From a4b2b1096e6efc28ca41445b28dee6bfe234d385 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Jul 17 2013 08:52:03 +0000 Subject: Additional fix for freeipa and slapd labeling --- diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index de0843d..a931140 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -11506,10 +11506,10 @@ index 29782b8..685edff 100644 ') diff --git a/cloudform.fc b/cloudform.fc new file mode 100644 -index 0000000..cc740da +index 0000000..3a0de96 --- /dev/null +++ b/cloudform.fc -@@ -0,0 +1,29 @@ +@@ -0,0 +1,27 @@ +/etc/rc\.d/init\.d/iwhd -- gen_context(system_u:object_r:iwhd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/mongod -- gen_context(system_u:object_r:mongod_initrc_exec_t,s0) + @@ -11527,16 +11527,14 @@ index 0000000..cc740da +/var/lib/cloud(/.*)? gen_context(system_u:object_r:cloud_var_lib_t,s0) +/var/log/cloud-init\.log -- gen_context(system_u:object_r:cloud_log_t,s0) +/var/lib/iwhd(/.*)? gen_context(system_u:object_r:iwhd_var_lib_t,s0) -+/var/lib/mongodb(/.*)? gen_context(system_u:object_r:mongod_var_lib_t,s0) ++/var/lib/mongo.* gen_context(system_u:object_r:mongod_var_lib_t,s0) + +/var/log/deltacloud-core(/.*)? gen_context(system_u:object_r:deltacloudd_log_t,s0) +/var/log/iwhd\.log.* -- gen_context(system_u:object_r:iwhd_log_t,s0) -+/var/log/mongodb(/.*)? gen_context(system_u:object_r:mongod_log_t,s0) -+/var/log/mongo(/.*)? gen_context(system_u:object_r:mongod_log_t,s0) -+/var/log/mongo/mongod\.log.* -- gen_context(system_u:object_r:mongod_log_t,s0) ++/var/log/mongo.* gen_context(system_u:object_r:mongod_log_t,s0) +/var/log/aeolus-conductor/dbomatic\.log.* -- gen_context(system_u:object_r:mongod_log_t,s0) + -+/var/run/mongodb(/.*)? gen_context(system_u:object_r:mongod_var_run_t,s0) ++/var/run/mongo.* gen_context(system_u:object_r:mongod_var_run_t,s0) +/var/run/aeolus/dbomatic\.pid -- gen_context(system_u:object_r:mongod_var_run_t,s0) +/var/run/iwhd\.pid -- gen_context(system_u:object_r:iwhd_var_run_t,s0) diff --git a/cloudform.if b/cloudform.if @@ -20284,7 +20282,7 @@ index 0000000..021c5ae + diff --git a/dirsrv.fc b/dirsrv.fc new file mode 100644 -index 0000000..0ea1ebb +index 0000000..5d30dab --- /dev/null +++ b/dirsrv.fc @@ -0,0 +1,23 @@ @@ -20302,7 +20300,7 @@ index 0000000..0ea1ebb +/var/run/ldap-agent\.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) + +# BZ: -+/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0) ++/var/run/slapd.* -s gen_context(system_u:object_r:dirsrv_var_run_t,s0) + +/var/lib/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lib_t,s0) + @@ -37884,14 +37882,14 @@ index 7e534cf..3652584 100644 + ') +') diff --git a/mongodb.te b/mongodb.te -index 4de8949..d705316 100644 +index 4de8949..7bd7e35 100644 --- a/mongodb.te +++ b/mongodb.te @@ -49,13 +49,11 @@ corenet_all_recvfrom_unlabeled(mongod_t) corenet_all_recvfrom_netlabel(mongod_t) corenet_tcp_sendrecv_generic_if(mongod_t) corenet_tcp_sendrecv_generic_node(mongod_t) -+corenet_tcp_connect_mongodb_port(mongod_t) ++corenet_tcp_connect_mongod_port(mongod_t) corenet_tcp_bind_generic_node(mongod_t) dev_read_sysfs(mongod_t) @@ -65312,7 +65310,7 @@ index c5ad6de..c67dbef 100644 /var/run/rabbitmq(/.*)? gen_context(system_u:object_r:rabbitmq_var_run_t,s0) diff --git a/rabbitmq.te b/rabbitmq.te -index 3698b51..bc25bbc 100644 +index 3698b51..e0198d9 100644 --- a/rabbitmq.te +++ b/rabbitmq.te @@ -45,6 +45,8 @@ setattr_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t) @@ -65333,7 +65331,7 @@ index 3698b51..bc25bbc 100644 corenet_all_recvfrom_unlabeled(rabbitmq_beam_t) corenet_all_recvfrom_netlabel(rabbitmq_beam_t) corenet_tcp_sendrecv_generic_if(rabbitmq_beam_t) -@@ -68,20 +72,32 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t) +@@ -68,20 +72,33 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t) corenet_tcp_connect_epmd_port(rabbitmq_beam_t) corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t) @@ -65348,6 +65346,7 @@ index 3698b51..bc25bbc 100644 +files_getattr_all_mountpoints(rabbitmq_beam_t) + +fs_getattr_all_fs(rabbitmq_beam_t) ++fs_getattr_all_dirs(rabbitmq_beam_t) +fs_getattr_cgroup(rabbitmq_beam_t) + +dev_read_sysfs(rabbitmq_beam_t) @@ -65370,7 +65369,7 @@ index 3698b51..bc25bbc 100644 allow rabbitmq_epmd_t self:process signal; allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms; allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms; -@@ -99,8 +115,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t) +@@ -99,8 +116,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t) corenet_tcp_bind_epmd_port(rabbitmq_epmd_t) corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 6068973..bbcd5b6 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -424,7 +424,7 @@ Obsoletes: cachefilesd-selinux <= 0.10-1 Conflicts: seedit Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12 Conflicts: pki-selinux < 10-0.0-0.45.b1 -Conflicts: freeipa-server-selinux <= 3.2.1-1 +Conflicts: freeipa-server-selinux < 3.2.2-1 %description targeted SELinux Reference policy targeted base module.