From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 8 Aug 2012 14:55:26 -0400 Subject: [refpolicy] [PATCH] oident daemon fixes In-Reply-To: <1344435568-2292-1-git-send-email-dominick.grift@gmail.com> References: <1344435568-2292-1-git-send-email-dominick.grift@gmail.com> Message-ID: <5022B61E.5060701@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/08/12 10:19, Dominick Grift wrote: > ~/.oidentd.conf is a single file > Remove call to oidentd_read_user_home_content(): "its preferred that you > not create an interface only to use it internally unless its a > complicated concept you're trying to abstract". > > Leaving the oidentd_read_user_home_content interface for backwards > compatibility. Merged. > Signed-off-by: Dominick Grift > diff --git a/oident.fc b/oident.fc > index 5840ea8..33b9aa0 100644 > --- a/oident.fc > +++ b/oident.fc > @@ -1,4 +1,4 @@ > -HOME_DIR/\.oidentd.conf gen_context(system_u:object_r:oidentd_home_t, s0) > +HOME_DIR/\.oidentd.conf -- gen_context(system_u:object_r:oidentd_home_t, s0) > > /etc/oidentd\.conf -- gen_context(system_u:object_r:oidentd_config_t, s0) > /etc/oidentd_masq\.conf -- gen_context(system_u:object_r:oidentd_config_t, s0) > diff --git a/oident.te b/oident.te > index 8845174..6e5be53 100644 > --- a/oident.te > +++ b/oident.te > @@ -34,6 +34,8 @@ > > allow oidentd_t oidentd_config_t:file read_file_perms; > > +allow oidentd_t oidentd_home_t:file read_file_perms; > + > corenet_all_recvfrom_unlabeled(oidentd_t) > corenet_all_recvfrom_netlabel(oidentd_t) > corenet_tcp_sendrecv_generic_if(oidentd_t) > @@ -58,7 +60,7 @@ > > sysnet_read_config(oidentd_t) > > -oident_read_user_content(oidentd_t) > +userdom_search_user_home_dirs(oidentd_t) > > optional_policy(` > nis_use_ypbind(oidentd_t) > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com