2010-03-04 18:52:02

by domg472

[permalink] [raw]
Subject: [refpolicy] [ cobbler patch 1/1] Fix cobbler_admin interface to require cobblerd_initrc_exec_t.

As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 1f2c492... 8ce15ef... M policy/modules/services/cobbler.if
policy/modules/services/cobbler.if | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 1f2c492..8ce15ef 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -161,7 +161,7 @@ interface(`cobbler_manage_lib_files',`
interface(`cobblerd_admin',`
gen_require(`
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
- type cobbler_etc_t;
+ type cobbler_etc_t, cobblerd_initrc_exec_t;
')

allow $1 cobblerd_t:process { ptrace signal_perms getattr };
--
1.6.6.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100304/c6456057/attachment.bin


2010-03-04 19:13:37

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [ cobbler patch 1/1] Fix cobbler_admin interface to require cobblerd_initrc_exec_t.

On Thu, 2010-03-04 at 19:52 +0100, Dominick Grift wrote:
> As per: http://oss.tresys.com/pipermail/refpolicy/2010-March/002258.html

Merged.

> Signed-off-by: Dominick Grift <[email protected]>
> ---
> :100644 100644 1f2c492... 8ce15ef... M policy/modules/services/cobbler.if
> policy/modules/services/cobbler.if | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
> index 1f2c492..8ce15ef 100644
> --- a/policy/modules/services/cobbler.if
> +++ b/policy/modules/services/cobbler.if
> @@ -161,7 +161,7 @@ interface(`cobbler_manage_lib_files',`
> interface(`cobblerd_admin',`
> gen_require(`
> type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
> - type cobbler_etc_t;
> + type cobbler_etc_t, cobblerd_initrc_exec_t;
> ')
>
> allow $1 cobblerd_t:process { ptrace signal_perms getattr };
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150