Date: Wed, 15 Oct 2003 05:33:01 -0700 (PDT) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 39741 for review Message-ID: <200310151233.h9FCX12R066313@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=39741 Change 39741 by areisse@areisse_tislabs on 2003/10/15 05:32:25 fixes for cron. changes in cvs to allow different originating types. possible compilation fixes Affected files ... .. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/crond.te#3 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/unused/cvs.te#2 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/crond.fc#3 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#8 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/crond_macros.te#2 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/cvs_macros.te#2 edit Differences ... ==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/crond.te#3 (text+ko) ==== @@ -61,6 +61,7 @@ allow crond_t bin_t:lnk_file read; # Read from /var/spool/cron. +allow crond_t var_t:dir search; allow crond_t var_lib_t:dir search; allow crond_t var_spool_t:dir r_dir_perms; allow crond_t cron_spool_t:dir r_dir_perms; ==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/unused/cvs.te#2 (text+ko) ==== @@ -1,6 +1,7 @@ type cvs_exec_t, exec_type, file_type, sysadmfile; -cvs_program_domain(user) +cvs_program_domain(user,user) #domain_auto_trans(user_t,cvs_exec_t,user_cvs_rw_t) role user_r types user_cvs_rw_t; +role user_r types user_cvs_ro_t; ==== //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/crond.fc#3 (text+ko) ==== @@ -21,5 +21,6 @@ /var/run/fcron\.pid system_u:object_r:crond_var_run_t # FreeBSD /var/cron system_u:object_r:cron_spool_t +/var/cron/tabs system_u:object_r:cron_spool_t /var/cron/tabs/.* system_u:object_r:user_cron_spool_t /var/cron/tabs/root system_u:object_r:sysadm_cron_spool_t ==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#8 (text+ko) ==== @@ -626,10 +626,6 @@ # allow searching /dev/pts allow $1_t devpts_t:dir { getattr read search }; - -# For systems without /dev/ptmx -#allow $1_t devpts_t:chr_file { poll getattr setattr read write }; -#type_change $1_t devpts_t:chr_file $1_devpts_t; ') ################################## @@ -638,7 +634,7 @@ # # Permissions for creating ptys. # -define(`can_create_pty',` +define(`can_create_pty', ` base_pty_perms($1) type $1_devpts_t, file_type, sysadmfile, ptyfile $2; @@ -653,7 +649,7 @@ # Read and write my pty files. allow $1_t $1_devpts_t:chr_file { poll setattr rw_file_perms }; -') +) ################################## ==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/crond_macros.te#2 (text+ko) ==== @@ -52,6 +52,7 @@ allow $1_crond_t self:process { fork signal_perms }; allow $1_crond_t proc_t:dir { getattr search read }; allow $1_crond_t proc_t:file { getattr read }; +allow $1_crond_t self:fd { create use }; read_locale($1_crond_t) allow $1_crond_t sysctl_kernel_t:dir search; allow $1_crond_t sysctl_kernel_t:file { getattr read }; ==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/cvs_macros.te#2 (text+ko) ==== @@ -45,11 +45,11 @@ # read/write user home directory allow { $1_cvs_rw_t $1_cvs_ro_t } home_root_t:dir search; -allow { $1_cvs_rw_t $1_cvs_ro_t } { $1_home_dir_t $1_home_t }:dir create_dir_perms; -allow { $1_cvs_rw_t $1_cvs_ro_t } $1_home_t:file create_file_perms; +allow { $1_cvs_rw_t $1_cvs_ro_t } { $2_home_dir_t $2_home_t }:dir create_dir_perms; +allow { $1_cvs_rw_t $1_cvs_ro_t } $2_home_t:file create_file_perms; # talk to the terminal -allow { $1_cvs_rw_t $1_cvs_ro_t } $1_devpts_t:chr_file { write read getattr poll }; -allow { $1_cvs_rw_t $1_cvs_ro_t } $1_tty_device_t:chr_file { write read getattr poll }; +allow { $1_cvs_rw_t $1_cvs_ro_t } $2_devpts_t:chr_file { write read getattr poll }; +allow { $1_cvs_rw_t $1_cvs_ro_t } $2_tty_device_t:chr_file { write read getattr poll }; ')
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310151233.h9FCX12R066313>