From cad7ac51800d00e1d72109fab535f9eba7fd1138 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Jul 03 2009 07:57:26 +0000 Subject: - Allow ftpd to create shm --- diff --git a/policy-20090521.patch b/policy-20090521.patch index 06b278e..8dd99b0 100644 --- a/policy-20090521.patch +++ b/policy-20090521.patch @@ -1982,7 +1982,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol permissive fprintd_t; diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.12/policy/modules/services/ftp.te --- nsaserefpolicy/policy/modules/services/ftp.te 2009-06-25 10:19:44.000000000 +0200 -+++ serefpolicy-3.6.12/policy/modules/services/ftp.te 2009-06-29 16:23:40.000000000 +0200 ++++ serefpolicy-3.6.12/policy/modules/services/ftp.te 2009-07-03 08:22:14.000000000 +0200 @@ -91,6 +91,9 @@ # @@ -1993,7 +1993,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol dontaudit ftpd_t self:capability sys_tty_config; allow ftpd_t self:process signal_perms; allow ftpd_t self:process { getcap setcap setsched setrlimit }; -@@ -129,8 +132,7 @@ +@@ -99,6 +102,7 @@ + allow ftpd_t self:unix_stream_socket create_stream_socket_perms; + allow ftpd_t self:tcp_socket create_stream_socket_perms; + allow ftpd_t self:udp_socket create_socket_perms; ++allow ftpd_t self:shm create_shm_perms; + allow ftpd_t self:key manage_key_perms; + + allow ftpd_t ftpd_etc_t:file read_file_perms; +@@ -129,8 +133,7 @@ allow ftpd_t ftpdctl_tmp_t:sock_file { getattr unlink }; # Create and modify /var/log/xferlog.