[refpolicy] [ abrt patch 1/1] Various abrt fixes.
Dominick Grift
domg472 at gmail.com
Wed Feb 24 05:35:58 CST 2010
Fix networking compatibility.
Allow domains to search bin to enable run abrt executables.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
---
:100644 100644 e9ed246... b2b1657... M policy/modules/services/abrt.if
:100644 100644 559ce2d... 0099ed3... M policy/modules/services/abrt.te
policy/modules/services/abrt.if | 1 +
policy/modules/services/abrt.te | 7 +++++++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/policy/modules/services/abrt.if b/policy/modules/services/abrt.if
index e9ed246..b2b1657 100644
--- a/policy/modules/services/abrt.if
+++ b/policy/modules/services/abrt.if
@@ -34,6 +34,7 @@ interface(`abrt_exec',`
type abrt_exec_t;
')
+ corecmd_search_bin($1)
can_exec($1, abrt_exec_t)
')
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
index 559ce2d..0099ed3 100644
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -76,7 +76,14 @@ kernel_rw_kernel_sysctl(abrt_t)
corecmd_exec_bin(abrt_t)
corecmd_exec_shell(abrt_t)
+corenet_all_recvfrom_netlabel(abrt_t)
+corenet_all_recvfrom_unlabeled(abrt_t)
+corenet_sendrecv_http_client_packets(abrt_t)
+corenet_tcp_bind_generic_node(abrt_t)
corenet_tcp_connect_http_port(abrt_t)
+corenet_tcp_sendrecv_generic_if(abrt_t)
+corenet_tcp_sendrecv_generic_node(abrt_t)
+corenet_tcp_sendrecv_generic_port(abrt_t)
dev_read_urand(abrt_t)
--
1.6.6.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100224/9b061ecc/attachment.bin
More information about the refpolicy
mailing list