From ed4b7301fba4ee8245ba4e4a7c3a2a8f241c8284 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: May 03 2007 12:45:28 +0000 Subject: Patch to have avahi use the nsswitch interface rather than individual permissions from Dan Walsh. --- diff --git a/Changelog b/Changelog index e0f27c9..b2754fc 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,5 @@ +- Patch to have avahi use the nsswitch interface rather than individual + permissions from Dan Walsh. - Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh. - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes to handle usage from userhelper from Dan Walsh. diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te index 20b67d3..27d6129 100644 --- a/policy/modules/services/avahi.te +++ b/policy/modules/services/avahi.te @@ -1,5 +1,5 @@ -policy_module(avahi,1.5.1) +policy_module(avahi,1.5.2) ######################################## # @@ -24,7 +24,6 @@ allow avahi_t self:process { setrlimit signal_perms setcap }; allow avahi_t self:fifo_file { read write }; allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow avahi_t self:unix_dgram_socket create_socket_perms; -allow avahi_t self:netlink_route_socket r_netlink_socket_perms; allow avahi_t self:tcp_socket create_stream_socket_perms; allow avahi_t self:udp_socket create_socket_perms; @@ -64,6 +63,8 @@ files_read_etc_files(avahi_t) files_read_etc_runtime_files(avahi_t) files_read_usr_files(avahi_t) +auth_use_nsswitch(avahi_t) + init_signal_script(avahi_t) init_signull_script(avahi_t) @@ -73,10 +74,8 @@ libs_use_shared_libs(avahi_t) logging_send_syslog_msg(avahi_t) miscfiles_read_localization(avahi_t) -miscfiles_read_certs(avahi_t) sysnet_read_config(avahi_t) -sysnet_use_ldap(avahi_t) userdom_dontaudit_use_unpriv_user_fds(avahi_t) userdom_dontaudit_search_sysadm_home_dirs(avahi_t) @@ -95,10 +94,6 @@ optional_policy(` ') optional_policy(` - nis_use_ypbind(avahi_t) -') - -optional_policy(` seutil_sigchld_newrole(avahi_t) ')