update for past renames
This commit is contained in:
parent
18963117b3
commit
0610998bf8
@ -104,7 +104,7 @@ optional_policy(`arpwatch',`
|
|||||||
# mta_user_agent:
|
# mta_user_agent:
|
||||||
#
|
#
|
||||||
mta_mailserver_user_agent($1)
|
mta_mailserver_user_agent($1)
|
||||||
domain_use_wide_inherit_fd($1)
|
domain_use_interactive_fds($1)
|
||||||
userdom_sigchld_all_users($1)
|
userdom_sigchld_all_users($1)
|
||||||
userdom_use_all_user_fd($1)
|
userdom_use_all_user_fd($1)
|
||||||
userdom_use_sysadm_terms($1)
|
userdom_use_sysadm_terms($1)
|
||||||
@ -137,7 +137,7 @@ optional_policy(`nscd',`
|
|||||||
#
|
#
|
||||||
# privfd: complete
|
# privfd: complete
|
||||||
#
|
#
|
||||||
domain_wide_inherit_fd($1)
|
domain_interactive_fd($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# privlog: complete
|
# privlog: complete
|
||||||
@ -308,7 +308,7 @@ sysnet_read_config($1)
|
|||||||
#
|
#
|
||||||
# base_file_read_access(): complete
|
# base_file_read_access(): complete
|
||||||
#
|
#
|
||||||
kernel_read_kernel_sysctl($1)
|
kernel_read_kernel_sysctls($1)
|
||||||
corecmd_list_bin($1)
|
corecmd_list_bin($1)
|
||||||
corecmd_read_bin_symlink($1)
|
corecmd_read_bin_symlink($1)
|
||||||
corecmd_read_bin_file($1)
|
corecmd_read_bin_file($1)
|
||||||
@ -715,7 +715,7 @@ kernel_setsecparam($1)
|
|||||||
#
|
#
|
||||||
# can_sysctl(): complete
|
# can_sysctl(): complete
|
||||||
#
|
#
|
||||||
kernel_rw_all_sysctl($1)
|
kernel_rw_all_sysctls($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# can_tcp_connect():
|
# can_tcp_connect():
|
||||||
@ -785,21 +785,21 @@ dontaudit $1_t self:capability sys_tty_config;
|
|||||||
allow $1_t self:process signal_perms;
|
allow $1_t self:process signal_perms;
|
||||||
kernel_list_proc($1_t)
|
kernel_list_proc($1_t)
|
||||||
kernel_read_proc_symlinks($1_t)
|
kernel_read_proc_symlinks($1_t)
|
||||||
kernel_read_kernel_sysctl($1_t)
|
kernel_read_kernel_sysctls($1_t)
|
||||||
dev_read_sysfs($1_t)
|
dev_read_sysfs($1_t)
|
||||||
fs_search_auto_mountpoints($1_t)
|
fs_search_auto_mountpoints($1_t)
|
||||||
term_dontaudit_use_console($1_t)
|
term_dontaudit_use_console($1_t)
|
||||||
domain_use_wide_inherit_fd($1_t)
|
domain_use_interactive_fds($1_t)
|
||||||
init_use_fd($1_t)
|
init_use_fds($1_t)
|
||||||
init_use_script_pty($1_t)
|
init_use_script_pty($1_t)
|
||||||
libs_use_ld_so($1_t)
|
libs_use_ld_so($1_t)
|
||||||
libs_use_shared_libs($1_t)
|
libs_use_shared_libs($1_t)
|
||||||
logging_send_syslog_msg($1_t)
|
logging_send_syslog_msg($1_t)
|
||||||
userdom_dontaudit_use_unpriv_user_fd($1_t)
|
userdom_dontaudit_use_unpriv_user_fds($1_t)
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty($1_t)
|
term_dontaudit_use_unallocated_tty($1_t)
|
||||||
term_dontaudit_use_generic_pty($1_t)
|
term_dontaudit_use_generic_pty($1_t)
|
||||||
files_dontaudit_read_root_file($1_t)
|
files_dontaudit_read_root_files($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
seutil_sigchld_newrole($1_t)
|
seutil_sigchld_newrole($1_t)
|
||||||
@ -820,27 +820,27 @@ dontaudit $1_t self:capability sys_tty_config;
|
|||||||
allow $1_t self:process signal_perms;
|
allow $1_t self:process signal_perms;
|
||||||
allow $1_t $1_var_run_t:file create_file_perms;
|
allow $1_t $1_var_run_t:file create_file_perms;
|
||||||
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
||||||
files_filetrans_pid($1_t,$1_var_run_t)
|
files_pid_filetrans($1_t,$1_var_run_t)
|
||||||
kernel_read_kernel_sysctl($1_t)
|
kernel_read_kernel_sysctls($1_t)
|
||||||
kernel_list_proc($1_t)
|
kernel_list_proc($1_t)
|
||||||
kernel_read_proc_symlinks($1_t)
|
kernel_read_proc_symlinks($1_t)
|
||||||
dev_read_sysfs($1_t)
|
dev_read_sysfs($1_t)
|
||||||
fs_getattr_all_fs($1_t)
