From: domg472@gmail.com (Dominick Grift)
Date: Tue, 5 Jan 2010 17:33:08 +0100
Subject: [refpolicy] [ Patch 1/1] tftp: tftpd_t needs to manage objects in
 /var/lib/tftpboot
Message-ID: <20100105163305.GA25489@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

In tftp.te a type tftpdir_rw_t is declared.
ftpd_t has access to manage object of this type.
There was no file context specified for objects with type tftpdir_rw_t.
Assuming that tftpd_t needs to be able to manage its objects in /var/lib like most other domains,
I assume that /var/lib/tftpboot(/.*)? should be labeled tftpdir_rw_t.

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 72274cd... 25eee43... M	policy/modules/services/tftp.fc
 policy/modules/services/tftp.fc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/services/tftp.fc b/policy/modules/services/tftp.fc
index 72274cd..25eee43 100644
--- a/policy/modules/services/tftp.fc
+++ b/policy/modules/services/tftp.fc
@@ -5,4 +5,4 @@
 /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
 /tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
 
-/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_t,s0)
+/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_rw_t,s0)
-- 
1.6.5.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100105/a86131b8/attachment.bin