From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 07 Jan 2010 09:02:19 -0500
Subject: [refpolicy] [ Patch 1/1] tftp: tftpd_t needs to manage objects
 in /var/lib/tftpboot
In-Reply-To: <20100105163305.GA25489@localhost.localdomain>
References: <20100105163305.GA25489@localhost.localdomain>
Message-ID: <1262872939.2553.5600.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Duplicate of Dan's Fedora patch.

On Tue, 2010-01-05 at 17:33 +0100, Dominick Grift wrote:
> In tftp.te a type tftpdir_rw_t is declared.
> ftpd_t has access to manage object of this type.
> There was no file context specified for objects with type tftpdir_rw_t.
> Assuming that tftpd_t needs to be able to manage its objects in /var/lib like most other domains,
> I assume that /var/lib/tftpboot(/.*)? should be labeled tftpdir_rw_t.
> 
> Signed-off-by: Dominick Grift <domg472@gmail.com>
> ---
> :100644 100644 72274cd... 25eee43... M	policy/modules/services/tftp.fc
>  policy/modules/services/tftp.fc |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/services/tftp.fc b/policy/modules/services/tftp.fc
> index 72274cd..25eee43 100644
> --- a/policy/modules/services/tftp.fc
> +++ b/policy/modules/services/tftp.fc
> @@ -5,4 +5,4 @@
>  /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
>  /tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
>  
> -/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_t,s0)
> +/var/lib/tftpboot(/.*)?		gen_context(system_u:object_r:tftpdir_rw_t,s0)
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150