fc
> index 72274cd..25eee43 100644
> --- a/policy/modules/services/tftp.fc
> +++ b/policy/modules/services/tftp.fc
> @@ -5,4 +5,4 @@
> /tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
> /tftpboot/.* gen_context(system_u:object_r:tftpdir_t,s0)
>
> -/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
> +/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0)
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150