From fcc81154d5a8ed088b57161a64ce81728ae77e74 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mar 21 2012 08:08:03 +0000 Subject: Add mysql_read_home_content() interface --- diff --git a/policy-F16.patch b/policy-F16.patch index b091186..de11716 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -46393,10 +46393,10 @@ index cc7192c..eeb72ba 100644 # /etc/my\.cnf -- gen_context(system_u:object_r:mysqld_etc_t,s0) diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if -index e9c0982..14d2939 100644 +index e9c0982..b3b1d5a 100644 --- a/policy/modules/services/mysql.if +++ b/policy/modules/services/mysql.if -@@ -18,6 +18,24 @@ interface(`mysql_domtrans',` +@@ -18,6 +18,43 @@ interface(`mysql_domtrans',` domtrans_pattern($1, mysqld_exec_t, mysqld_t) ') @@ -46418,10 +46418,29 @@ index e9c0982..14d2939 100644 + can_exec($1, mysqld_exec_t) +') + ++####################################### ++## ++## read mysqld homedir content (.k5login) ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`mysql_read_home_content',` ++ gen_require(` ++ type mysqld_home_t; ++ ') ++ ++ userdom_search_user_home_dirs($1) ++ read_files_pattern($1, mysqld_home_t, mysqld_home_t) ++') ++ ######################################## ## ## Send a generic signal to MySQL. -@@ -36,6 +54,24 @@ interface(`mysql_signal',` +@@ -36,6 +73,24 @@ interface(`mysql_signal',` allow $1 mysqld_t:process signal; ') @@ -46446,7 +46465,7 @@ index e9c0982..14d2939 100644 ######################################## ## ## Allow the specified domain to connect to postgresql with a tcp socket. -@@ -73,6 +109,7 @@ interface(`mysql_stream_connect',` +@@ -73,6 +128,7 @@ interface(`mysql_stream_connect',` type mysqld_t, mysqld_var_run_t, mysqld_db_t; ') @@ -46454,7 +46473,7 @@ index e9c0982..14d2939 100644 stream_connect_pattern($1, mysqld_var_run_t, mysqld_var_run_t, mysqld_t) stream_connect_pattern($1, mysqld_db_t, mysqld_var_run_t, mysqld_t) ') -@@ -252,12 +289,12 @@ interface(`mysql_write_log',` +@@ -252,12 +308,12 @@ interface(`mysql_write_log',` ') logging_search_logs($1) @@ -46469,7 +46488,7 @@ index e9c0982..14d2939 100644 ## ## ## -@@ -273,6 +310,24 @@ interface(`mysql_domtrans_mysql_safe',` +@@ -273,6 +329,24 @@ interface(`mysql_domtrans_mysql_safe',` domtrans_pattern($1, mysqld_safe_exec_t, mysqld_safe_t) ') @@ -46494,7 +46513,7 @@ index e9c0982..14d2939 100644 ##################################### ## ## Read MySQL PID files. -@@ -313,6 +368,48 @@ interface(`mysql_search_pid_files',` +@@ -313,6 +387,48 @@ interface(`mysql_search_pid_files',` ######################################## ## @@ -46543,7 +46562,7 @@ index e9c0982..14d2939 100644 ## All of the rules required to administrate an mysql environment ## ## -@@ -329,10 +426,10 @@ interface(`mysql_search_pid_files',` +@@ -329,10 +445,10 @@ interface(`mysql_search_pid_files',` # interface(`mysql_admin',` gen_require(` @@ -46558,7 +46577,7 @@ index e9c0982..14d2939 100644 ') allow $1 mysqld_t:process { ptrace signal_perms }; -@@ -343,13 +440,25 @@ interface(`mysql_admin',` +@@ -343,13 +459,25 @@ interface(`mysql_admin',` role_transition $2 mysqld_initrc_exec_t system_r; allow $2 system_r; @@ -65059,7 +65078,7 @@ index 4966c94..cb2e1a3 100644 +/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) + diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if -index 130ced9..69aedbf 100644 +index 130ced9..5ab4df5 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -19,9 +19,10 @@ @@ -65786,7 +65805,7 @@ index 130ced9..69aedbf 100644 ') ######################################## -@@ -1243,10 +1518,458 @@ interface(`xserver_manage_core_devices',` +@@ -1243,10 +1518,460 @@ interface(`xserver_manage_core_devices',` # interface(`xserver_unconfined',` gen_require(` @@ -66208,6 +66227,8 @@ index 130ced9..69aedbf 100644 + userdom_user_home_dir_filetrans($1, iceauth_home_t, file, ".DCOP") + userdom_user_home_dir_filetrans($1, iceauth_home_t, file, ".ICEauthority") + userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".Xauthority") ++ userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".Xauthority-l") ++ userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".Xauthority-c") + userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".xauth") + userdom_user_home_dir_filetrans($1, xauth_home_t, file, ".Xauth") + userdom_user_home_dir_filetrans($1, user_fonts_config_t, file, ".fonts.conf")