Add initial policy for abrt_dump_oops_t

author Dan Walsh <dwalsh@redhat.com>

Mon, 18 Jul 2011 14:50:41 +0000 (10:50 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Mon, 18 Jul 2011 14:50:41 +0000 (10:50 -0400)
author Dan Walsh <dwalsh@redhat.com>
Mon, 18 Jul 2011 14:50:41 +0000 (10:50 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Mon, 18 Jul 2011 14:50:41 +0000 (10:50 -0400)
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te

index e12af8e5f75893b68a9d028c6af3167878f8b634..5ede07b7a2c6b01cbcd2cac47b57290efe3a8533 100644 (file)
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -106,6 +106,8 @@ userdom_use_inherited_user_terminals(prelink_t)
  userdom_manage_user_home_content(prelink_t)
  userdom_execmod_user_home_files(prelink_t)
  
+systemd_read_unit_files(prelink_t)
+
  term_use_all_inherited_terms(prelink_t)
  
  optional_policy(`
diff --git a/policy/modules/services/abrt.fc b/policy/modules/services/abrt.fc

index f7a7a967e17fff1465778b5daca4d762cea2cc98..b3631d6bf344e26a666f8d97d06c8cc3331791fc 100644 (file)
--- a/policy/modules/services/abrt.fc
+++ b/policy/modules/services/abrt.fc
@@ -1,7 +1,7 @@
  /etc/abrt(/.*)?                                gen_context(system_u:object_r:abrt_etc_t,s0)
  /etc/rc\.d/init\.d/abrt                --      gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
  
-/usr/bin/abrt-dump-oops        --      gen_context(system_u:object_r:abrt_helper_exec_t,s0)
+/usr/bin/abrt-dump-oops        --      gen_context(system_u:object_r:abrt_dump_oops_exec_t,s0)
  /usr/bin/abrt-pyhook-helper    --      gen_context(system_u:object_r:abrt_helper_exec_t,s0)
  
  /usr/sbin/abrtd                        --      gen_context(system_u:object_r:abrt_exec_t,s0)
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te

index baad5e7047f759896de3c789dc9c0affcd4c1b1b..ada6faa813f5dd139307504f7021ccf2909faf4f 100644 (file)
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -40,6 +40,12 @@ files_type(abrt_var_cache_t)
  type abrt_var_run_t;
  files_pid_file(abrt_var_run_t)
  
+type abrt_dump_oops_t;
+type abrt_dump_oops_exec_t;
+init_system_domain(abrt_dump_oops_t, abrt_dump_oops_exec_t)
+
+permissive abrt_dump_oops_t;
+
  # type needed to allow all domains
  # to handle /var/cache/abrt
  type abrt_helper_t;
@@ -384,3 +390,28 @@ sysnet_dns_name_resolve(abrt_retrace_worker_t)
  optional_policy(`
         mock_domtrans(abrt_retrace_worker_t)
  ')
+
+########################################
+#
+# abrt_dump_oops local policy
+#
+
+allow abrt_dump_oops_t self:fifo_file rw_fifo_file_perms;
+allow abrt_dump_oops_t self:unix_stream_socket create_stream_socket_perms;
+
+files_search_spool(abrt_dump_oops_t)
+manage_dirs_pattern(abrt_dump_oops_t, abrt_var_cache_t, abrt_var_cache_t)
+manage_files_pattern(abrt_dump_oops_t, abrt_var_cache_t, abrt_var_cache_t)
+manage_lnk_files_pattern(abrt_dump_oops_t, abrt_var_cache_t, abrt_var_cache_t)
+files_var_filetrans(abrt_dump_oops_t, abrt_var_cache_t, { file dir })
+
+read_files_pattern(abrt_dump_oops_t, abrt_var_run_t, abrt_var_run_t)
+read_lnk_files_pattern(abrt_dump_oops_t, abrt_var_run_t, abrt_var_run_t)
+
+domain_use_interactive_fds(abrt_dump_oops_t)
+
+files_read_etc_files(abrt_dump_oops_t)
+
+logging_send_syslog_msg(abrt_dump_oops_t)
+
+miscfiles_read_localization(abrt_dump_oops_t)
author	Dan Walsh <dwalsh@redhat.com>
	Mon, 18 Jul 2011 14:50:41 +0000 (10:50 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Mon, 18 Jul 2011 14:50:41 +0000 (10:50 -0400)
policy/modules/admin/prelink.te		patch \| blob \| blame \| history
policy/modules/services/abrt.fc		patch \| blob \| blame \| history
policy/modules/services/abrt.te		patch \| blob \| blame \| history