From owner-p4-projects Mon Dec 30 14:20:21 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 60AF137B405; Mon, 30 Dec 2002 14:20:19 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9BD737B401 for ; Mon, 30 Dec 2002 14:20:18 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64EDC43E4A for ; Mon, 30 Dec 2002 14:20:18 -0800 (PST) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gBUMKIfh083069 for ; Mon, 30 Dec 2002 14:20:18 -0800 (PST) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gBUMKHnb083040 for perforce@freebsd.org; Mon, 30 Dec 2002 14:20:17 -0800 (PST) Date: Mon, 30 Dec 2002 14:20:17 -0800 (PST) Message-Id: <200212302220.gBUMKHnb083040@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 22952 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=22952 Change 22952 by green@green_laptop_2 on 2002/12/30 14:19:58 Since FreeBSD does not use block files, utilize character files in some of the policies as well. Affected files ... .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/initrc.te#3 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/login.te#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/quota.te#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/initrc.te#3 (text+ko) ==== @@ -188,7 +188,7 @@ allow initrc_t apm_bios_t:chr_file { setattr getattr };') # Access /dev/fd0 (for kudzu). Need a separate domain for kudzu? -allow initrc_t removable_device_t:blk_file rw_file_perms; +allow initrc_t removable_device_t:{ blk_file chr_file } rw_file_perms; ifdef(`lpd.te', `# Read printconf files. ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/login.te#2 (text+ko) ==== @@ -42,8 +42,8 @@ allow local_login_t sysadm_home_t:file r_file_perms; # Do not audit denied attempts to access devices. -dontaudit local_login_t fixed_disk_device_t:blk_file { getattr setattr }; -dontaudit local_login_t removable_device_t:blk_file { getattr setattr }; +dontaudit local_login_t fixed_disk_device_t:{ chr_file blk_file } { getattr setattr }; +dontaudit local_login_t removable_device_t:{ chr_file blk_file } { getattr setattr }; dontaudit local_login_t device_t:{ chr_file blk_file lnk_file } { getattr setattr }; dontaudit local_login_t misc_device_t:{ chr_file blk_file lnk_file } { getattr setattr }; dontaudit local_login_t framebuf_device_t:{ chr_file blk_file lnk_file } { getattr setattr read }; ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/quota.te#2 (text+ko) ==== @@ -16,7 +16,7 @@ allow quota_t etc_runtime_t:file r_file_perms; allow quota_t device_t:dir r_dir_perms; -allow quota_t fixed_disk_device_t:blk_file getattr; +allow quota_t fixed_disk_device_t:{ blk_file chr_file } getattr; allow quota_t boot_t:dir r_dir_perms; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message