Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
:100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
:100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
:100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
policy/modules/admin/anaconda.te | 1 +
policy/modules/admin/rpm.te | 1 +
policy/modules/services/setroubleshoot.te | 1 +
policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
4 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index 96f68e9..d1ebb91 100644
--- a/policy/modules/admin/anaconda.te
+++ b/policy/modules/admin/anaconda.te
@@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
modutils_domtrans_depmod(anaconda_t)
seutil_domtrans_semanage(anaconda_t)
+seutil_domtrans_setsebool(anaconda_t)
userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index 1a08320..e7312eb 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
seutil_domtrans_loadpolicy(rpm_script_t)
seutil_domtrans_setfiles(rpm_script_t)
seutil_domtrans_semanage(rpm_script_t)
+seutil_domtrans_setsebool(rpm_script_t)
userdom_use_all_users_fds(rpm_script_t)
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 3d17148..3a2351b 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
corecmd_exec_shell(setroubleshoot_fixit_t)
seutil_domtrans_setfiles(setroubleshoot_fixit_t)
+seutil_domtrans_setsebool(setroubleshoot_fixit_t)
files_read_usr_files(setroubleshoot_fixit_t)
files_read_etc_files(setroubleshoot_fixit_t)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 170e2c7..cecca76 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
########################################
## <summary>
+## Execute a domain transition to run setsebool.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`seutil_domtrans_setsebool',`
+ gen_require(`
+ type setsebool_t, setsebool_exec_t;
+ ')
+
+ files_search_usr($1)
+ corecmd_search_bin($1)
+ domtrans_pattern($1, setsebool_exec_t, setsebool_t)
+')
+
+########################################
+## <summary>
## Full management of the semanage
## module store.
## </summary>
--
1.7.2.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100903/89df66ad/attachment.bin
On 09/03/10 10:24, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<[email protected]>
Setsebool_t does not exist upstream.
> ---
> :100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
> :100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
> :100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
> :100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
> policy/modules/admin/anaconda.te | 1 +
> policy/modules/admin/rpm.te | 1 +
> policy/modules/services/setroubleshoot.te | 1 +
> policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
> 4 files changed, 23 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
> index 96f68e9..d1ebb91 100644
> --- a/policy/modules/admin/anaconda.te
> +++ b/policy/modules/admin/anaconda.te
> @@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
> modutils_domtrans_depmod(anaconda_t)
>
> seutil_domtrans_semanage(anaconda_t)
> +seutil_domtrans_setsebool(anaconda_t)
>
> userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
>
> diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
> index 1a08320..e7312eb 100644
> --- a/policy/modules/admin/rpm.te
> +++ b/policy/modules/admin/rpm.te
> @@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
> seutil_domtrans_loadpolicy(rpm_script_t)
> seutil_domtrans_setfiles(rpm_script_t)
> seutil_domtrans_semanage(rpm_script_t)
> +seutil_domtrans_setsebool(rpm_script_t)
>
> userdom_use_all_users_fds(rpm_script_t)
>
> diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
> index 3d17148..3a2351b 100644
> --- a/policy/modules/services/setroubleshoot.te
> +++ b/policy/modules/services/setroubleshoot.te
> @@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
> corecmd_exec_shell(setroubleshoot_fixit_t)
>
> seutil_domtrans_setfiles(setroubleshoot_fixit_t)
> +seutil_domtrans_setsebool(setroubleshoot_fixit_t)
>
> files_read_usr_files(setroubleshoot_fixit_t)
> files_read_etc_files(setroubleshoot_fixit_t)
> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> index 170e2c7..cecca76 100644
> --- a/policy/modules/system/selinuxutil.if
> +++ b/policy/modules/system/selinuxutil.if
> @@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
>
> ########################################
> ##<summary>
> +## Execute a domain transition to run setsebool.
