Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.
Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 e9ed246... b2b1657... M policy/modules/services/abrt.if
:100644 100644 559ce2d... 0099ed3... M policy/modules/services/abrt.te
policy/modules/services/abrt.if | 1 +
policy/modules/services/abrt.te | 7 +++++++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/policy/modules/services/abrt.if b/policy/modules/services/abrt.if
index e9ed246..b2b1657 100644
--- a/policy/modules/services/abrt.if
+++ b/policy/modules/services/abrt.if
@@ -34,6 +34,7 @@ interface(`abrt_exec',`
type abrt_exec_t;
')
+ corecmd_search_bin($1)
can_exec($1, abrt_exec_t)
')
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
index 559ce2d..0099ed3 100644
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -76,7 +76,14 @@ kernel_rw_kernel_sysctl(abrt_t)
corecmd_exec_bin(abrt_t)
corecmd_exec_shell(abrt_t)
+corenet_all_recvfrom_netlabel(abrt_t)
+corenet_all_recvfrom_unlabeled(abrt_t)
+corenet_sendrecv_http_client_packets(abrt_t)
+corenet_tcp_bind_generic_node(abrt_t)
corenet_tcp_connect_http_port(abrt_t)
+corenet_tcp_sendrecv_generic_if(abrt_t)
+corenet_tcp_sendrecv_generic_node(abrt_t)
+corenet_tcp_sendrecv_generic_port(abrt_t)
dev_read_urand(abrt_t)
--
1.6.6.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100224/9b061ecc/attachment.bin
On Wed, 2010-02-24 at 12:35 +0100, Dominick Grift wrote:
> Fix networking compatibility.
> Allow domains to search bin to enable run abrt executables.
Merged.
> Signed-off-by: Dominick Grift <[email protected]>
> ---
> :100644 100644 e9ed246... b2b1657... M policy/modules/services/abrt.if
> :100644 100644 559ce2d... 0099ed3... M policy/modules/services/abrt.te
> policy/modules/services/abrt.if | 1 +
> policy/modules/services/abrt.te | 7 +++++++
> 2 files changed, 8 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/services/abrt.if b/policy/modules/services/abrt.if
> index e9ed246..b2b1657 100644
> --- a/policy/modules/services/abrt.if
> +++ b/policy/modules/services/abrt.if
> @@ -34,6 +34,7 @@ interface(`abrt_exec',`
> type abrt_exec_t;
> ')
>
> + corecmd_search_bin($1)
> can_exec($1, abrt_exec_t)
> ')
>
> diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
> index 559ce2d..0099ed3 100644
> --- a/policy/modules/services/abrt.te
> +++ b/policy/modules/services/abrt.te
> @@ -76,7 +76,14 @@ kernel_rw_kernel_sysctl(abrt_t)
> corecmd_exec_bin(abrt_t)
> corecmd_exec_shell(abrt_t)
>
> +corenet_all_recvfrom_netlabel(abrt_t)
> +corenet_all_recvfrom_unlabeled(abrt_t)
> +corenet_sendrecv_http_client_packets(abrt_t)
> +corenet_tcp_bind_generic_node(abrt_t)
> corenet_tcp_connect_http_port(abrt_t)
> +corenet_tcp_sendrecv_generic_if(abrt_t)
> +corenet_tcp_sendrecv_generic_node(abrt_t)
> +corenet_tcp_sendrecv_generic_port(abrt_t)
>
> dev_read_urand(abrt_t)
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150