Bug 460129 - fix policy for various packages
fix policy for various packages
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: Patch
Depends On:
  Show dependency treegraph
Reported: 2008-08-26 07:13 EDT by Dominick Grift
Modified: 2008-09-08 16:30 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-08 16:30:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
various policy (9.88 KB, text/plain)
2008-08-26 07:14 EDT, Dominick Grift
no flags Details

  None (edit)
Description Dominick Grift 2008-08-26 07:13:24 EDT
Description of problem:

    Add prelude_correlator policy to prelude domain.
    Add PADS daemon domain.
    Fix some policy in prelude domain.
    Fix some policy in snort domain.
    Fix some policy in postgresql domain.
    Fix contexts in amavisd domain.

Version-Release number of selected component (if applicable):

Additional info:

Please see attached patch.
Comment 1 Dominick Grift 2008-08-26 07:14:43 EDT
Created attachment 314977 [details]
various policy
Comment 2 Dominick Grift 2008-08-26 07:20:06 EDT
There is one issue with PADS. By default it manages a file in /etc. (/etc/pads-assets.csv)

This required me to give pads manage_file_perms for files in etc labeled pads_config_t.

I could may split this in PADS file that can only be read in /etc and PADS a file that can be fully manage by PADS.
Comment 3 Daniel Walsh 2008-08-28 08:53:36 EDT
Try to get PADS to fix this by moving it to a different directory /var/lib/pads or /var/run/pads/

You can create a pads_etc_rw_t

filess_etc_filetrans(pads_t, pads_etc_rw_t, file)
Comment 4 Daniel Walsh 2008-09-08 16:30:02 EDT
Fixed in selinux-policy-3.5.7-1.fc10.noarch

I think your labeling on /etc/pads* is incorrect.

Note You need to log in before you can comment on or make changes to this bug.