|
fs_getattr_all_fs($1_t)
|
||||||
fs_search_auto_mountpoints($1_t)
|
fs_search_auto_mountpoints($1_t)
|
||||||
term_dontaudit_use_console($1_t)
|
term_dontaudit_use_console($1_t)
|
||||||
domain_use_wide_inherit_fd($1_t)
|
domain_use_interactive_fds($1_t)
|
||||||
init_use_fd($1_t)
|
init_use_fds($1_t)
|
||||||
init_use_script_pty($1_t)
|
init_use_script_pty($1_t)
|
||||||
libs_use_ld_so($1_t)
|
libs_use_ld_so($1_t)
|
||||||
libs_use_shared_libs($1_t)
|
libs_use_shared_libs($1_t)
|
||||||
logging_send_syslog_msg($1_t)
|
logging_send_syslog_msg($1_t)
|
||||||
miscfiles_read_localization($1_t)
|
miscfiles_read_localization($1_t)
|
||||||
userdom_dontaudit_use_unpriv_user_fd($1_t)
|
userdom_dontaudit_use_unpriv_user_fds($1_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir($1_t)
|
userdom_dontaudit_search_sysadm_home_dirs($1_t)
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty($1_t)
|
term_dontaudit_use_unallocated_tty($1_t)
|
||||||
term_dontaudit_use_generic_pty($1_t)
|
term_dontaudit_use_generic_pty($1_t)
|
||||||
files_dontaudit_read_root_file($1_t)
|
files_dontaudit_read_root_files($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
seutil_sigchld_newrole($1_t)
|
seutil_sigchld_newrole($1_t)
|
||||||
@ -918,7 +918,7 @@ allow $1 self:sem create_sem_perms;
|
|||||||
allow $1 self:msgq create_msgq_perms;
|
allow $1 self:msgq create_msgq_perms;
|
||||||
allow $1 self:msg { send receive };
|
allow $1 self:msg { send receive };
|
||||||
fs_search_auto_mountpoints($1)
|
fs_search_auto_mountpoints($1)
|
||||||
userdom_use_unpriv_users_fd($1)
|
userdom_use_unpriv_users_fds($1)
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
nis_use_ypbind($1)
|
nis_use_ypbind($1)
|
||||||
')
|
')
|
||||||
@ -929,21 +929,21 @@ optional_policy(`nis',`
|
|||||||
kernel_read_system_state($1)
|
kernel_read_system_state($1)
|
||||||
kernel_read_network_state($1)
|
kernel_read_network_state($1)
|
||||||
kernel_read_software_raid_state($1)
|
kernel_read_software_raid_state($1)
|
||||||
kernel_getattr_core($1)
|
kernel_getattr_core_if($1)
|
||||||
kernel_getattr_message_if($1)
|
kernel_getattr_message_if($1)
|
||||||
kernel_read_kernel_sysctl($1)
|
kernel_read_kernel_sysctls($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# home_domain($1,$2)
|
# home_domain($1,$2)
|
||||||
#
|
#
|
||||||
type $1_$2_home_t alias $1_$2_rw_t;
|
type $1_$2_home_t alias $1_$2_rw_t;
|
||||||
files_poly_member($1_$2_home_t)
|
files_poly_member($1_$2_home_t)
|
||||||
userdom_home_file($1,$1_$2_home_t)
|
userdom_user_home_content($1,$1_$2_home_t)
|
||||||
allow $1_t $1_$2_home_t:dir manage_dir_perms;
|
allow $1_t $1_$2_home_t:dir manage_dir_perms;
|
||||||
allow $1_t $1_$2_home_t:file manage_file_perms;
|
allow $1_t $1_$2_home_t:file manage_file_perms;
|
||||||
allow $1_t $1_$2_home_t:lnk_file create_lnk_perms;
|
allow $1_t $1_$2_home_t:lnk_file create_lnk_perms;
|
||||||
allow $1_t $1_$2_home_t:{ dir file lnk_file } { relabelfrom relabelto };
|
allow $1_t $1_$2_home_t:{ dir file lnk_file } { relabelfrom relabelto };
|
||||||
userdom_search_user_home($1,$1_$2_t)
|
userdom_search_user_home_dirs($1,$1_$2_t)
|
||||||
allow $1_$2_t $1_$2_home_t:dir manage_dir_perms;
|
allow $1_$2_t $1_$2_home_t:dir manage_dir_perms;
|
||||||
allow $1_$2_t $1_$2_home_t:file manage_file_perms;
|
allow $1_$2_t $1_$2_home_t:file manage_file_perms;
|
||||||
allow $1_$2_t $1_$2_home_t:lnk_file create_lnk_perms;
|
allow $1_$2_t $1_$2_home_t:lnk_file create_lnk_perms;
|
||||||
@ -979,11 +979,11 @@ term_dontaudit_use_console($1_t)
|
|||||||
libs_use_ld_so($1_t)
|
libs_use_ld_so($1_t)
|
||||||
libs_use_shared_libs($1_t)
|
libs_use_shared_libs($1_t)
|
||||||
logging_send_syslog_msg($1_t)
|
