All of lore.kernel.org
 help / color / mirror / Atom feed
From: dac.override@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 3/3] hadoop: init_startstop_service() can not take attributes
Date: Tue, 25 Aug 2015 12:27:19 +0200	[thread overview]
Message-ID: <20150825102718.GC2269@x250> (raw)
In-Reply-To: <1440429009-2576-3-git-send-email-jason@perfinion.com>

On Mon, Aug 24, 2015 at 11:10:09PM +0800, Jason Zaman wrote:
> ---
>  hadoop.if | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)

Yes that is an unfortunate side effect. CIL can deal with this.

Merged, thanks

> 
> diff --git a/hadoop.if b/hadoop.if
> index a0a819f..5908119 100644
> --- a/hadoop.if
> +++ b/hadoop.if
> @@ -426,7 +426,6 @@ interface(`hadoop_admin',`
>  		attribute hadoop_domain;
>  		attribute hadoop_initrc_domain;
>  
> -		attribute hadoop_init_script_file;
>  		attribute hadoop_pid_file;
>  		attribute hadoop_lock_file;
>  		attribute hadoop_log_file;
> @@ -436,12 +435,22 @@ interface(`hadoop_admin',`
>  		type hadoop_t, hadoop_etc_t, hadoop_hsperfdata_t;
>  		type zookeeper_t, zookeeper_etc_t, zookeeper_server_t;
>  		type zookeeper_server_var_t;
> +
> +		type hadoop_datanode_initrc_t, hadoop_datanode_initrc_exec_t;
> +		type hadoop_jobtracker_initrc_t, hadoop_jobtracker_initrc_exec_t;
> +		type hadoop_namenode_initrc_t, hadoop_namenode_initrc_exec_t;
> +		type hadoop_secondarynamenode_initrc_t, hadoop_secondarynamenode_initrc_exec_t;
> +		type hadoop_tasktracker_initrc_t, hadoop_tasktracker_initrc_exec_t;
>  	')
>  
>  	allow $1 { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t }:process { ptrace signal_perms };
>  	ps_process_pattern($1, { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t })
>  
> -	init_startstop_service($1, $2, hadoop_domain, hadoop_init_script_file)
> +	init_startstop_service($1, $2, hadoop_datanode_initrc_t, hadoop_datanode_initrc_exec_t)
> +	init_startstop_service($1, $2, hadoop_jobtracker_initrc_t, hadoop_jobtracker_initrc_exec_t)
> +	init_startstop_service($1, $2, hadoop_namenode_initrc_t, hadoop_namenode_initrc_exec_t)
> +	init_startstop_service($1, $2, hadoop_secondarynamenode_initrc_t, hadoop_secondarynamenode_initrc_exec_t)
> +	init_startstop_service($1, $2, hadoop_tasktracker_initrc_t, hadoop_tasktracker_initrc_exec_t)
>  
>  	files_search_etc($1)
>  	admin_pattern($1, { hadoop_etc_t zookeeper_etc_t })
> -- 
> 2.4.6
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150825/e307f8c4/attachment.bin 

  reply	other threads:[~2015-08-25 10:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-24 15:10 [refpolicy] [PATCH 1/3] rsync: remove rsync_run from admin interface Jason Zaman
2015-08-24 15:10 ` [refpolicy] [PATCH 2/3] git: allow git_system_t to listen on tcp_sockets Jason Zaman
2015-08-25 10:22   ` Dominick Grift
2015-08-24 15:10 ` [refpolicy] [PATCH 3/3] hadoop: init_startstop_service() can not take attributes Jason Zaman
2015-08-25 10:27   ` Dominick Grift [this message]
2015-08-25 10:17 ` [refpolicy] [PATCH 1/3] rsync: remove rsync_run from admin interface Dominick Grift

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150825102718.GC2269@x250 \
    --to=dac.override@gmail.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.