LinuxLists.cc - [refpolicy] [PATCH 1/1] Make samba domtrans optional in virt

2012-11-10 19:37:55

Subject: [refpolicy] [PATCH 1/1] Make samba domtrans optional in virt

The virt module has a call to samba_domtrans_smbd which isn't marked as an
optional_policy call. This made the module depend on samba module, which isn't
always needed.

Signed-off-by: Sven Vermeulen <[email protected]>
---
virt.te | 18 ++++++++++--------
1 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/virt.te b/virt.te
index f15cf2b..c11b54f 100644
--- a/virt.te
+++ b/virt.te
@@ -305,14 +305,6 @@ tunable_policy(`virt_use_nfs',`
fs_read_nfs_symlinks(virt_domain)
')

-tunable_policy(`virt_use_samba',`
- fs_manage_cifs_dirs(virt_domain)
- fs_manage_cifs_files(virt_domain)
- fs_manage_cifs_named_sockets(virt_domain)
- fs_read_cifs_symlinks(virt_domain)
- samba_domtrans_smbd(virt_domain)
-')
-
tunable_policy(`virt_use_sysfs',`
dev_rw_sysfs(virt_domain)
')
@@ -325,6 +317,16 @@ tunable_policy(`virt_use_usb',`
')

optional_policy(`
+ tunable_policy(`virt_use_samba',`
+ fs_manage_cifs_dirs(virt_domain)
+ fs_manage_cifs_files(virt_domain)
+ fs_manage_cifs_named_sockets(virt_domain)
+ fs_read_cifs_symlinks(virt_domain)
+ samba_domtrans_smbd(virt_domain)
+ ')
+')
+
+optional_policy(`
tunable_policy(`virt_use_xserver',`
xserver_read_xdm_pid(virt_domain)
xserver_stream_connect(virt_domain)
--
1.7.8.6

2012-11-14 18:23:24

by dominick.grift

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/1] Make samba domtrans optional in virt

On Sat, 2012-11-10 at 20:37 +0100, Sven Vermeulen wrote:
> The virt module has a call to samba_domtrans_smbd which isn't marked as an
> optional_policy call. This made the module depend on samba module, which isn't
> always needed.
>
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> virt.te | 18 ++++++++++--------
> 1 files changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/virt.te b/virt.te
> index f15cf2b..c11b54f 100644
> --- a/virt.te
> +++ b/virt.te
> @@ -305,14 +305,6 @@ tunable_policy(`virt_use_nfs',`
> fs_read_nfs_symlinks(virt_domain)
> ')
>
> -tunable_policy(`virt_use_samba',`
> - fs_manage_cifs_dirs(virt_domain)
> - fs_manage_cifs_files(virt_domain)
> - fs_manage_cifs_named_sockets(virt_domain)
> - fs_read_cifs_symlinks(virt_domain)
> - samba_domtrans_smbd(virt_domain)
> -')
> -
> tunable_policy(`virt_use_sysfs',`
> dev_rw_sysfs(virt_domain)
> ')
> @@ -325,6 +317,16 @@ tunable_policy(`virt_use_usb',`
> ')
>
> optional_policy(`
> + tunable_policy(`virt_use_samba',`
> + fs_manage_cifs_dirs(virt_domain)
> + fs_manage_cifs_files(virt_domain)
> + fs_manage_cifs_named_sockets(virt_domain)
> + fs_read_cifs_symlinks(virt_domain)
> + samba_domtrans_smbd(virt_domain)
> + ')
> +')
> +
> +optional_policy(`
> tunable_policy(`virt_use_xserver',`
> xserver_read_xdm_pid(virt_domain)
> xserver_stream_connect(virt_domain)

This was merged, thanks