> +##</summary>
> +##<param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +##</param>
> +#
> +interface(`seutil_domtrans_setsebool',`
> + gen_require(`
> + type setsebool_t, setsebool_exec_t;
> + ')
> +
> + files_search_usr($1)
> + corecmd_search_bin($1)
> + domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> +')
> +
> +########################################
> +##<summary>
> ## Full management of the semanage
> ## module store.
> ##</summary>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Thu, Sep 09, 2010 at 08:07:34AM -0400, Christopher J. PeBenito wrote:
> On 09/03/10 10:24, Dominick Grift wrote:
> >Signed-off-by: Dominick Grift<[email protected]>
>
> Setsebool_t does not exist upstream.
Yes, i redid it (see my other patch) after i figured that out. However i do not like how Fedora implemented that solution either and i wouldnt be surprised if you dont like it either
>
> >---
> >:100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
> >:100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
> >:100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
> >:100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
> > policy/modules/admin/anaconda.te | 1 +
> > policy/modules/admin/rpm.te | 1 +
> > policy/modules/services/setroubleshoot.te | 1 +
> > policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
> > 4 files changed, 23 insertions(+), 0 deletions(-)
> >
> >diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
> >index 96f68e9..d1ebb91 100644
> >--- a/policy/modules/admin/anaconda.te
> >+++ b/policy/modules/admin/anaconda.te
> >@@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
> > modutils_domtrans_depmod(anaconda_t)
> >
> > seutil_domtrans_semanage(anaconda_t)
> >+seutil_domtrans_setsebool(anaconda_t)
> >
> > userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
> >
> >diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
> >index 1a08320..e7312eb 100644
> >--- a/policy/modules/admin/rpm.te
> >+++ b/policy/modules/admin/rpm.te
> >@@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
> > seutil_domtrans_loadpolicy(rpm_script_t)
> > seutil_domtrans_setfiles(rpm_script_t)
> > seutil_domtrans_semanage(rpm_script_t)
> >+seutil_domtrans_setsebool(rpm_script_t)
> >
> > userdom_use_all_users_fds(rpm_script_t)
> >
> >diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
> >index 3d17148..3a2351b 100644
> >--- a/policy/modules/services/setroubleshoot.te
> >+++ b/policy/modules/services/setroubleshoot.te
> >@@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
> > corecmd_exec_shell(setroubleshoot_fixit_t)
> >
> > seutil_domtrans_setfiles(setroubleshoot_fixit_t)
> >+seutil_domtrans_setsebool(setroubleshoot_fixit_t)
> >
> > files_read_usr_files(setroubleshoot_fixit_t)
> > files_read_etc_files(setroubleshoot_fixit_t)
> >diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> >index 170e2c7..cecca76 100644
> >--- a/policy/modules/system/selinuxutil.if
> >+++ b/policy/modules/system/selinuxutil.if
> >@@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
> >
> > ########################################
> > ##<summary>
> >+## Execute a domain transition to run setsebool.
> >+##</summary>
> >+##<param name="domain">
> >+## <summary>
> >+## Domain allowed to transition.
> >+## </summary>
> >+##</param>
> >+#
> >+interface(`seutil_domtrans_setsebool',`
> >+ gen_require(`
> >+ type setsebool_t, setsebool_exec_t;
> >+ ')
> >+
> >+ files_search_usr($1)
> >+ corecmd_search_bin($1)
> >+ domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> >+')
> >+
> >+########################################
> >+##<summary>
> > ## Full management of the semanage
> > ## module store.
> > ##</summary>
> >
> >
> >
> >_______________________________________________
> >refpolicy mailing list
> >refpolicy at oss.tresys.com
> >http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> http://www.tresys.com | oss.tresys.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100909/306c360c/attachment.bin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/09/2010 08:11 AM, Dominick Grift wrote:
> On Thu, Sep 09, 2010 at 08:07:34AM -0400, Christopher J. PeBenito wrote:
>> On 09/03/10 10:24, Dominick Grift wrote:
>>> Signed-off-by: Dominick Grift<[email protected]>
>>
>> Setsebool_t does not exist upstream.
