From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 18 Oct 2010 14:57:00 +0000 (-0400)
Subject: Allow devicekit_power to domtrans to mount
X-Git-Tag: 000~1505
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=646074620fb6671775b3b7b85c01409c05a2d056;p=people%2Fstevee%2Fselinux-policy.git

Allow devicekit_power to domtrans to mount
Allow dhcp to bind to udp ports > 1024 to do named stuff
Allow ssh_t to exec ssh_exec_t
---

diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
index 8d467c40..3aaa7848 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -307,7 +307,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_exec(devicekit_power_t)
+	mount_domtrans(devicekit_power_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
index a307b51b..2e093837 100644
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
@@ -73,6 +73,8 @@ corenet_tcp_connect_all_ports(dhcpd_t)
 corenet_sendrecv_dhcpd_server_packets(dhcpd_t)
 corenet_sendrecv_pxe_server_packets(dhcpd_t)
 corenet_sendrecv_all_client_packets(dhcpd_t)
+corenet_dontaudit_udp_bind_all_reserved_ports(dhcpd_t)
+corenet_udp_bind_all_unreserved_ports(dhcpd_t)
 
 dev_read_sysfs(dhcpd_t)
 dev_read_rand(dhcpd_t)
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index c7efe5d3..580297ad 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -99,6 +99,7 @@ allow ssh_t self:sem create_sem_perms;
 allow ssh_t self:msgq create_msgq_perms;
 allow ssh_t self:msg { send receive };
 allow ssh_t self:tcp_socket create_stream_socket_perms;
+can_exec(ssh_t, ssh_exec_t)
 
 # Read the ssh key file.
 allow ssh_t sshd_key_t:file read_file_perms;