* [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and add a call to this interface for the following domains: rpm_script_t, setroubelshoot_fixit_t, anaconda_t.
@ 2010-09-03 14:24 Dominick Grift
2010-09-09 12:07 ` Christopher J. PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2010-09-03 14:24 UTC (permalink / raw)
To: refpolicy
Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
:100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
:100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
:100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
policy/modules/admin/anaconda.te | 1 +
policy/modules/admin/rpm.te | 1 +
policy/modules/services/setroubleshoot.te | 1 +
policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
4 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index 96f68e9..d1ebb91 100644
--- a/policy/modules/admin/anaconda.te
+++ b/policy/modules/admin/anaconda.te
@@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
modutils_domtrans_depmod(anaconda_t)
seutil_domtrans_semanage(anaconda_t)
+seutil_domtrans_setsebool(anaconda_t)
userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index 1a08320..e7312eb 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
seutil_domtrans_loadpolicy(rpm_script_t)
seutil_domtrans_setfiles(rpm_script_t)
seutil_domtrans_semanage(rpm_script_t)
+seutil_domtrans_setsebool(rpm_script_t)
userdom_use_all_users_fds(rpm_script_t)
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 3d17148..3a2351b 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
corecmd_exec_shell(setroubleshoot_fixit_t)
seutil_domtrans_setfiles(setroubleshoot_fixit_t)
+seutil_domtrans_setsebool(setroubleshoot_fixit_t)
files_read_usr_files(setroubleshoot_fixit_t)
files_read_etc_files(setroubleshoot_fixit_t)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 170e2c7..cecca76 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
########################################
## <summary>
+## Execute a domain transition to run setsebool.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`seutil_domtrans_setsebool',`
+ gen_require(`
+ type setsebool_t, setsebool_exec_t;
+ ')
+
+ files_search_usr($1)
+ corecmd_search_bin($1)
+ domtrans_pattern($1, setsebool_exec_t, setsebool_t)
+')
+
+########################################
+## <summary>
## Full management of the semanage
## module store.
## </summary>
--
1.7.2.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100903/89df66ad/attachment.bin
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and add a call to this interface for the following domains: rpm_script_t, setroubelshoot_fixit_t, anaconda_t.
2010-09-03 14:24 [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and add a call to this interface for the following domains: rpm_script_t, setroubelshoot_fixit_t, anaconda_t Dominick Grift
@ 2010-09-09 12:07 ` Christopher J. PeBenito
2010-09-09 12:11 ` Dominick Grift
0 siblings, 1 reply; 4+ messages in thread
From: Christopher J. PeBenito @ 2010-09-09 12:07 UTC (permalink / raw)
To: refpolicy
On 09/03/10 10:24, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>
Setsebool_t does not exist upstream.
> ---
> :100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
> :100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
> :100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
> :100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
> policy/modules/admin/anaconda.te | 1 +
> policy/modules/admin/rpm.te | 1 +
> policy/modules/services/setroubleshoot.te | 1 +
> policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
> 4 files changed, 23 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
> index 96f68e9..d1ebb91 100644
> --- a/policy/modules/admin/anaconda.te
> +++ b/policy/modules/admin/anaconda.te
> @@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
> modutils_domtrans_depmod(anaconda_t)
>
> seutil_domtrans_semanage(anaconda_t)
> +seutil_domtrans_setsebool(anaconda_t)
>
> userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
>
> diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
> index 1a08320..e7312eb 100644
> --- a/policy/modules/admin/rpm.te
> +++ b/policy/modules/admin/rpm.te
> @@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
> seutil_domtrans_loadpolicy(rpm_script_t)
> seutil_domtrans_setfiles(rpm_script_t)
> seutil_domtrans_semanage(rpm_script_t)
> +seutil_domtrans_setsebool(rpm_script_t)
>
> userdom_use_all_users_fds(rpm_script_t)
>
> diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
> index 3d17148..3a2351b 100644
> --- a/policy/modules/services/setroubleshoot.te
> +++ b/policy/modules/services/setroubleshoot.te
> @@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
> corecmd_exec_shell(setroubleshoot_fixit_t)
>
> seutil_domtrans_setfiles(setroubleshoot_fixit_t)
> +seutil_domtrans_setsebool(setroubleshoot_fixit_t)
>
> files_read_usr_files(setroubleshoot_fixit_t)
> files_read_etc_files(setroubleshoot_fixit_t)
> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> index 170e2c7..cecca76 100644
> --- a/policy/modules/system/selinuxutil.if
> +++ b/policy/modules/system/selinuxutil.if
> @@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
>
> ########################################
> ##<summary>
> +## Execute a domain transition to run setsebool.