>
> Yes, i redid it (see my other patch) after i figured that out. However i do not like how Fedora implemented that solution either and i wouldnt be surprised if you dont like it either
>
I would be willing to change the Fedora mechanism, if you can get
something upstream. Of course until we get labeled booleans into
modules, there is limited advantages to this.
>>
>>> ---
>>> :100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
>>> :100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
>>> :100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
>>> :100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
>>> policy/modules/admin/anaconda.te | 1 +
>>> policy/modules/admin/rpm.te | 1 +
>>> policy/modules/services/setroubleshoot.te | 1 +
>>> policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
>>> 4 files changed, 23 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
>>> index 96f68e9..d1ebb91 100644
>>> --- a/policy/modules/admin/anaconda.te
>>> +++ b/policy/modules/admin/anaconda.te
>>> @@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
>>> modutils_domtrans_depmod(anaconda_t)
>>>
>>> seutil_domtrans_semanage(anaconda_t)
>>> +seutil_domtrans_setsebool(anaconda_t)
>>>
>>> userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
>>>
>>> diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
>>> index 1a08320..e7312eb 100644
>>> --- a/policy/modules/admin/rpm.te
>>> +++ b/policy/modules/admin/rpm.te
>>> @@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
>>> seutil_domtrans_loadpolicy(rpm_script_t)
>>> seutil_domtrans_setfiles(rpm_script_t)
>>> seutil_domtrans_semanage(rpm_script_t)
>>> +seutil_domtrans_setsebool(rpm_script_t)
>>>
>>> userdom_use_all_users_fds(rpm_script_t)
>>>
>>> diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
>>> index 3d17148..3a2351b 100644
>>> --- a/policy/modules/services/setroubleshoot.te
>>> +++ b/policy/modules/services/setroubleshoot.te
>>> @@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
>>> corecmd_exec_shell(setroubleshoot_fixit_t)
>>>
>>> seutil_domtrans_setfiles(setroubleshoot_fixit_t)
>>> +seutil_domtrans_setsebool(setroubleshoot_fixit_t)
>>>
>>> files_read_usr_files(setroubleshoot_fixit_t)
>>> files_read_etc_files(setroubleshoot_fixit_t)
>>> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
>>> index 170e2c7..cecca76 100644
>>> --- a/policy/modules/system/selinuxutil.if
>>> +++ b/policy/modules/system/selinuxutil.if
>>> @@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
>>>
>>> ########################################
>>> ##<summary>
>>> +## Execute a domain transition to run setsebool.
>>> +##</summary>
>>> +##<param name="domain">
>>> +## <summary>
>>> +## Domain allowed to transition.
>>> +## </summary>
>>> +##</param>
>>> +#
>>> +interface(`seutil_domtrans_setsebool',`
>>> + gen_require(`
>>> + type setsebool_t, setsebool_exec_t;
>>> + ')
>>> +
>>> + files_search_usr($1)
>>> + corecmd_search_bin($1)
>>> + domtrans_pattern($1, setsebool_exec_t, setsebool_t)
>>> +')
>>> +
>>> +########################################
>>> +##<summary>
>>> ## Full management of the semanage
>>> ## module store.
>>> ##</summary>
>>>
>>>
>>>
>>> _______________________________________________
>>> refpolicy mailing list
>>> refpolicy at oss.tresys.com
>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
>>
>> --
>> Chris PeBenito
>> Tresys Technology, LLC
>> http://www.tresys.com | oss.tresys.com
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyI0UoACgkQrlYvE4MpobNa0wCff6qekpQL9heXjHWFqqf3fRRz
DgsAn2SeQb440VxYZiPE+ZOJwj4slgCI
=gVS8
-----END PGP SIGNATURE-----