run_init

All of lore.kernel.org
 help / color / mirror / Atom feed

* run_init
@ 2004-01-15 19:23 Carlos Anísio Monteiro
  2004-01-15 20:51 ` run_init Thomas Bleher
  2004-01-15 21:55 ` run_init Colin Walters
  0 siblings, 2 replies; 11+ messages in thread
From: Carlos Anísio Monteiro @ 2004-01-15 19:23 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

Helo.

I am with problems when running the run_init utility.

*# run_init /etc/init.d/apache start
Authenticating root.
Password:
execvp: File or directory not found.
#*

The script apache in the /etc/init.d exist.
If running:

*# /etc/init.d/apache start
Starting web server: ok*
#

Thanks.


-- 
Carlos Anisio Monteiro  <monteiro@ipen.br>
IPEN/CNEN-SP
Sao Paulo - Brasil


[-- Attachment #2: Type: text/html, Size: 718 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2004-01-15 19:23 run_init Carlos Anísio Monteiro
@ 2004-01-15 20:51 ` Thomas Bleher
  2004-01-15 21:55 ` run_init Colin Walters
  1 sibling, 0 replies; 11+ messages in thread
From: Thomas Bleher @ 2004-01-15 20:51 UTC (permalink / raw)
  To: selinux

* Carlos Anísio Monteiro <monteiro@ipen.br> [2004-01-15 21:21]:
> Helo.
> 
> I am with problems when running the run_init utility.
> 
> *# run_init /etc/init.d/apache start
> Authenticating root.
> Password:
> execvp: File or directory not found.
> #*

Most probably this is because you haven't installed expect which
is needed by run_init.
I think this should get a better error message.

HTH,
Thomas


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2004-01-15 19:23 run_init Carlos Anísio Monteiro
  2004-01-15 20:51 ` run_init Thomas Bleher
@ 2004-01-15 21:55 ` Colin Walters
  1 sibling, 0 replies; 11+ messages in thread
From: Colin Walters @ 2004-01-15 21:55 UTC (permalink / raw)
  To: Carlos Anísio Monteiro; +Cc: selinux

[-- Attachment #1: Type: text/plain, Size: 388 bytes --]

On Thu, 2004-01-15 at 14:23, Carlos Anísio Monteiro wrote:

> I am with problems when running the run_init utility.
> 
> # run_init /etc/init.d/apache start
> Authenticating root.
> Password:
> execvp: File or directory not found.
> #

Do you have expect installed?  There was a bug in the Debian package
where it didn't depend on expect that I only fixed fairly recently.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* run_init
@ 2009-02-17  2:40 Russell Coker
  0 siblings, 0 replies; 11+ messages in thread
From: Russell Coker @ 2009-02-17  2:40 UTC (permalink / raw)
  To: SE-Linux

One thing that has bitten me a couple of times is that I have tried to use 
run_init when I had not mounted /dev/pts.  run_init gives an error message 
about "Fork:" which doesn't help anyone in tracking down the problem (it 
seems much more likely to have a /dev/pts problem than an actual fork 
problem).

The misleading error message is currently in Debian and a quick scan of the 
source code in rawhide suggests that Fedora has it too.

I suggest the following change, but something more verbose could be useful 
too.

--- open_init_pty.c.bak 2009-02-16 21:47:28.000000000 +1100
+++ open_init_pty.c     2009-02-16 21:48:06.000000000 +1100
@@ -153,7 +153,7 @@
        }

        if (child_pid < 0) {
-               perror("Fork:");
+               perror("forkpty():");
                fflush(stdout);
                fflush(stderr);
                exit(EX_OSERR);

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* run_init
@ 2002-10-26  1:38 Russell Coker
  2002-10-28 20:56 ` run_init Stephen Smalley
  0 siblings, 1 reply; 11+ messages in thread
From: Russell Coker @ 2002-10-26  1:38 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 1372 bytes --]

I have attached the source to a modified version of run_init that runs another 
process (in initrc_t) to actually run the daemon.

initrc_t is allowed to write to the sysadm terminal, and I've changed my 
policy to allow all daemons rw_file_perms access to initrc_devpts_t.

I've gone through the policy for all the daemons and removed any instances 
(even commented ones) of direct daemon access to the administrator terminal.

I also noticed a minor error related to devfs pty's.  I have now made the pty 
allocation macro include filesystem getattr access.  I would have done that 
before if I knew it was the openpty() library call that was doing it.

I have attached the policy patch to this message.  Steve, I encourage you to 
apply this patch to the CVS now.  It does what you want the policy to do.  We 
can probably have a discussion about the best way of implementing the 
openpty() code (and my code at the moment is a bit messy).  But regardless of 
how we might decide to change it, it'll at most require something like a 2 
line policy patch.

Also the policy patch applies on top of my previous patch.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: run_init.tgz --]
[-- Type: application/x-tgz, Size: 5395 bytes --]

[-- Attachment #3: init.diff --]
[-- Type: text/x-diff, Size: 10498 bytes --]

Only in /tmp/policy/domains: admin
diff -ru /tmp/policy/domains/program/apache.te ./domains/program/apache.te
--- /tmp/policy/domains/program/apache.te	2002-10-23 21:38:16.000000000 +0200
+++ ./domains/program/apache.te	2002-10-26 02:49:28.000000000 +0200
@@ -365,17 +365,6 @@
 allow httpd_t httpd_user_script_rw_t:file r_file_perms;
 allow httpd_t httpd_user_script_rw_t:dir r_dir_perms;
 
-########################################
-# When the admin starts the server, the server wants to acess
-# the TTY or PTY associated with the session. The httpd appears
-# to run correctly without this permission, so the permission
-# are commented out here. If you decide that access is needed,
-# then uncomment, but be aware that this will grant httpd access
-# to all sysadm_r TTYs and PTYs.
-##################################################
-#allow httpd_t admin_tty_type:chr_file write;
-dontaudit httpd_t admin_tty_type:chr_file { read write };
-
 ###########################
 # Allow httpd to receive messages from the network card
 ########################################
@@ -399,12 +388,12 @@
 #################################################
 # Allow the httpd_t to read the web servers config files
 ###################################################
-allow httpd_t httpd_config_t:file r_file_perms;
-allow httpd_t httpd_config_t:dir r_dir_perms;
+r_dir_file(httpd_t, httpd_config_t)
 # allow logrotate to read the config files for restart
 ifdef(`logrotate.te', `
 r_dir_file(logrotate_t, httpd_config_t)
 ')
+r_dir_file(initrc_t, httpd_config_t)
 ##################################################
 
 ##################################################
diff -ru /tmp/policy/domains/program/courier.te ./domains/program/courier.te
--- /tmp/policy/domains/program/courier.te	2002-10-10 17:50:12.000000000 +0200
+++ ./domains/program/courier.te	2002-10-26 02:48:14.000000000 +0200
@@ -112,9 +112,6 @@
 # for calendaring
 courier_domain(pcp)
 