> +##</summary>
> +##<param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +##</param>
> +#
> +interface(`seutil_domtrans_setsebool',`
> + gen_require(`
> + type setsebool_t, setsebool_exec_t;
> + ')
> +
> + files_search_usr($1)
> + corecmd_search_bin($1)
> + domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> +')
> +
> +########################################
> +##<summary>
> ## Full management of the semanage
> ## module store.
> ##</summary>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and add a call to this interface for the following domains: rpm_script_t, setroubelshoot_fixit_t, anaconda_t.
2010-09-09 12:07 ` Christopher J. PeBenito
@ 2010-09-09 12:11 ` Dominick Grift
2010-09-09 12:21 ` Daniel J Walsh
0 siblings, 1 reply; 4+ messages in thread
From: Dominick Grift @ 2010-09-09 12:11 UTC (permalink / raw)
To: refpolicy
On Thu, Sep 09, 2010 at 08:07:34AM -0400, Christopher J. PeBenito wrote:
> On 09/03/10 10:24, Dominick Grift wrote:
> >Signed-off-by: Dominick Grift<domg472@gmail.com>
>
> Setsebool_t does not exist upstream.
Yes, i redid it (see my other patch) after i figured that out. However i do not like how Fedora implemented that solution either and i wouldnt be surprised if you dont like it either
>
> >---
> >:100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
> >:100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
> >:100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
> >:100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
> > policy/modules/admin/anaconda.te | 1 +
> > policy/modules/admin/rpm.te | 1 +
> > policy/modules/services/setroubleshoot.te | 1 +
> > policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
> > 4 files changed, 23 insertions(+), 0 deletions(-)
> >
> >diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
> >index 96f68e9..d1ebb91 100644
> >--- a/policy/modules/admin/anaconda.te
> >+++ b/policy/modules/admin/anaconda.te
> >@@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
> > modutils_domtrans_depmod(anaconda_t)
> >
> > seutil_domtrans_semanage(anaconda_t)
> >+seutil_domtrans_setsebool(anaconda_t)
> >
> > userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
> >
> >diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
> >index 1a08320..e7312eb 100644
> >--- a/policy/modules/admin/rpm.te
> >+++ b/policy/modules/admin/rpm.te
> >@@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
> > seutil_domtrans_loadpolicy(rpm_script_t)
> > seutil_domtrans_setfiles(rpm_script_t)
> > seutil_domtrans_semanage(rpm_script_t)
> >+seutil_domtrans_setsebool(rpm_script_t)
> >
> > userdom_use_all_users_fds(rpm_script_t)
> >
> >diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
> >index 3d17148..3a2351b 100644
> >--- a/policy/modules/services/setroubleshoot.te
> >+++ b/policy/modules/services/setroubleshoot.te
> >@@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
> > corecmd_exec_shell(setroubleshoot_fixit_t)
> >
> > seutil_domtrans_setfiles(setroubleshoot_fixit_t)
> >+seutil_domtrans_setsebool(setroubleshoot_fixit_t)
> >
> > files_read_usr_files(setroubleshoot_fixit_t)
> > files_read_etc_files(setroubleshoot_fixit_t)
> >diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> >index 170e2c7..cecca76 100644
> >--- a/policy/modules/system/selinuxutil.if
> >+++ b/policy/modules/system/selinuxutil.if
> >@@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
> >
> > ########################################
> > ##<summary>
> >+## Execute a domain transition to run setsebool.
> >+##</summary>
> >+##<param name="domain">
> >+## <summary>
> >+## Domain allowed to transition.
> >+## </summary>
> >+##</param>
> >+#
> >+interface(`seutil_domtrans_setsebool',`
> >+ gen_require(`
> >+ type setsebool_t, setsebool_exec_t;
> >+ ')
> >+
> >+ files_search_usr($1)
> >+ corecmd_search_bin($1)
> >+ domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> >+')
> >+
> >+########################################
> >+##<summary>
> > ## Full management of the semanage
> > ## module store.
> > ##</summary>
> >
> >
> >
> >_______________________________________________
> >refpolicy mailing list
> >refpolicy at oss.tresys.com
> >http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100909/306c360c/attachment.bin
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and add a call to this interface for the following domains: rpm_script_t, setroubelshoot_fixit_t, anaconda_t.
2010-09-09 12:11 ` Dominick Grift
@ 2010-09-09 12:21 ` Daniel J Walsh
0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-09-09 12:21 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/09/2010 08:11 AM, Dominick Grift wrote:
> On Thu, Sep 09, 2010 at 08:07:34AM -0400, Christopher J. PeBenito wrote:
>> On 09/03/10 10:24, Dominick Grift wrote:
>>> Signed-off-by: Dominick Grift<domg472@gmail.com>
>>
>> Setsebool_t does not exist upstream.
