From: dac.override@gmail.com (Dominick Grift) Date: Tue, 25 Aug 2015 12:27:19 +0200 Subject: [refpolicy] [PATCH 3/3] hadoop: init_startstop_service() can not take attributes In-Reply-To: <1440429009-2576-3-git-send-email-jason@perfinion.com> References: <1440429009-2576-1-git-send-email-jason@perfinion.com> <1440429009-2576-3-git-send-email-jason@perfinion.com> Message-ID: <20150825102718.GC2269@x250> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Aug 24, 2015 at 11:10:09PM +0800, Jason Zaman wrote: > --- > hadoop.if | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) Yes that is an unfortunate side effect. CIL can deal with this. Merged, thanks > > diff --git a/hadoop.if b/hadoop.if > index a0a819f..5908119 100644 > --- a/hadoop.if > +++ b/hadoop.if > @@ -426,7 +426,6 @@ interface(`hadoop_admin',` > attribute hadoop_domain; > attribute hadoop_initrc_domain; > > - attribute hadoop_init_script_file; > attribute hadoop_pid_file; > attribute hadoop_lock_file; > attribute hadoop_log_file; > @@ -436,12 +435,22 @@ interface(`hadoop_admin',` > type hadoop_t, hadoop_etc_t, hadoop_hsperfdata_t; > type zookeeper_t, zookeeper_etc_t, zookeeper_server_t; > type zookeeper_server_var_t; > + > + type hadoop_datanode_initrc_t, hadoop_datanode_initrc_exec_t; > + type hadoop_jobtracker_initrc_t, hadoop_jobtracker_initrc_exec_t; > + type hadoop_namenode_initrc_t, hadoop_namenode_initrc_exec_t; > + type hadoop_secondarynamenode_initrc_t, hadoop_secondarynamenode_initrc_exec_t; > + type hadoop_tasktracker_initrc_t, hadoop_tasktracker_initrc_exec_t; > ') > > allow $1 { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t }:process { ptrace signal_perms }; > ps_process_pattern($1, { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t }) > > - init_startstop_service($1, $2, hadoop_domain, hadoop_init_script_file) > + init_startstop_service($1, $2, hadoop_datanode_initrc_t, hadoop_datanode_initrc_exec_t) > + init_startstop_service($1, $2, hadoop_jobtracker_initrc_t, hadoop_jobtracker_initrc_exec_t) > + init_startstop_service($1, $2, hadoop_namenode_initrc_t, hadoop_namenode_initrc_exec_t) > + init_startstop_service($1, $2, hadoop_secondarynamenode_initrc_t, hadoop_secondarynamenode_initrc_exec_t) > + init_startstop_service($1, $2, hadoop_tasktracker_initrc_t, hadoop_tasktracker_initrc_exec_t) > > files_search_etc($1) > admin_pattern($1, { hadoop_etc_t zookeeper_etc_t }) > -- > 2.4.6 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150825/e307f8c4/attachment.bin