-# courier pcpd will not start (from an admin shell) without this!
-#allow courier_pcp_t admin_tty_type:chr_file { read write };
-
 allow courier_pcp_t self:capability { setuid setgid };
 allow courier_pcp_t random_device_t:chr_file r_file_perms;
 
diff -ru /tmp/policy/domains/program/devfsd.te ./domains/program/devfsd.te
--- /tmp/policy/domains/program/devfsd.te	2002-09-27 22:27:37.000000000 +0200
+++ ./domains/program/devfsd.te	2002-10-26 02:49:34.000000000 +0200
@@ -19,7 +19,6 @@
 allow devfsd_t proc_t:dir r_dir_perms;
 allow devfsd_t { etc_t etc_runtime_t proc_t }:file r_file_perms;
 allow devfsd_t devtty_t:chr_file rw_file_perms;
-#allow devfsd_t admin_tty_type:chr_file { read write };
 
 # Run /sbin/modprobe
 allow devfsd_t sbin_t:dir r_dir_perms;
diff -ru /tmp/policy/domains/program/dpkg.te ./domains/program/dpkg.te
--- /tmp/policy/domains/program/dpkg.te	2002-10-26 03:27:45.000000000 +0200
+++ ./domains/program/dpkg.te	2002-10-26 03:19:46.000000000 +0200
@@ -109,6 +109,10 @@
 # daemons are started in the correct context
 domain_auto_trans(dpkg_t, etc_t, initrc_t)
 
+# allow dpkg to run open_init_pty
+can_create_other_pty(dpkg, initrc)
+can_exec(dpkg_t, initrc_exec_t)
+
 ifdef(`bootloader.te',
 `domain_auto_trans(dpkg_t, bootloader_exec_t, bootloader_t)')
 
diff -ru /tmp/policy/domains/program/initrc.te ./domains/program/initrc.te
--- /tmp/policy/domains/program/initrc.te	2002-10-01 19:28:43.000000000 +0200
+++ ./domains/program/initrc.te	2002-10-26 02:41:58.000000000 +0200
@@ -19,6 +19,9 @@
 every_domain(initrc_t)
 type initrc_exec_t, file_type, sysadmfile, exec_type;
 
+# Can create ptys for open_init_pty
+can_create_pty(initrc)
+
 type initrc_tmp_t, file_type, sysadmfile, tmpfile;
 file_type_auto_trans(initrc_t, tmp_t, initrc_tmp_t)
 
@@ -227,4 +230,4 @@
 #
 # Rules for the run_init_t domain.
 #
-run_program(sysadm_t, sysadm_r, init, etc_t, initrc_t)
+run_program(sysadm_t, sysadm_r, init, initrc_exec_t, initrc_t)
diff -ru /tmp/policy/domains/program/ircd.te ./domains/program/ircd.te
--- /tmp/policy/domains/program/ircd.te	2002-09-27 22:27:37.000000000 +0200
+++ ./domains/program/ircd.te	2002-10-26 02:49:39.000000000 +0200
@@ -21,8 +21,6 @@
 type var_lib_ircd_t, sysadmfile, file_type;
 file_type_auto_trans(ircd_t, var_lib_t, var_lib_ircd_t)
 
-#allow ircd_t admin_tty_type:chr_file rw_file_perms;
-
 # Use the network.
 can_network(ircd_t)
 #allow ircd_t self:fifo_file { read write };
diff -ru /tmp/policy/domains/program/named.te ./domains/program/named.te
--- /tmp/policy/domains/program/named.te	2002-10-17 00:01:11.000000000 +0200
+++ ./domains/program/named.te	2002-10-26 02:48:19.000000000 +0200
@@ -17,9 +17,6 @@
 type ndc_t, domain, privlog;
 role sysadm_r types ndc_t;
 
-# named will not start (from an admin shell) without this!
-#allow named_t admin_tty_type:chr_file { read write };
-
 can_exec(named_t, named_exec_t)
 allow named_t sbin_t:dir search;
 
diff -ru /tmp/policy/domains/program/postfix.te ./domains/program/postfix.te
--- /tmp/policy/domains/program/postfix.te	2002-10-17 00:01:12.000000000 +0200
+++ ./domains/program/postfix.te	2002-10-26 02:50:36.000000000 +0200
@@ -90,8 +90,6 @@
 create_dir_file(postfix_master_t, postfix_spool_flush_t)
 allow postfix_master_t random_device_t:chr_file { read getattr };
 allow postfix_master_t postfix_prng_t:file rw_file_perms;
-# should not need read, getattr does not matter
-allow postfix_master_t admin_tty_type:chr_file { getattr read write };
 
 # allow access to deferred queue
 allow postfix_master_t postfix_spool_t:dir create_dir_perms;
diff -ru /tmp/policy/domains/program/postgresql.te ./domains/program/postgresql.te
--- /tmp/policy/domains/program/postgresql.te	2002-10-23 21:38:18.000000000 +0200
+++ ./domains/program/postgresql.te	2002-10-26 02:48:23.000000000 +0200
@@ -11,9 +11,6 @@
 #
 daemon_domain(postgresql)
 
-# postgresql will not start (from an admin shell) without this!
-#allow postgresql_t admin_tty_type:chr_file { read write };
-
 ifdef(`dpkg.te', `
 # gross hack
 domain_auto_trans(dpkg_t, postgresql_exec_t, postgresql_t)
diff -ru /tmp/policy/domains/program/radvd.te ./domains/program/radvd.te
--- /tmp/policy/domains/program/radvd.te	2002-09-27 22:27:38.000000000 +0200
+++ ./domains/program/radvd.te	2002-10-26 02:50:40.000000000 +0200
@@ -14,8 +14,6 @@
 allow radvd_t self:{ rawip_socket unix_dgram_socket } rw_socket_perms;
 allow radvd_t self:{ rawip_socket } recvfrom;
 
-#allow radvd_t admin_tty_type:chr_file { read write };
-
 allow radvd_t self:capability { net_raw };
 allow radvd_t self:{ unix_dgram_socket rawip_socket } create;
 allow radvd_t self:unix_stream_socket create_socket_perms;
diff -ru /tmp/policy/domains/program/rlogind.te ./domains/program/rlogind.te
--- /tmp/policy/domains/program/rlogind.te	2002-10-17 00:01:13.000000000 +0200
+++ ./domains/program/rlogind.te	2002-10-26 02:41:09.000000000 +0200
@@ -45,7 +45,3 @@
 
 # Modify /var/log/wtmp.
 allow rlogind_t wtmp_t:file rw_file_perms;
-
-ifdef(`devfsd.te', `
-allow rlogind_t device_t:filesystem getattr;
-')
diff -ru /tmp/policy/domains/program/slapd.te ./domains/program/slapd.te
--- /tmp/policy/domains/program/slapd.te	2002-09-27 22:27:38.000000000 +0200
+++ ./domains/program/slapd.te	2002-10-26 02:48:28.000000000 +0200
@@ -18,9 +18,6 @@
 type slapd_db_t, file_type, sysadmfile;
 type slapd_replog_t, file_type, sysadmfile;
 