>
> Yes, i redid it (see my other patch) after i figured that out. However i do not like how Fedora implemented that solution either and i wouldnt be surprised if you dont like it either
>
I would be willing to change the Fedora mechanism, if you can get
something upstream. Of course until we get labeled booleans into
modules, there is limited advantages to this.
>>
>>> ---
>>> :100644 100644 96f68e9... d1ebb91... M policy/modules/admin/anaconda.te
>>> :100644 100644 1a08320... e7312eb... M policy/modules/admin/rpm.te
>>> :100644 100644 3d17148... 3a2351b... M policy/modules/services/setroubleshoot.te
>>> :100644 100644 170e2c7... cecca76... M policy/modules/system/selinuxutil.if
>>> policy/modules/admin/anaconda.te | 1 +
>>> policy/modules/admin/rpm.te | 1 +
>>> policy/modules/services/setroubleshoot.te | 1 +
>>> policy/modules/system/selinuxutil.if | 20 ++++++++++++++++++++
>>> 4 files changed, 23 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
>>> index 96f68e9..d1ebb91 100644
>>> --- a/policy/modules/admin/anaconda.te
>>> +++ b/policy/modules/admin/anaconda.te
>>> @@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
>>> modutils_domtrans_depmod(anaconda_t)
>>>
>>> seutil_domtrans_semanage(anaconda_t)
>>> +seutil_domtrans_setsebool(anaconda_t)
>>>
>>> userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
>>>
>>> diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
>>> index 1a08320..e7312eb 100644
>>> --- a/policy/modules/admin/rpm.te
>>> +++ b/policy/modules/admin/rpm.te
>>> @@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
>>> seutil_domtrans_loadpolicy(rpm_script_t)
>>> seutil_domtrans_setfiles(rpm_script_t)
>>> seutil_domtrans_semanage(rpm_script_t)
>>> +seutil_domtrans_setsebool(rpm_script_t)
>>>
>>> userdom_use_all_users_fds(rpm_script_t)
>>>
>>> diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
>>> index 3d17148..3a2351b 100644
>>> --- a/policy/modules/services/setroubleshoot.te
>>> +++ b/policy/modules/services/setroubleshoot.te
>>> @@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
>>> corecmd_exec_shell(setroubleshoot_fixit_t)
>>>
>>> seutil_domtrans_setfiles(setroubleshoot_fixit_t)
>>> +seutil_domtrans_setsebool(setroubleshoot_fixit_t)
>>>
>>> files_read_usr_files(setroubleshoot_fixit_t)
>>> files_read_etc_files(setroubleshoot_fixit_t)
>>> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
>>> index 170e2c7..cecca76 100644
>>> --- a/policy/modules/system/selinuxutil.if
>>> +++ b/policy/modules/system/selinuxutil.if
>>> @@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
>>>
>>> ########################################
>>> ##<summary>
>>> +## Execute a domain transition to run setsebool.
>>> +##</summary>
>>> +##<param name="domain">
>>> +## <summary>
>>> +## Domain allowed to transition.
>>> +## </summary>
>>> +##</param>
>>> +#
>>> +interface(`seutil_domtrans_setsebool',`
>>> + gen_require(`
>>> + type setsebool_t, setsebool_exec_t;
>>> + ')
>>> +
>>> + files_search_usr($1)
>>> + corecmd_search_bin($1)
>>> + domtrans_pattern($1, setsebool_exec_t, setsebool_t)
>>> +')
>>> +
>>> +########################################
>>> +##<summary>
>>> ## Full management of the semanage
>>> ## module store.
>>> ##</summary>
>>>
>>>
>>>
>>> _______________________________________________
>>> refpolicy mailing list
>>> refpolicy at oss.tresys.com
>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
>>
>> --
>> Chris PeBenito
>> Tresys Technology, LLC
>> www.tresys.com | oss.tresys.com
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyI0UoACgkQrlYvE4MpobNa0wCff6qekpQL9heXjHWFqqf3fRRz
DgsAn2SeQb440VxYZiPE+ZOJwj4slgCI
=gVS8
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-09-09 12:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-09-03 14:24 [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and add a call to this interface for the following domains: rpm_script_t, setroubelshoot_fixit_t, anaconda_t Dominick Grift
2010-09-09 12:07 ` Christopher J. PeBenito
2010-09-09 12:11 ` Dominick Grift
2010-09-09 12:21 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.