From: domg472@gmail.com (Dominick Grift)
Date: Fri, 3 Sep 2010 17:50:57 +0200
Subject: [refpolicy] [Backup 1/1] Clean up the Back up modules.
Message-ID: <20100903155055.GA27727@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 223b7f2... d924d71... M	policy/modules/admin/backup.fc
:100644 100644 1017b7a... 44ee47c... M	policy/modules/admin/backup.if
:100644 100644 0bfc958... e656c20... M	policy/modules/admin/backup.te
 policy/modules/admin/backup.fc |   13 +++----------
 policy/modules/admin/backup.if |    8 +++++---
 policy/modules/admin/backup.te |    1 -
 3 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
index 223b7f2..d924d71 100644
--- a/policy/modules/admin/backup.fc
+++ b/policy/modules/admin/backup.fc
@@ -1,13 +1,6 @@
-# backup
-# label programs that do backups to other files on disk (IE a cron job that
-# calls tar) in backup_exec_t and label the directory for storing them as
-# backup_store_t, Debian uses /var/backups
+/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
 
-#/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
-
-ifdef(`distro_debian',`
-/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
-/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
-')
+/etc/cron\.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
+/etc/cron\.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
 
 /var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
index 1017b7a..44ee47c 100644
--- a/policy/modules/admin/backup.if
+++ b/policy/modules/admin/backup.if
@@ -2,7 +2,8 @@
 
 ########################################
 ## <summary>
-##	Execute backup in the backup domain.
+##	Execute a domain transition to run
+##	Backup.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -20,8 +21,9 @@ interface(`backup_domtrans',`
 
 ########################################
 ## <summary>
-##	Execute backup in the backup domain, and
-##	allow the specified role the backup domain.
+##	Execute a domain transition to run
+##	Backup, and allow the specified role
+##	the Backup domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
index 0bfc958..e656c20 100644
--- a/policy/modules/admin/backup.te
+++ b/policy/modules/admin/backup.te
@@ -51,7 +51,6 @@ corenet_sendrecv_all_client_packets(backup_t)
 
 dev_getattr_all_blk_files(backup_t)
 dev_getattr_all_chr_files(backup_t)
-# for SSP
 dev_read_urand(backup_t)
 
 domain_use_interactive_fds(backup_t)
-- 
1.7.2.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100903/c9e2dc89/attachment.bin