-# slapd will not start (from an admin shell) without this!
-#allow slapd_t admin_tty_type:chr_file { read write };
-
 tmp_domain(slapd)
 
 # Use the network.
diff -ru /tmp/policy/domains/program/ssh.te ./domains/program/ssh.te
--- /tmp/policy/domains/program/ssh.te	2002-10-23 21:38:19.000000000 +0200
+++ ./domains/program/ssh.te	2002-10-26 02:50:47.000000000 +0200
@@ -36,10 +36,6 @@
 # Determine the set of legal user SIDs that can be reached.
 allow $1 security_t:security get_user_sids;
 
-ifdef(`devfsd.te', `
-allow $1 device_t:filesystem getattr;
-')
-
 ')dnl end sshd_program_domain
 
 #################################
@@ -69,9 +65,6 @@
 # Inherit and use descriptors from init.
 allow sshd_t init_t:fd use;
 
-# for startup error messages
-#allow sshd_t admin_tty_type:chr_file { read write };
-
 # Can create ptys
 can_create_pty(sshd)
 
diff -ru /tmp/policy/domains/program/transproxy.te ./domains/program/transproxy.te
--- /tmp/policy/domains/program/transproxy.te	2002-09-27 22:27:39.000000000 +0200
+++ ./domains/program/transproxy.te	2002-10-26 02:50:56.000000000 +0200
@@ -16,7 +16,6 @@
 # Use the network.
 can_network(transproxy_t)
 allow transproxy_t transproxy_port_t:tcp_socket name_bind;
-#allow transproxy_t admin_tty_type:chr_file { read write };
 
 #allow transproxy_t self:fifo_file { read write };
 allow transproxy_t self:unix_stream_socket create_socket_perms;
diff -ru /tmp/policy/file_contexts/program/initrc.fc ./file_contexts/program/initrc.fc
--- /tmp/policy/file_contexts/program/initrc.fc	2002-09-21 05:01:29.000000000 +0200
+++ ./file_contexts/program/initrc.fc	2002-10-26 02:54:40.000000000 +0200
@@ -9,3 +9,4 @@
 # run_init
 /usr/local/selinux/sbin/run_init	system_u:object_r:run_init_exec_t
 /usr/sbin/run_init		system_u:object_r:run_init_exec_t
+/usr/sbin/open_init_pty		system_u:object_r:initrc_exec_t
diff -ru /tmp/policy/macros/global_macros.te ./macros/global_macros.te
--- /tmp/policy/macros/global_macros.te	2002-10-01 19:28:52.000000000 +0200
+++ ./macros/global_macros.te	2002-10-26 03:20:05.000000000 +0200
@@ -530,6 +530,11 @@
 
 # Read and write my pty files.
 allow $1_t $1_devpts_t:chr_file { setattr rw_file_perms };
+
+ifdef(`devfsd.te', `
+allow $1_t device_t:filesystem getattr;
+')
+
 ')
 
 
@@ -549,6 +554,11 @@
 
 # Read and write pty files.
 allow $1_t $2_devpts_t:chr_file { setattr rw_file_perms };
+
+ifdef(`devfsd.te', `
+allow $1_t device_t:filesystem getattr;
+')
+
 ')
 
 
@@ -930,6 +940,7 @@
 allow $1_t device_t:dir { getattr search };
 allow $1_t null_device_t:chr_file rw_file_perms;
 allow $1_t console_device_t:chr_file rw_file_perms;
+allow $1_t initrc_devpts_t:chr_file rw_file_perms;
 ')dnl
 
 define(`daemon_domain', `
diff -ru /tmp/policy/macros/user_macros.te ./macros/user_macros.te
--- /tmp/policy/macros/user_macros.te	2002-10-10 17:50:29.000000000 +0200
+++ ./macros/user_macros.te	2002-10-26 02:33:42.000000000 +0200
@@ -40,10 +40,6 @@
 # Bind to a Unix domain socket in /tmp.
 allow $1_t $1_tmp_t:unix_stream_socket name_bind;
 
-ifdef(`devfsd.te', `
-allow $1_t device_t:filesystem getattr;
-')
-
 # Type for tty devices.
 type $1_tty_device_t, file_type, sysadmfile, ttyfile;
 # Access ttys.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2002-10-26  1:38 run_init Russell Coker
@ 2002-10-28 20:56 ` Stephen Smalley
  2002-10-28 22:56   ` run_init Russell Coker
  0 siblings, 1 reply; 11+ messages in thread
From: Stephen Smalley @ 2002-10-28 20:56 UTC (permalink / raw)
  To: Russell Coker; +Cc: selinux

On Sat, 26 Oct 2002, Russell Coker wrote:

> I have attached the policy patch to this message.  Steve, I encourage you to
> apply this patch to the CVS now.  It does what you want the policy to do.  We
> can probably have a discussion about the best way of implementing the
> openpty() code (and my code at the moment is a bit messy).  But regardless of
> how we might decide to change it, it'll at most require something like a 2
> line policy patch.
>
> Also the policy patch applies on top of my previous patch.

I've merged the policy patch but I have not yet merged the modified
run_init program (no harm caused by the policy changes) pending further
review.  It might be preferable to not change SIDs until you execute the
init script from open_init_pty (i.e. run_init does a normal exec of
open_init_pty or open_init_pty is directly folded into run_init), and have
the pty labeled run_init_devpts_t.  That would make it clearer that you
are only granting the daemons the ability to access a pty created by
run_init, not any arbitrary pty that happens to be created by an initrc_t
process.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2002-10-28 20:56 ` run_init Stephen Smalley
@ 2002-10-28 22:56   ` Russell Coker
  2002-10-29 19:42     ` run_init Stephen Smalley
  0 siblings, 1 reply; 11+ messages in thread
From: Russell Coker @ 2002-10-28 22:56 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: selinux

[-- Attachment #1: Type: text/plain, Size: 2112 bytes --]

On Mon, 28 Oct 2002 21:56, Stephen Smalley wrote:
> I've merged the policy patch but I have not yet merged the modified
> run_init program (no harm caused by the policy changes) pending further
> review.  It might be preferable to not change SIDs until you execute the
> init script from open_init_pty (i.e. run_init does a normal exec of
> open_init_pty or open_init_pty is directly folded into run_init), and have
> the pty labeled run_init_devpts_t.

I've attached the latest open_init_pty that I'm using.  I decided to use this 
when I realised that I need input so I can also use run_init for running the 
Debian package management tools (and for some of the lamer daemons).  I also 
need basic terminal control (^C etc).  So that means quite a bit more coding 
than I did for my first cut of open_init_pty.

So because of this I decided to use a program that already exists to open 
pseudo-tty's and run programs - expect!

