diff options
| author | Chris PeBenito <cpebenito@tresys.com> | 2008-02-25 14:20:56 +0000 |
|---|---|---|
| committer | Chris PeBenito <cpebenito@tresys.com> | 2008-02-25 14:20:56 +0000 |
| commit | 90c3c561ef5ae6bbe46b7cbe6702803d5c2df9af (patch) | |
| tree | ab505a29abe8d54c3e53ed119a698cbe6076b9af | |
| parent | 9fa023ff58e46db6b1d638806aa483fe497daf7f (diff) | |
trunk: fc fix and if addtion from Stefan Schulze Frielinghaus.
| -rw-r--r-- | policy/modules/kernel/storage.if | 18 | ||||
| -rw-r--r-- | policy/modules/kernel/storage.te | 2 | ||||
| -rw-r--r-- | policy/modules/system/logging.fc | 6 | ||||
| -rw-r--r-- | policy/modules/system/logging.te | 2 |
4 files changed, 23 insertions, 5 deletions
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if index 7522e6ff..e500e214 100644 --- a/policy/modules/kernel/storage.if +++ b/policy/modules/kernel/storage.if @@ -171,6 +171,24 @@ interface(`storage_dontaudit_write_fixed_disk',` ######################################## ## <summary> +## Allow the caller to directly read and write to a fixed disk. +## This is extremly dangerous as it can bypass the +## SELinux protections for filesystem objects, and +## should only be used by trusted domains. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`storage_raw_rw_fixed_disk',` + storage_raw_read_fixed_disk($1) + storage_raw_write_fixed_disk($1) +') + +######################################## +## <summary> ## Create, read, write, and delete fixed disk device nodes. ## </summary> ## <param name="domain"> diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te index 2057aba4..adcaeaf1 100644 --- a/policy/modules/kernel/storage.te +++ b/policy/modules/kernel/storage.te @@ -1,5 +1,5 @@ -policy_module(storage,1.5.0) +policy_module(storage,1.5.1) ######################################## # diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc index b797ef76..244c3a84 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -15,10 +15,10 @@ /usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) /usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0) -/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) -ifdef(`distro_gentoo', ` +/usr/sbin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0) +/usr/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) /usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) -') +/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) ifdef(`distro_suse', ` /var/lib/stunnel/dev/log -s gen_context(system_u:object_r:devlog_t,s0) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 5a815268..4e42f832 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,5 +1,5 @@ -policy_module(logging,1.9.0) +policy_module(logging,1.9.1) ######################################## # |