logging_send_syslog_msg($1_t)
|
||||||
userdom_dontaudit_use_unpriv_user_fd($1_t)
|
userdom_dontaudit_use_unpriv_user_fds($1_t)
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty($1_t)
|
term_dontaudit_use_unallocated_tty($1_t)
|
||||||
term_dontaudit_use_generic_pty($1_t)
|
term_dontaudit_use_generic_pty($1_t)
|
||||||
files_dontaudit_read_root_file($1_t)
|
files_dontaudit_read_root_files($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`udev',`
|
optional_policy(`udev',`
|
||||||
udev_read_db($1_t)
|
udev_read_db($1_t)
|
||||||
@ -1014,11 +1014,11 @@ optional_policy(`kerberos',`
|
|||||||
#end for identd
|
#end for identd
|
||||||
allow $1_t $1_tmp_t:dir create_dir_perms;
|
allow $1_t $1_tmp_t:dir create_dir_perms;
|
||||||
allow $1_t $1_tmp_t:file create_file_perms;
|
allow $1_t $1_tmp_t:file create_file_perms;
|
||||||
files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
|
files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
|
||||||
allow $1_t $1_var_run_t:file create_file_perms;
|
allow $1_t $1_var_run_t:file create_file_perms;
|
||||||
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
||||||
files_filetrans_pid($1_t,$1_var_run_t)
|
files_pid_filetrans($1_t,$1_var_run_t)
|
||||||
kernel_read_kernel_sysctl($1_t)
|
kernel_read_kernel_sysctls($1_t)
|
||||||
kernel_read_system_state($1_t)
|
kernel_read_system_state($1_t)
|
||||||
kernel_read_network_state($1_t)
|
kernel_read_network_state($1_t)
|
||||||
corenet_tcp_sendrecv_generic_if($1_t)
|
corenet_tcp_sendrecv_generic_if($1_t)
|
||||||
@ -1060,7 +1060,7 @@ libs_legacy_use_ld_so($1_t)
|
|||||||
type $1_lock_t;
|
type $1_lock_t;
|
||||||
files_lock_file($1_lock_t)
|
files_lock_file($1_lock_t)
|
||||||
allow $1_t $1_lock_t:file create_file_perms;
|
allow $1_t $1_lock_t:file create_file_perms;
|
||||||
files_filetrans_lock($1_t,$1_lock_t)
|
files_lock_filetrans($1_t,$1_lock_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# log_domain(): complete
|
# log_domain(): complete
|
||||||
@ -1068,7 +1068,7 @@ files_filetrans_lock($1_t,$1_lock_t)
|
|||||||
type $1_log_t;
|
type $1_log_t;
|
||||||
logging_log_file($1_log_t)
|
logging_log_file($1_log_t)
|
||||||
allow $1_t $1_log_t:file create_file_perms;
|
allow $1_t $1_log_t:file create_file_perms;
|
||||||
logging_filetrans_log($1_t,$1_log_t)
|
logging_log_filetrans($1_t,$1_log_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# logdir_domain(): complete
|
# logdir_domain(): complete
|
||||||
@ -1077,7 +1077,7 @@ type $1_log_t;
|
|||||||
logging_log_file($1_log_t)
|
logging_log_file($1_log_t)
|
||||||
allow $1_t $1_log_t:file create_file_perms;
|
allow $1_t $1_log_t:file create_file_perms;
|
||||||
allow $1_t $1_log_t:dir rw_dir_perms;
|
allow $1_t $1_log_t:dir rw_dir_perms;
|
||||||
logging_filetrans_log($1_t,$1_log_t,{ file dir })
|
logging_log_filetrans($1_t,$1_log_t,{ file dir })
|
||||||
|
|
||||||
#
|
#
|
||||||
# network_home_dir():
|
# network_home_dir():
|
||||||
@ -1128,12 +1128,12 @@ miscfiles_read_localization($1)
|
|||||||
#
|
#
|
||||||
# read_sysctl($1): complete
|
# read_sysctl($1): complete
|
||||||
#
|
#
|
||||||
kernel_read_kernel_sysctl($1)
|
kernel_read_kernel_sysctls($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# read_sysctl($1,full): complete
|
# read_sysctl($1,full): complete
|
||||||
#
|
#
|
||||||
kernel_read_all_sysctl($1)
|
kernel_read_all_sysctls($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# rhgb_domain():
|
# rhgb_domain():
|
||||||
@ -1180,7 +1180,7 @@ type $1_tmp_t;
|
|||||||
files_tmp_file($1_tmp_t)
|
files_tmp_file($1_tmp_t)
|
||||||
allow $1_t $1_tmp_t:dir create_dir_perms;
|
allow $1_t $1_tmp_t:dir create_dir_perms;
|
||||||
allow $1_t $1_tmp_t:file create_file_perms;
|