We can always change this decision later if we want.  But at the moment I've 
got better things to do than write what is basically a cut-down version of 
expect.

So with this current setup we are forced to have two programs, run_init and 
the program to open the pty.

As for your point about not using initrc_t for this, that would be easy to do 
and is worth doing.  We can easily change this with sed later on, if you'd 
like to pick a name and run sed on the policy tree that would be fine.  I'm 
not going to do this right now as I've got a bunch of little niggly issues 
with the current policy (when you make a change of this scale lots of little 
things will need to be changed).  I'll probably be tweaking this for another 
few weeks, but that will not be greatly impacted by any such name change you 
make.

I have attached two patches to this message, one for pty issues and one for a 
bunch of other little things.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: open_init_pty --]
[-- Type: text/plain, Size: 53 bytes --]

#!/usr/bin/expect

eval spawn -noecho $argv
interact

[-- Attachment #3: diff --]
[-- Type: text/x-diff, Size: 17011 bytes --]

diff -ru /tmp/policy/domains/program/bootloader.te policy/domains/program/bootloader.te
--- /tmp/policy/domains/program/bootloader.te	2002-09-27 22:27:37.000000000 +0200
+++ policy/domains/program/bootloader.te	2002-10-26 20:18:13.000000000 +0200
@@ -78,8 +78,7 @@
 allow bootloader_t etc_runtime_t:file r_file_perms;
 
 allow bootloader_t devtty_t:chr_file rw_file_perms;
-allow bootloader_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow bootloader_t sysadm_devpts_t:chr_file rw_file_perms;
+allow bootloader_t admin_tty_type:chr_file rw_file_perms;
 
 ifdef(`dpkg.te', `
 # for making an initrd
diff -ru /tmp/policy/domains/program/cardmgr.te policy/domains/program/cardmgr.te
--- /tmp/policy/domains/program/cardmgr.te	2002-09-26 13:37:04.000000000 +0200
+++ policy/domains/program/cardmgr.te	2002-10-28 15:56:06.000000000 +0100
@@ -26,16 +26,15 @@
 # for /etc/resolv.conf
 file_type_auto_trans(cardmgr_t, etc_t, resolv_conf_t)
 
-# allow cardmgr to write to the sysadm terminal (otherwise it will not start)
-allow cardmgr_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file { read write };
+allow cardmgr_t initrc_devpts_t:chr_file { read write };
 
 # Create pid file and temporary block and character device nodes
 type cardmgr_var_run_t, file_type, sysadmfile, pidfile;
 file_type_auto_trans(cardmgr_t, { var_run_t device_t }, cardmgr_var_run_t, { blk_file chr_file file })
 
-# Create stab file.
+# Create stab file and device nodes.
 type cardmgr_var_lib_t, file_type, sysadmfile;
-file_type_auto_trans(cardmgr_t, var_lib_t, cardmgr_var_lib_t)
+file_type_auto_trans(cardmgr_t, var_lib_t, cardmgr_var_lib_t, { blk_file chr_file file })
 
 # Create device files in /tmp.
 type cardmgr_dev_t, file_type, sysadmfile, tmpfile;
diff -ru /tmp/policy/domains/program/checkpolicy.te policy/domains/program/checkpolicy.te
--- /tmp/policy/domains/program/checkpolicy.te	2002-08-26 18:50:43.000000000 +0200
+++ policy/domains/program/checkpolicy.te	2002-10-26 20:18:13.000000000 +0200
@@ -44,8 +44,7 @@
 `allow checkpolicy_t sshd_devpts_t:dir r_dir_perms;')
 
 # Other access
-allow checkpolicy_t sysadm_tty_device_t:chr_file { read write ioctl getattr };
-allow checkpolicy_t sysadm_devpts_t:chr_file { read write ioctl getattr };
+allow checkpolicy_t admin_tty_type:chr_file { read write ioctl getattr };
 uses_shlib(checkpolicy_t)
 allow checkpolicy_t self:capability dac_override;
 
diff -ru /tmp/policy/domains/program/dpkg.te policy/domains/program/dpkg.te
--- /tmp/policy/domains/program/dpkg.te	2002-10-28 22:55:52.000000000 +0100
+++ policy/domains/program/dpkg.te	2002-10-27 02:26:09.000000000 +0200
@@ -109,10 +109,6 @@
 # daemons are started in the correct context
 domain_auto_trans(dpkg_t, etc_t, initrc_t)
 
-# allow dpkg to run open_init_pty
-can_create_other_pty(dpkg, initrc)
-can_exec(dpkg_t, initrc_exec_t)
-
 ifdef(`bootloader.te',
 `domain_auto_trans(dpkg_t, bootloader_exec_t, bootloader_t)')
 
@@ -134,9 +130,9 @@
 can_exec(sysadm_t, etc_dpkg_t)
 
 # Inherit and use descriptors from any domain.
-allow { apt_t dpkg_t } privfd:fd use;
+allow { apt_t dpkg_t install_menu_t } initrc_t:fd use;
 allow { apt_t dpkg_t install_menu_t } devpts_t:dir search;
-allow { apt_t dpkg_t install_menu_t } { sysadm_tty_device_t sysadm_devpts_t }:chr_file rw_file_perms;
+allow { apt_t dpkg_t install_menu_t } initrc_devpts_t:chr_file rw_file_perms;
 
 allow ifconfig_t dpkg_t:fd use;
 allow ifconfig_t dpkg_t:fifo_file { read write };
@@ -271,5 +267,7 @@
 #
 # Rules for the run_deb_t domain.
 #
-run_program(sysadm_t, sysadm_r, deb, dpkg_exec_t, dpkg_t)
-domain_trans(run_deb_t, apt_exec_t, apt_t)
+#run_program(sysadm_t, sysadm_r, deb, dpkg_exec_t, dpkg_t)
+#domain_trans(run_deb_t, apt_exec_t, apt_t)
+domain_auto_trans(initrc_t, dpkg_exec_t, dpkg_t)
+domain_auto_trans(initrc_t, apt_exec_t, apt_t)
diff -ru /tmp/policy/domains/program/fsadm.te policy/domains/program/fsadm.te
--- /tmp/policy/domains/program/fsadm.te	2002-07-03 22:26:21.000000000 +0200
+++ policy/domains/program/fsadm.te	2002-10-26 20:18:13.000000000 +0200
@@ -63,6 +63,5 @@
 can_exec_any(fsadm_t)
 
 # Access terminals.
-allow fsadm_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow fsadm_t sysadm_devpts_t:chr_file rw_file_perms;
+allow fsadm_t admin_tty_type:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow fsadm_t sysadm_gph_t:fd use;')
diff -ru /tmp/policy/domains/program/ifconfig.te policy/domains/program/ifconfig.te
--- /tmp/policy/domains/program/ifconfig.te	2002-09-26 13:37:04.000000000 +0200
+++ policy/domains/program/ifconfig.te	2002-10-27 21:56:14.000000000 +0100
@@ -32,6 +32,5 @@
 allow ifconfig_t pump_t:fd use;')
 
