Date: Thu, 2 Jun 2005 20:48:11 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 77892 for review Message-ID: <200506022048.j52KmBqn082262@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=77892 Change 77892 by areisse@areisse_tislabs on 2005/06/02 20:47:59 Small policy fixes: -Ordinary user roles should be able to change passwords, which requires running pwd_mkdb. -Checkpolicy creates fds. -loadpolicy is installed in /usr/sbin, not /sbin. Affected files ... .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/Makefile#22 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/checkpolicy.te#3 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/passwd.te#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/Makefile#22 (text+ko) ==== @@ -18,7 +18,7 @@ FLASKDIR = flask/ PREFIX = /usr -LOADPOLICY = $(DESTDIR)/sbin/sebsd_loadpolicy +LOADPOLICY = $(DESTDIR)/usr/sbin/sebsd_loadpolicy CHECKPOLICY = $(DESTDIR)/sbin/sebsd_checkpolicy SETFILES = $(DESTDIR)/sbin/sebsd_setfiles .if (POLICYVERCOMPAT) ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/checkpolicy.te#3 (text+ko) ==== @@ -63,3 +63,4 @@ allow checkpolicy_t console_device_t:chr_file { read write }; allow checkpolicy_t init_t:fd { use }; allow checkpolicy_t selinux_config_t:dir { search }; +allow checkpolicy_t self:fd create; ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/passwd.te#6 (text+ko) ==== @@ -149,6 +149,7 @@ role system_r types pwdmkdb_t; role sysadm_r types pwdmkdb_t; +in_user_role(pwdmkdb_t); general_domain_access(pwdmkdb_t); uses_shlib(pwdmkdb_t);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506022048.j52KmBqn082262>