commit: b60736bf3d0ec4cae2f1e603b110e1a7391c8a69
Author: James Carter <jwcart2 <AT> tycho <DOT> nsa <DOT> gov>
AuthorDate: Wed Apr 11 18:56:39 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 11:53:03 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b60736bf
Fix interfaces that use an undeclared identifier
These interfaces are not being called in the policy.
dbus.if:dbus_send_all_session_bus()
Use session_bus_type instead of dbus_session_bus_type.
rabbitmq.if:rabbitmq_domtrans()
Use rabbitmq_epmd_t and rabbitmq_beam_t instead of rabbitmq_t
and rabbitmq_epmd_exec_t and rabbitmq_beam_exec_t instead of
rabbitmq_exec_t.
Signed-off-by: James Carter <jwcart2 <AT> tycho.nsa.gov>
policy/modules/contrib/dbus.if | 2 +-
policy/modules/contrib/rabbitmq.if | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/policy/modules/contrib/dbus.if b/policy/modules/contrib/dbus.if
index 4f62c23a..01e353ed 100644
--- a/policy/modules/contrib/dbus.if
+++ b/policy/modules/contrib/dbus.if
@@ -259,7 +259,7 @@ interface(`dbus_send_all_session_bus',`
class dbus send_msg;
')
- allow $1 dbus_session_bus_type:dbus send_msg;
+ allow $1 session_bus_type:dbus send_msg;
')
#######################################
diff --git a/policy/modules/contrib/rabbitmq.if
b/policy/modules/contrib/rabbitmq.if
index 53efd0dd..854cd364 100644
--- a/policy/modules/contrib/rabbitmq.if
+++ b/policy/modules/contrib/rabbitmq.if
@@ -12,11 +12,13 @@
#
interface(`rabbitmq_domtrans',`
gen_require(`
- type rabbitmq_t, rabbitmq_exec_t;
+ type rabbitmq_epmd_t, rabbitmq_epmd_exec_t;
+ type rabbitmq_beam_t, rabbitmq_beam_exec_t;
')
corecmd_search_bin($1)
- domtrans_pattern($1, rabbitmq_exec_t, rabbitmq_t)
+ domtrans_pattern($1, rabbitmq_epmd_exec_t, rabbitmq_epmd_t)
+ domtrans_pattern($1, rabbitmq_beam_exec_t, rabbitmq_beam_t)
')
########################################