 # Access terminals.
-allow ifconfig_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow ifconfig_t sysadm_devpts_t:chr_file rw_file_perms;
+allow ifconfig_t { initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow ifconfig_t sysadm_gph_t:fd use;')
diff -ru /tmp/policy/domains/program/initrc.te policy/domains/program/initrc.te
--- /tmp/policy/domains/program/initrc.te	2002-10-28 22:55:53.000000000 +0100
+++ policy/domains/program/initrc.te	2002-10-26 20:18:13.000000000 +0200
@@ -180,8 +180,7 @@
 # Allow access to the sysadm TTYs. Note that this will give access to the 
 # TTYs to any process in the initrc_t domain. Therefore, daemons and such
 # started from init should be placed in their own domain.
-allow initrc_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow initrc_t sysadm_devpts_t:chr_file rw_file_perms;
+allow initrc_t admin_tty_type:chr_file rw_file_perms;
 
 # Access sound device and files.
 allow initrc_t sound_device_t:chr_file { setattr ioctl read write };
diff -ru /tmp/policy/domains/program/ipchains.te policy/domains/program/ipchains.te
--- /tmp/policy/domains/program/ipchains.te	2002-08-23 20:44:19.000000000 +0200
+++ policy/domains/program/ipchains.te	2002-10-26 20:18:13.000000000 +0200
@@ -31,6 +31,5 @@
 allow ipchains_t ipchains_t:rawip_socket create_socket_perms;
 
 # Access terminals.
-allow ipchains_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow ipchains_t sysadm_devpts_t:chr_file rw_file_perms;
+allow ipchains_t admin_tty_type:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow ipchains_t sysadm_gph_t:fd use;')
diff -ru /tmp/policy/domains/program/ipsec.te policy/domains/program/ipsec.te
--- /tmp/policy/domains/program/ipsec.te	2002-10-28 21:31:40.000000000 +0100
+++ policy/domains/program/ipsec.te	2002-10-27 21:56:14.000000000 +0100
@@ -195,11 +196,11 @@
 allow ipsec_mgmt_t ipsec_mgmt_t:udp_socket { create ioctl };
 
 #When running ipsec auto --up <conname>
-allow ipsec_t self:process fork;
+allow ipsec_t self:process { fork sigchld };
 allow ipsec_t self:fifo_file { read getattr };
 
 # ideally it would not need this.  It wants to write to /root/.rnd
 file_type_auto_trans(ipsec_mgmt_t, sysadm_home_dir_t, sysadm_home_t, file)
 
-allow ipsec_mgmt_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file { getattr read write ioctl };
-allow ipsec_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file { getattr read write };
+allow ipsec_mgmt_t { initrc_devpts_t admin_tty_type }:chr_file { getattr read write ioctl };
+allow ipsec_t initrc_devpts_t:chr_file { getattr read write };
diff -ru /tmp/policy/domains/program/klogd.te policy/domains/program/klogd.te
--- /tmp/policy/domains/program/klogd.te	2002-07-03 22:26:21.000000000 +0200
+++ policy/domains/program/klogd.te	2002-10-28 15:50:28.000000000 +0100
@@ -29,7 +29,7 @@
 allow klogd_t memory_device_t:chr_file r_file_perms;
 
 # Write to the console.
-allow klogd_t console_device_t:chr_file rw_file_perms;
+allow klogd_t { initrc_devpts_t console_device_t }:chr_file rw_file_perms;
 
 # Control syslog and console logging
 allow klogd_t kernel_t:system { syslog_mod syslog_console };
diff -ru /tmp/policy/domains/program/ldconfig.te policy/domains/program/ldconfig.te
--- /tmp/policy/domains/program/ldconfig.te	2002-10-17 00:01:10.000000000 +0200
+++ policy/domains/program/ldconfig.te	2002-10-27 02:26:52.000000000 +0200
@@ -14,7 +14,7 @@
 
 domain_auto_trans({ sysadm_t initrc_t ifdef(`dpkg.te', `dpkg_t') }, ldconfig_exec_t, ldconfig_t)
 dontaudit ldconfig_t device_t:dir search;
-allow ldconfig_t admin_tty_type:chr_file rw_file_perms;
+allow ldconfig_t { initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 allow ldconfig_t privfd:fd use;
 
 uses_shlib(ldconfig_t)
diff -ru /tmp/policy/domains/program/load_policy.te policy/domains/program/load_policy.te
--- /tmp/policy/domains/program/load_policy.te	2002-09-09 19:54:12.000000000 +0200
+++ policy/domains/program/load_policy.te	2002-10-28 15:58:40.000000000 +0100
@@ -41,14 +41,11 @@
 
 # Read the devpts root directory (needed?)  
 allow load_policy_t devpts_t:dir r_dir_perms;
-ifdef(`sshd.te',
-`allow load_policy_t sshd_devpts_t:dir r_dir_perms;')
 
 # Other access
-allow load_policy_t sysadm_tty_device_t:chr_file { read write ioctl getattr };
-allow load_policy_t sysadm_devpts_t:chr_file { read write ioctl getattr };
+allow load_policy_t { initrc_devpts_t admin_tty_type }:chr_file { read write ioctl getattr };
 uses_shlib(load_policy_t)
 allow load_policy_t self:capability dac_override;
 
-allow load_policy_t privfd:fd use;
+allow load_policy_t { initrc_t privfd }:fd use;
 
diff -ru /tmp/policy/domains/program/logrotate.te policy/domains/program/logrotate.te
--- /tmp/policy/domains/program/logrotate.te	2002-10-28 21:31:40.000000000 +0100
+++ policy/domains/program/logrotate.te	2002-10-26 20:18:13.000000000 +0200
@@ -72,8 +72,7 @@
 allow logrotate_t var_spool_t:file { rename create setattr unlink };
 
 # Access terminals.
-allow logrotate_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow logrotate_t sysadm_devpts_t:chr_file rw_file_perms;
+allow logrotate_t admin_tty_type:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow logrotate_t sysadm_gph_t:fd use;')
 
 # for /var/backups on Debian
diff -ru /tmp/policy/domains/program/modutil.te policy/domains/program/modutil.te
--- /tmp/policy/domains/program/modutil.te	2002-10-23 21:38:18.000000000 +0200
+++ policy/domains/program/modutil.te	2002-10-28 15:51:03.000000000 +0100
@@ -38,8 +38,7 @@
 allow depmod_t modules_object_t:{ file lnk_file } r_file_perms;
 
 # Access terminals.
-allow depmod_t { console_device_t sysadm_tty_device_t }:chr_file rw_file_perms;
-allow depmod_t sysadm_devpts_t:chr_file rw_file_perms;
+allow depmod_t { console_device_t initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow depmod_t sysadm_gph_t:fd use;')
 
