fix
This commit is contained in:
Chris PeBenito
parent
603f90ab9d
commit
07b01c4a79
@ -135,6 +135,13 @@ selinux_compute_user_contexts($1)
|
|||||||
seutil_read_config($1)
|
seutil_read_config($1)
|
||||||
seutil_read_default_contexts($1)
|
seutil_read_default_contexts($1)
|
||||||
|
|
||||||
|
#
|
||||||
|
# web_client_domain:
|
||||||
|
#
|
||||||
|
optional_policy(`squid.te',`
|
||||||
|
squid_use($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Access macros
|
# Access macros
|
||||||
@ -310,12 +317,32 @@ selinux_get_fs_mount($1)
|
|||||||
selinux_load_policy($1)
|
selinux_load_policy($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# can_network():
|
# can_network($1):
|
||||||
|
#
|
||||||
|
allow $1 self:tcp_socket create_stream_socket_perms;
|
||||||
|
allow $1 self:udp_socket create_socket_perms;
|
||||||
|
corenet_tcp_sendrecv_all_if($1)
|
||||||
|
corenet_udp_sendrecv_all_if($1)
|
||||||
|
corenet_raw_sendrecv_all_if($1)
|
||||||
|
corenet_tcp_sendrecv_all_nodes($1)
|
||||||
|
corenet_udp_sendrecv_all_nodes($1)
|
||||||
|
corenet_raw_sendrecv_all_nodes($1)
|
||||||
|
corenet_tcp_sendrecv_all_ports($1)
|
||||||
|
corenet_udp_sendrecv_all_ports($1)
|
||||||
|
corenet_tcp_bind_all_nodes($1)
|
||||||
|
corenet_udp_bind_all_nodes($1)
|
||||||
|
sysnet_read_config($1)
|
||||||
|
optional_policy(`mount.te',`
|
||||||
|
mount_send_nfs_client_request($1)
|
||||||
|
')
|
||||||
|
|
||||||
|
#
|
||||||
|
# can_network($1,$2):
|
||||||
#
|
#
|
||||||
can_network_tcp($1, `$2')
|
can_network_tcp($1, `$2')
|
||||||
can_network_udp($1, `$2')
|
can_network_udp($1, `$2')
|
||||||
ifdef(`mount.te', `
|
optional_policy(`mount.te',`
|
||||||
allow $1 mount_t:udp_socket rw_socket_perms;
|
mount_send_nfs_client_request($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -646,7 +673,7 @@ type_transition $1 $2:$i $3;
|
|||||||
#
|
#
|
||||||
# general_domain_access(): complete
|
# general_domain_access(): complete
|
||||||
#
|
#
|
||||||
allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem dyntransition };
|
allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||||
allow $1 self:fd use;
|
allow $1 self:fd use;
|
||||||
allow $1 self:fifo_file rw_file_perms;
|
allow $1 self:fifo_file rw_file_perms;
|
||||||
allow $1 self:unix_dgram_socket create_socket_perms;
|
allow $1 self:unix_dgram_socket create_socket_perms;
|
||||||
@ -787,7 +814,7 @@ type $1_log_t;
|
|||||||
logging_log_file($1_log_t)
|
logging_log_file($1_log_t)
|
||||||
allow $1_t $1_log_t:file create_file_perms;
|
allow $1_t $1_log_t:file create_file_perms;
|
||||||
allow $1_t $1_log_t:dir rw_dir_perms;
|
allow $1_t $1_log_t:dir rw_dir_perms;
|
||||||
logging_search_logs($1_t,$1_log_t,{ file dir })
|
logging_create_log($1_t,$1_log_t,{ file dir })
|
||||||
|
|
||||||
#
|
#
|
||||||
# network_home_dir():
|
# network_home_dir():
|
||||||
@ -940,6 +967,7 @@ libs_use_shared_libs($1)
|
|||||||
type $1_var_lib_t;
|
type $1_var_lib_t;
|
||||||
files_type($1_var_lib_t)
|
files_type($1_var_lib_t)
|
||||||
allow $1_t $1_var_lib_t:file create_file_perms;
|
allow $1_t $1_var_lib_t:file create_file_perms;
|
||||||
|
allow $1_t $1_var_lib_t:dir create_dir_perms;
|
||||||
files_create_var_lib($1_t,$1_var_lib_t)
|
files_create_var_lib($1_t,$1_var_lib_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -948,6 +976,7 @@ files_create_var_lib($1_t,$1_var_lib_t)
|
|||||||
type $1_var_run_t;
|
type $1_var_run_t;
|
||||||
files_pid_file($1_var_run_t)
|
files_pid_file($1_var_run_t)
|
||||||
allow $1_t $1_var_run_t:file create_file_perms;
|
allow $1_t $1_var_run_t:file create_file_perms;
|
||||||
|
allow $1_t $1_var_run_t:dir create_dir_perms;
|
||||||
files_create_pid($1_t,$1_var_run_t)
|
files_create_pid($1_t,$1_var_run_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user