cleanup from sediff
This commit is contained in:
parent
3f41889dae
commit
09741b1f0e
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(rpm,1.0.1)
|
||||
policy_module(rpm,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -146,6 +146,13 @@ domain_read_all_domains_state(rpm_t)
|
||||
domain_getattr_all_domains(rpm_t)
|
||||
domain_dontaudit_ptrace_all_domains(rpm_t)
|
||||
domain_use_wide_inherit_fd(rpm_t)
|
||||
domain_dontaudit_getattr_all_pipes(rpm_t)
|
||||
domain_dontaudit_getattr_all_tcp_sockets(rpm_t)
|
||||
domain_dontaudit_getattr_all_udp_sockets(rpm_t)
|
||||
domain_dontaudit_getattr_all_packet_sockets(rpm_t)
|
||||
domain_dontaudit_getattr_all_raw_sockets(rpm_t)
|
||||
domain_dontaudit_getattr_all_stream_sockets(rpm_t)
|
||||
domain_dontaudit_getattr_all_dgram_sockets(rpm_t)
|
||||
|
||||
files_exec_etc_files(rpm_t)
|
||||
|
||||
@ -167,6 +174,10 @@ sysnet_read_config(rpm_t)
|
||||
|
||||
userdom_use_unpriv_users_fd(rpm_t)
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
unconfined_domain_template(rpm_t)
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
unconfined_domain_template(rpm_t)
|
||||
',`
|
||||
@ -318,6 +329,10 @@ seutil_domtrans_restorecon(rpm_script_t)
|
||||
|
||||
userdom_use_all_user_fd(rpm_script_t)
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
unconfined_domain_template(rpm_script_t)
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
unconfined_domain_template(rpm_script_t)
|
||||
',`
|
||||
|
@ -23,11 +23,14 @@ allow rshd_t self:tcp_socket create_stream_socket_perms;
|
||||
|
||||
kernel_read_kernel_sysctl(rshd_t)
|
||||
|
||||
corenet_raw_sendrecv_all_if(rshd_t)
|
||||
corenet_tcp_sendrecv_all_if(rshd_t)
|
||||
corenet_raw_sendrecv_all_nodes(rshd_t)
|
||||
corenet_tcp_sendrecv_generic_if(rshd_t)
|
||||
corenet_udp_sendrecv_generic_if(rshd_t)
|
||||
corenet_raw_sendrecv_generic_if(rshd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(rshd_t)
|
||||
corenet_udp_sendrecv_all_nodes(rshd_t)
|
||||
corenet_raw_sendrecv_all_nodes(rshd_t)
|
||||
corenet_tcp_sendrecv_all_ports(rshd_t)
|
||||
corenet_udp_sendrecv_all_ports(rshd_t)
|
||||
corenet_tcp_bind_all_nodes(rshd_t)
|
||||
corenet_tcp_bind_rsh_port(rshd_t)
|
||||
|
||||
@ -52,7 +55,7 @@ files_search_tmp(rshd_t)
|
||||
libs_use_ld_so(rshd_t)
|
||||
libs_use_shared_libs(rshd_t)
|
||||
|
||||
logging_send_syslog_msg(inetd_t)
|
||||
logging_send_syslog_msg(rshd_t)
|
||||
|
||||
miscfiles_read_localization(rshd_t)
|
||||
|
||||
|
@ -832,11 +832,45 @@ interface(`domain_dontaudit_rw_all_udp_sockets',`
|
||||
interface(`domain_dontaudit_getattr_all_key_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class key_socket { read write };
|
||||
')
|
||||
|
||||
dontaudit $1 domain:key_socket getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to get attribues of
|
||||
## all domains packet sockets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`domain_dontaudit_getattr_all_packet_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:packet_socket getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to get attribues of
|
||||
## all domains raw sockets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`domain_dontaudit_getattr_all_raw_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:rawip_socket getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to read or write
|
||||
@ -864,15 +898,31 @@ interface(`domain_dontaudit_rw_all_key_sockets',`
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
|
||||
interface(`domain_dontaudit_getattr_all_dgram_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class unix_dgram_socket getattr;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:unix_dgram_socket getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to get the attributes
|
||||
## of all domains unix datagram sockets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`domain_dontaudit_getattr_all_stream_sockets',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
')
|
||||
|
||||
dontaudit $1 domain:unix_stream_socket getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to get the attributes
|
||||
@ -882,7 +932,7 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`domain_dontaudit_getattr_all_unnamed_pipes',`
|
||||
interface(`domain_dontaudit_getattr_all_pipes',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
class fifo_file getattr;
|
||||
|
@ -318,8 +318,8 @@ domain_exec_all_entry_files(initrc_t)
|
||||
# for lsof which is used by alsa shutdown:
|
||||
domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_unix_dgram_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_unnamed_pipes(initrc_t)
|
||||
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
||||
domain_dontaudit_getattr_all_pipes(initrc_t)
|
||||
|
||||
files_getattr_all_dirs(initrc_t)
|
||||
files_getattr_all_files(initrc_t)
|
||||
|
@ -79,7 +79,7 @@ domain_read_confined_domains_state(cardmgr_t)
|
||||
domain_getattr_confined_domains(cardmgr_t)
|
||||
domain_dontaudit_ptrace_confined_domains(cardmgr_t)
|
||||
# cjp: these look excessive:
|
||||
domain_dontaudit_getattr_all_unnamed_pipes(cardmgr_t)
|
||||
domain_dontaudit_getattr_all_pipes(cardmgr_t)
|
||||
domain_dontaudit_getattr_all_sockets(cardmgr_t)
|
||||
|
||||
files_list_usr(cardmgr_t)
|
||||
|
Loading…
Reference in New Issue
Block a user