 # Read System.map from home directories.
@@ -93,7 +92,7 @@
 allow insmod_t ipsec_t:process signal;')
 
 # Access terminals.
-allow insmod_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file rw_file_perms;
+allow insmod_t { initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow insmod_t sysadm_gph_t:fd use;')
 
 uses_shlib(insmod_t)
@@ -114,7 +113,7 @@
 
 allow update_modules_t device_t:dir search;
 allow update_modules_t { console_device_t devtty_t }:chr_file rw_file_perms;
-allow update_modules_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file rw_file_perms;
+allow update_modules_t { initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 
 dontaudit update_modules_t sysadm_home_dir_t:dir search;
 
diff -ru /tmp/policy/domains/program/netutils.te policy/domains/program/netutils.te
--- /tmp/policy/domains/program/netutils.te	2002-07-03 22:26:21.000000000 +0200
+++ policy/domains/program/netutils.te	2002-10-26 20:18:13.000000000 +0200
@@ -29,8 +29,7 @@
 allow netutils_t self:packet_socket create_socket_perms;
 
 # Access terminals.
-allow netutils_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow netutils_t sysadm_devpts_t:chr_file rw_file_perms;
+allow netutils_t admin_tty_type:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow netutils_t sysadm_gph_t:fd use;')
 
 
diff -ru /tmp/policy/domains/program/ping.te policy/domains/program/ping.te
--- /tmp/policy/domains/program/ping.te	2002-07-03 22:26:21.000000000 +0200
+++ policy/domains/program/ping.te	2002-10-26 20:18:13.000000000 +0200
@@ -30,7 +30,6 @@
 allow ping_t ping_t:capability { net_raw setuid };
 
 # Access the terminal.
-allow ping_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow ping_t sysadm_devpts_t:chr_file rw_file_perms;
+allow ping_t admin_tty_type:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;')
 
diff -ru /tmp/policy/domains/program/quota.te policy/domains/program/quota.te
--- /tmp/policy/domains/program/quota.te	2002-10-23 21:38:18.000000000 +0200
+++ policy/domains/program/quota.te	2002-10-28 15:45:51.000000000 +0100
@@ -28,3 +29,5 @@
 allow quota_t fixed_disk_device_t:blk_file getattr;
 allow quota_t boot_t:dir r_dir_perms;
 allow quota_t sysctl_t:dir search;
+
+allow quota_t initrc_devpts_t:chr_file rw_file_perms;
diff -ru /tmp/policy/domains/program/setfiles.te policy/domains/program/setfiles.te
--- /tmp/policy/domains/program/setfiles.te	2002-09-09 19:54:15.000000000 +0200
+++ policy/domains/program/setfiles.te	2002-10-26 23:52:33.000000000 +0200
@@ -14,8 +14,8 @@
 role system_r types setfiles_t;
 role sysadm_r types setfiles_t;
 
-allow setfiles_t sysadm_tty_device_t:chr_file { read write ioctl };
-allow setfiles_t sysadm_devpts_t:chr_file { read write ioctl };
+allow setfiles_t initrc_devpts_t:chr_file { read write ioctl };
+allow setfiles_t admin_tty_type:chr_file { read write ioctl };
 
 domain_auto_trans({ initrc_t sysadm_t }, setfiles_exec_t, setfiles_t)
 allow setfiles_t init_t:fd use;
diff -ru /tmp/policy/domains/program/snmpd.te policy/domains/program/snmpd.te
--- /tmp/policy/domains/program/snmpd.te	2002-09-21 05:01:28.000000000 +0200
+++ policy/domains/program/snmpd.te	2002-10-26 23:47:41.000000000 +0200
@@ -14,9 +14,6 @@
 
 can_network(snmpd_t)
 
-dontaudit snmpd_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file { read write };
-
-
 type snmp_port_t, port_type;
 allow snmpd_t snmp_port_t:{ udp_socket tcp_socket } name_bind;
 
diff -ru /tmp/policy/domains/program/syslogd.te policy/domains/program/syslogd.te
--- /tmp/policy/domains/program/syslogd.te	2002-09-09 19:54:15.000000000 +0200
+++ policy/domains/program/syslogd.te	2002-10-28 15:51:56.000000000 +0100
@@ -32,7 +32,7 @@
 
 # Inherit and use descriptors from init.
 allow syslogd_t init_t:fd use;
-allow syslogd_t console_device_t:chr_file { read write };
+allow syslogd_t { initrc_devpts_t console_device_t }:chr_file { read write };
 
 # Modify/create log files.
 create_append_log_file(syslogd_t, var_log_t)
diff -ru /tmp/policy/domains/program/traceroute.te policy/domains/program/traceroute.te
--- /tmp/policy/domains/program/traceroute.te	2002-08-23 20:44:20.000000000 +0200
+++ policy/domains/program/traceroute.te	2002-10-27 01:23:57.000000000 +0200
@@ -30,7 +32,6 @@
 allow traceroute_t any_socket_t:rawip_socket sendto;
 
 # Access the terminal.
-allow traceroute_t sysadm_tty_device_t:chr_file rw_file_perms;
-allow traceroute_t sysadm_devpts_t:chr_file rw_file_perms;
+allow traceroute_t admin_tty_type:chr_file rw_file_perms;
 ifdef(`gnome-pty-helper.te', `allow traceroute_t sysadm_gph_t:fd use;')
 
diff -ru /tmp/policy/file_contexts/program/dpkg.fc policy/file_contexts/program/dpkg.fc
--- /tmp/policy/file_contexts/program/dpkg.fc	2002-10-17 00:01:19.000000000 +0200
+++ policy/file_contexts/program/dpkg.fc	2002-10-26 20:18:41.000000000 +0200
@@ -29,6 +29,5 @@
 /etc/dpkg/.*			system_u:object_r:etc_dpkg_t
 /etc/menu-methods/.*		system_u:object_r:install_menu_exec_t
 /etc/kde2/.*\.sh		system_u:object_r:install_menu_exec_t
-# run_deb
-/usr/sbin/se_dpkg		system_u:object_r:run_deb_exec_t
+/usr/share/console/getkmapchoice.pl system_u:object_r:bin_t
 /var/run/update-menus.pid	system_u:object_r:install_menu_var_run_t
diff -ru /tmp/policy/macros/program/chroot_macros.te policy/macros/program/chroot_macros.te
--- /tmp/policy/macros/program/chroot_macros.te	2002-10-01 18:40:38.000000000 +0200
+++ policy/macros/program/chroot_macros.te	2002-10-26 20:19:15.000000000 +0200
@@ -7,7 +7,7 @@
 
 ifelse(`$1', `initrc', `
 define(`chroot_role', `system_r')
-define(`chroot_tty_device', `{ console_device_t sysadm_devpts_t sysadm_tty_device_t }')
+define(`chroot_tty_device', `{ console_device_t admin_tty_type }')
 define(`chroot_mount_domain', `mount_t')
 define(`chroot_fd_use', `{ privfd init_t }')
 ', `
diff -ru /tmp/policy/macros/program/run_program_macros.te policy/macros/program/run_program_macros.te
--- /tmp/policy/macros/program/run_program_macros.te	2002-09-11 20:20:55.000000000 +0200
+++ policy/macros/program/run_program_macros.te	2002-10-26 20:19:47.000000000 +0200
@@ -27,7 +27,7 @@
 