allow $1_t $1_tmp_t:file create_file_perms;
|
||||||
files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
|
files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
|
||||||
|
|
||||||
#
|
#
|
||||||
# tmp_domain($1,$2,$3): complete
|
# tmp_domain($1,$2,$3): complete
|
||||||
@ -1190,7 +1190,7 @@ files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
|
|||||||
type $1_tmp_t $2;
|
type $1_tmp_t $2;
|
||||||
files_tmp_file($1_tmp_t)
|
files_tmp_file($1_tmp_t)
|
||||||
allow $1_t $1_tmp_t:$3 manage_obj_perms;
|
allow $1_t $1_tmp_t:$3 manage_obj_perms;
|
||||||
files_filetrans_tmp($1_t, $1_tmp_t, $3)
|
files_tmp_filetrans($1_t, $1_tmp_t, $3)
|
||||||
|
|
||||||
#
|
#
|
||||||
# tmpfs_domain(): complete
|
# tmpfs_domain(): complete
|
||||||
@ -1202,7 +1202,7 @@ allow $1_t $1_tmpfs_t:file manage_file_perms;
|
|||||||
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
|
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
|
||||||
allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
|
allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
|
||||||
allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
|
allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
|
||||||
fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
|
fs_tmpfs_filetrans($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
|
||||||
|
|
||||||
#
|
#
|
||||||
# unconfined_domain(): complete
|
# unconfined_domain(): complete
|
||||||
@ -1230,7 +1230,7 @@ type $1_var_lib_t;
|
|||||||
files_type($1_var_lib_t)
|
files_type($1_var_lib_t)
|
||||||
allow $1_t $1_var_lib_t:file create_file_perms;
|
allow $1_t $1_var_lib_t:file create_file_perms;
|
||||||
allow $1_t $1_var_lib_t:dir rw_dir_perms;
|
allow $1_t $1_var_lib_t:dir rw_dir_perms;
|
||||||
files_filetrans_var_lib($1_t,$1_var_lib_t)
|
files_var_lib_filetrans($1_t,$1_var_lib_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# var_run_domain($1): complete
|
# var_run_domain($1): complete
|
||||||
@ -1239,14 +1239,14 @@ type $1_var_run_t;
|
|||||||
files_pid_file($1_var_run_t)
|
files_pid_file($1_var_run_t)
|
||||||
allow $1_t $1_var_run_t:file create_file_perms;
|
allow $1_t $1_var_run_t:file create_file_perms;
|
||||||
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
||||||
files_filetrans_pid($1_t,$1_var_run_t)
|
files_pid_filetrans($1_t,$1_var_run_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# var_run_domain($1,$2): complete
|
# var_run_domain($1,$2): complete
|
||||||
#
|
#
|
||||||
type $1_var_run_t;
|
type $1_var_run_t;
|
||||||
files_pid_file($1_var_run_t)
|
files_pid_file($1_var_run_t)
|
||||||
files_filetrans_pid($1_t,$1_var_run_t,$2)
|
files_pid_filetrans($1_t,$1_var_run_t,$2)
|
||||||
# for each object class in $2:
|
# for each object class in $2:
|
||||||
# if dir:
|
# if dir:
|
||||||
allow $1 $1_var_run_t:dir create_dir_perms;
|
allow $1 $1_var_run_t:dir create_dir_perms;
|
||||||
@ -1265,7 +1265,7 @@ allow $1_t $1_tmpfs_t:file manage_file_perms;
|
|||||||
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
|
allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
|
||||||
allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
|
allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
|
||||||
allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
|
allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
|
||||||
fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
|
fs_tmpfs_filetrans($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
|
||||||
optional_policy(`xserver',`
|
optional_policy(`xserver',`
|
||||||
xserver_user_client_template($2,$1_t,$1_tmpfs_t)
|
xserver_user_client_template($2,$1_t,$1_tmpfs_t)
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user