Move calls to external interfaces below policy that governs internal interaction.
Move calls to external interfaces below policy that governs internal interaction.
This commit is contained in:
Dominick Grift
parent
d542026b86
commit
02687a7034
@ -79,14 +79,6 @@ rpm_use_script_fds(cachefilesd_t)
|
|||||||
#
|
#
|
||||||
allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
|
allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
|
||||||
|
|
||||||
# Basic access
|
|
||||||
files_read_etc_files(cachefilesd_t)
|
|
||||||
miscfiles_read_localization(cachefilesd_t)
|
|
||||||
logging_send_syslog_msg(cachefilesd_t)
|
|
||||||
init_dontaudit_use_script_ptys(cachefilesd_t)
|
|
||||||
term_dontaudit_use_generic_ptys(cachefilesd_t)
|
|
||||||
term_dontaudit_getattr_unallocated_ttys(cachefilesd_t)
|
|
||||||
|
|
||||||
# Allow manipulation of pid file
|
# Allow manipulation of pid file
|
||||||
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
|
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
|
||||||
manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
|
manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||||
@ -104,6 +96,14 @@ allow cachefilesd_t cachefiles_var_t:file { rename delete_file_perms };
|
|||||||
# Permit statfs on the backing filesystem
|
# Permit statfs on the backing filesystem
|
||||||
fs_getattr_xattr_fs(cachefilesd_t)
|
fs_getattr_xattr_fs(cachefilesd_t)
|
||||||
|
|
||||||
|
# Basic access
|
||||||
|
files_read_etc_files(cachefilesd_t)
|
||||||
|
miscfiles_read_localization(cachefilesd_t)
|
||||||
|
logging_send_syslog_msg(cachefilesd_t)
|
||||||
|
init_dontaudit_use_script_ptys(cachefilesd_t)
|
||||||
|
term_dontaudit_use_generic_ptys(cachefilesd_t)
|
||||||
|
term_dontaudit_getattr_unallocated_ttys(cachefilesd_t)
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#
|
#
|
||||||
# When cachefilesd invokes the kernel module to begin caching, it has to tell
|
# When cachefilesd invokes the kernel module to begin caching, it has to tell
|
||||||
|
|||||||
@ -25,9 +25,6 @@ djbdns_daemontools_domain_template(tinydns)
|
|||||||
|
|
||||||
allow djbdns_axfrdns_t self:capability { setuid setgid sys_chroot };
|
allow djbdns_axfrdns_t self:capability { setuid setgid sys_chroot };
|
||||||
|
|
||||||
daemontools_ipc_domain(djbdns_axfrdns_t)
|
|
||||||
daemontools_read_svc(djbdns_axfrdns_t)
|
|
||||||
|
|
||||||
allow djbdns_axfrdns_t djbdns_axfrdns_conf_t:dir list_dir_perms;
|
allow djbdns_axfrdns_t djbdns_axfrdns_conf_t:dir list_dir_perms;
|
||||||
allow djbdns_axfrdns_t djbdns_axfrdns_conf_t:file read_file_perms;
|
allow djbdns_axfrdns_t djbdns_axfrdns_conf_t:file read_file_perms;
|
||||||
|
|
||||||
@ -39,6 +36,9 @@ allow djbdns_axfrdns_t djbdns_tinydns_conf_t:file read_file_perms;
|
|||||||
|
|
||||||
files_search_var(djbdns_axfrdns_t)
|
files_search_var(djbdns_axfrdns_t)
|
||||||
|
|
||||||
|
daemontools_ipc_domain(djbdns_axfrdns_t)
|
||||||
|
daemontools_read_svc(djbdns_axfrdns_t)
|
||||||
|
|
||||||
ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
|
ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user