 # for utmp
 allow run_$3_t initrc_var_run_t:file rw_file_perms;
-allow run_$3_t { sysadm_devpts_t sysadm_tty_device_t }:chr_file rw_file_perms;
+allow run_$3_t admin_tty_type:chr_file rw_file_perms;
 
 # often the administrator runs such programs from a directory that is owned
 # by a different user or has restrictive SE permissions, do not want to audit

[-- Attachment #4: other --]
[-- Type: text/x-diff, Size: 6205 bytes --]

diff -ru /tmp/policy/domains/program/fingerd.te policy/domains/program/fingerd.te
--- /tmp/policy/domains/program/fingerd.te	2002-10-28 21:31:39.000000000 +0100
+++ policy/domains/program/fingerd.te	2002-10-27 10:58:50.000000000 +0100
@@ -76,3 +76,7 @@
 allow fingerd_t ptyfile:chr_file getattr;
 
 allow fingerd_t proc_t:file { read getattr };
+
+# for date command
+allow fingerd_t sysctl_kernel_t:dir search;
+allow fingerd_t sysctl_kernel_t:file { read getattr };
diff -ru /tmp/policy/domains/program/ftpd.te policy/domains/program/ftpd.te
--- /tmp/policy/domains/program/ftpd.te	2002-10-01 19:28:43.000000000 +0200
+++ policy/domains/program/ftpd.te	2002-10-27 10:58:50.000000000 +0100
@@ -18,6 +18,8 @@
 ifdef(`inetd.te', `domain_auto_trans(inetd_t, ftpd_exec_t, ftpd_t)')
 ifdef(`tcpd.te', `domain_auto_trans(tcpd_t, ftpd_exec_t, ftpd_t)')
 
+ifdef(`crond.te', `system_crond_entry(ftpd_exec_t, ftpd_t)')
+
 # Inherit and use descriptors from inetd.
 allow ftpd_t inetd_t:fd use;
 
diff -ru /tmp/policy/domains/program/ipsec.te policy/domains/program/ipsec.te
--- /tmp/policy/domains/program/ipsec.te	2002-10-28 21:31:40.000000000 +0100
+++ policy/domains/program/ipsec.te	2002-10-27 21:56:14.000000000 +0100
@@ -69,6 +69,7 @@
 allow ipsec_mgmt_t ipsec_mgmt_exec_t:lnk_file read;
 can_exec(ipsec_mgmt_t, shell_exec_t)
 can_exec(ipsec_t, shell_exec_t)
+can_exec(ipsec_t, ipsec_mgmt_exec_t)
 can_exec(ipsec_mgmt_t, ifconfig_exec_t)
 
 # now for a icky part...
diff -ru /tmp/policy/domains/program/mysqld.te policy/domains/program/mysqld.te
--- /tmp/policy/domains/program/mysqld.te	2002-10-01 19:28:44.000000000 +0200
+++ policy/domains/program/mysqld.te	2002-10-28 13:23:02.000000000 +0100
@@ -37,7 +37,7 @@
 allow mysqld_t var_lib_t:dir search;
 
 # read config files
-r_dir_file(mysqld_t, etc_mysqld_t)
+r_dir_file({ mysqld_t initrc_t }, etc_mysqld_t)
 allow mysqld_t { etc_t resolv_conf_t etc_runtime_t }:{ file lnk_file } { read getattr };
 
 allow mysqld_t etc_t:dir search;
diff -ru /tmp/policy/domains/program/named.te policy/domains/program/named.te
--- /tmp/policy/domains/program/named.te	2002-10-28 22:55:56.000000000 +0100
+++ policy/domains/program/named.te	2002-10-28 15:41:53.000000000 +0100
@@ -101,6 +101,7 @@
 allow ndc_t privfd:fd use;
 # seems to need read as well for some reason
 allow ndc_t admin_tty_type:chr_file { getattr read write };
+allow ndc_t fs_t:filesystem getattr;
 
 # Read sysctl kernel variables.
 allow ndc_t sysctl_t:dir r_dir_perms;
diff -ru /tmp/policy/domains/program/postfix.te policy/domains/program/postfix.te
--- /tmp/policy/domains/program/postfix.te	2002-10-28 22:55:56.000000000 +0100
+++ policy/domains/program/postfix.te	2002-10-28 15:51:34.000000000 +0100
@@ -177,6 +177,7 @@
 postfix_user_domain(postqueue)
 allow postfix_postqueue_t postfix_public_t:dir search;
 allow postfix_postqueue_t postfix_public_t:fifo_file getattr;
+allow postfix_postqueue_t self:udp_socket create;
 allow postfix_master_t postfix_postqueue_exec_t:file getattr;
 
 # to write the mailq output, it really should not need read access!
diff -ru /tmp/policy/domains/program/quota.te policy/domains/program/quota.te
--- /tmp/policy/domains/program/quota.te	2002-10-23 21:38:18.000000000 +0200
+++ policy/domains/program/quota.te	2002-10-28 15:45:51.000000000 +0100
@@ -20,6 +20,7 @@
 
 # for /quota.*
 allow quota_t quota_db_t:file { read write };
+dontaudit unpriv_userdomain quota_db_t:file getattr;
 
 # Read /etc/mtab.
 allow quota_t etc_runtime_t:file { read getattr };
diff -ru /tmp/policy/domains/program/syslogd.te policy/domains/program/syslogd.te
--- /tmp/policy/domains/program/syslogd.te	2002-09-09 19:54:15.000000000 +0200
+++ policy/domains/program/syslogd.te	2002-10-28 15:51:56.000000000 +0100
@@ -32,7 +32,7 @@
 
 # Inherit and use descriptors from init.
 allow syslogd_t init_t:fd use;
-allow syslogd_t console_device_t:chr_file { read write };
+allow syslogd_t { initrc_devpts_t console_device_t }:chr_file { read write };
 
 # Modify/create log files.
 create_append_log_file(syslogd_t, var_log_t)
diff -ru /tmp/policy/domains/program/traceroute.te policy/domains/program/traceroute.te
--- /tmp/policy/domains/program/traceroute.te	2002-08-23 20:44:20.000000000 +0200
+++ policy/domains/program/traceroute.te	2002-10-27 01:23:57.000000000 +0200
@@ -20,6 +20,8 @@
 domain_auto_trans(initrc_t, traceroute_exec_t, traceroute_t)
 domain_auto_trans(sysadm_t, traceroute_exec_t, traceroute_t)
 
+allow traceroute_t icmp_socket_t:rawip_socket recvfrom;
+
 # Let traceroute create raw ICMP packets.
 #allow traceroute_t traceroute_t:rawip_socket { create bind setopt getopt write read };
 
diff -ru /tmp/policy/file_contexts/program/ftpd.fc policy/file_contexts/program/ftpd.fc
--- /tmp/policy/file_contexts/program/ftpd.fc	2002-09-09 19:54:20.000000000 +0200
+++ policy/file_contexts/program/ftpd.fc	2002-10-27 10:59:07.000000000 +0100
@@ -7,3 +7,5 @@
 /var/run/proftpd/proftpd-inetd	system_u:object_r:ftpd_var_run_t
 /var/log/muddleftpd.log.*	system_u:object_r:xferlog_t
 /var/log/xferlog.*		system_u:object_r:xferlog_t
+/var/log/xferreport.*		system_u:object_r:xferlog_t
+/etc/cron.monthly/proftpd	system_u:object_r:ftpd_exec_t
diff -ru /tmp/policy/file_contexts/program/quota.fc policy/file_contexts/program/quota.fc
--- /tmp/policy/file_contexts/program/quota.fc	2002-10-23 21:38:23.000000000 +0200
+++ policy/file_contexts/program/quota.fc	2002-10-28 15:46:15.000000000 +0100
@@ -1,4 +1,4 @@
 # quota system
 /var/lib/quota(/.*)?		system_u:object_r:quota_flag_t
 /sbin/quota(check|on)		system_u:object_r:quota_exec_t
-/quota.(user|group)		system_u:object_r:quota_db_t
+/(|home/|var/)quota.(user|group) system_u:object_r:quota_db_t
diff -ru /tmp/policy/macros/program/gpg_macros.te policy/macros/program/gpg_macros.te
--- /tmp/policy/macros/program/gpg_macros.te	2002-10-01 19:28:52.000000000 +0200
+++ policy/macros/program/gpg_macros.te	2002-10-26 07:45:55.000000000 +0200
@@ -57,7 +57,8 @@
 
 uses_shlib($1_gpg_t)
 
-allow $1_gpg_t home_root_t:dir search;
+# should not need read access...
+allow $1_gpg_t home_root_t:dir { read search };
 
 # use $1_gpg_secret_t for files it creates
 # NB we are doing the type transition for directory creation only!

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2002-10-28 22:56   ` run_init Russell Coker
@ 2002-10-29 19:42     ` Stephen Smalley
  0 siblings, 0 replies; 11+ messages in thread
From: Stephen Smalley @ 2002-10-29 19:42 UTC (permalink / raw)
  To: Russell Coker; +Cc: selinux


On Mon, 28 Oct 2002, Russell Coker wrote:

> I have attached two patches to this message, one for pty issues and one for a
> bunch of other little things.

Ok, merged.  I also added the open_init_pty script and merged the run_init
patch with appropriate adjustments.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* run_init
@ 2002-07-27 10:45 Carsten Grohmann
  2002-07-27 11:30 ` run_init Russell Coker
  2002-07-29 13:03 ` run_init Stephen Smalley
  0 siblings, 2 replies; 11+ messages in thread
From: Carsten Grohmann @ 2002-07-27 10:45 UTC (permalink / raw)
  To: SELinux

Hi!

The run_init program on my SuSE need follow rule 
allow run_init_t initrc_exec_t:file { execute };
to correct.
I think it should need this rule. After this I read rule set and found
this
# Execute the init scripts
domain_auto_trans(run_init_t, etc_t, initrc_t)

Now my question: 
The init scripts are labled with initrc_exec_t and so etc_t should be 
initrc_exec_t to run correct. Or?

Thanks

  Carsten

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2002-07-27 10:45 run_init Carsten Grohmann
@ 2002-07-27 11:30 ` Russell Coker
  2002-07-29 13:03 ` run_init Stephen Smalley
  1 sibling, 0 replies; 11+ messages in thread
From: Russell Coker @ 2002-07-27 11:30 UTC (permalink / raw)
  To: Carsten Grohmann, SELinux

On Sat, 27 Jul 2002 12:45, Carsten Grohmann wrote:
> The run_init program on my SuSE need follow rule
> allow run_init_t initrc_exec_t:file { execute };
> to correct.
> I think it should need this rule. After this I read rule set and found
> this
> # Execute the init scripts
> domain_auto_trans(run_init_t, etc_t, initrc_t)
>
> Now my question:
> The init scripts are labled with initrc_exec_t and so etc_t should be
> initrc_exec_t to run correct. Or?

run_init is designed to run scripts such as /etc/init.d/ssh (or 
/etc/rc.d/init.d/ssh for some Red Hat based distributions).  Such scripts 
should be labeled etc_t.

So you want something like the following in a file_contexts file:
/etc/rc.d/init.d(|/.*)                    system_u:object_r:etc_t

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: run_init
  2002-07-27 10:45 run_init Carsten Grohmann
  2002-07-27 11:30 ` run_init Russell Coker
@ 2002-07-29 13:03 ` Stephen Smalley
  1 sibling, 0 replies; 11+ messages in thread
From: Stephen Smalley @ 2002-07-29 13:03 UTC (permalink / raw)
  To: Carsten Grohmann; +Cc: SELinux

On Sat, 27 Jul 2002, Carsten Grohmann wrote:

> The run_init program on my SuSE need follow rule
> allow run_init_t initrc_exec_t:file { execute };
> to correct.
> I think it should need this rule. After this I read rule set and found
> this
> # Execute the init scripts
> domain_auto_trans(run_init_t, etc_t, initrc_t)
>
> Now my question:
> The init scripts are labled with initrc_exec_t and so etc_t should be
> initrc_exec_t to run correct. Or?

Only rc scripts that are run directly by init_t need to be labeled with
initrc_exec_t so that init_t will transition to initrc_t.  The
individual program scripts under /etc/init.d (or /etc/rc.d/init.d) are
typically left in etc_t, since they have no specific entry in
file_contexts.  The policy/file_contexts/program/initrc.fc file only
assigns initrc_exec_t to the /etc/rc.d/rc.* scripts.  There is also an
entry for /etc/init.d/rc.*, presumably for some other distribution.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2009-02-17  2:40 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-15 19:23 run_init Carlos Anísio Monteiro
2004-01-15 20:51 ` run_init Thomas Bleher
2004-01-15 21:55 ` run_init Colin Walters
  -- strict thread matches above, loose matches on Subject: below --
2009-02-17  2:40 run_init Russell Coker
2002-10-26  1:38 run_init Russell Coker
2002-10-28 20:56 ` run_init Stephen Smalley
2002-10-28 22:56   ` run_init Russell Coker
2002-10-29 19:42     ` run_init Stephen Smalley
2002-07-27 10:45 run_init Carsten Grohmann
2002-07-27 11:30 ` run_init Russell Coker
2002-07-29 13:03 ` run_init Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.