trunk: another round of nsswitch from dan.
This commit is contained in:
parent
74d920c3b5
commit
09e21686ea
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(vpn,1.6.0)
|
policy_module(vpn,1.6.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -82,6 +82,8 @@ files_read_etc_runtime_files(vpnc_t)
|
|||||||
files_read_etc_files(vpnc_t)
|
files_read_etc_files(vpnc_t)
|
||||||
files_dontaudit_search_home(vpnc_t)
|
files_dontaudit_search_home(vpnc_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(vpnc_t)
|
||||||
|
|
||||||
libs_exec_ld_so(vpnc_t)
|
libs_exec_ld_so(vpnc_t)
|
||||||
libs_exec_lib_files(vpnc_t)
|
libs_exec_lib_files(vpnc_t)
|
||||||
libs_use_ld_so(vpnc_t)
|
libs_use_ld_so(vpnc_t)
|
||||||
@ -110,11 +112,3 @@ optional_policy(`
|
|||||||
networkmanager_dbus_chat(vpnc_t)
|
networkmanager_dbus_chat(vpnc_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(vpnc_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(vpnc_t)
|
|
||||||
')
|
|
||||||
|
@ -62,7 +62,6 @@ template(`thunderbird_per_role_template',`
|
|||||||
allow $1_thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind };
|
allow $1_thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind };
|
||||||
allow $1_thunderbird_t self:tcp_socket create_socket_perms;
|
allow $1_thunderbird_t self:tcp_socket create_socket_perms;
|
||||||
allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write };
|
allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write };
|
||||||
allow $1_thunderbird_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
# Access ~/.thunderbird
|
# Access ~/.thunderbird
|
||||||
manage_dirs_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
|
manage_dirs_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
|
||||||
@ -146,16 +145,14 @@ template(`thunderbird_per_role_template',`
|
|||||||
# Access ~/.thunderbird
|
# Access ~/.thunderbird
|
||||||
fs_search_auto_mountpoints($1_thunderbird_t)
|
fs_search_auto_mountpoints($1_thunderbird_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch($1_thunderbird_t)
|
||||||
|
|
||||||
libs_use_shared_libs($1_thunderbird_t)
|
libs_use_shared_libs($1_thunderbird_t)
|
||||||
libs_use_ld_so($1_thunderbird_t)
|
libs_use_ld_so($1_thunderbird_t)
|
||||||
|
|
||||||
miscfiles_read_fonts($1_thunderbird_t)
|
miscfiles_read_fonts($1_thunderbird_t)
|
||||||
miscfiles_read_localization($1_thunderbird_t)
|
miscfiles_read_localization($1_thunderbird_t)
|
||||||
|
|
||||||
sysnet_read_config($1_thunderbird_t)
|
|
||||||
# Allow DNS
|
|
||||||
sysnet_dns_name_resolve($1_thunderbird_t)
|
|
||||||
|
|
||||||
userdom_manage_user_tmp_dirs($1,$1_thunderbird_t)
|
userdom_manage_user_tmp_dirs($1,$1_thunderbird_t)
|
||||||
userdom_read_user_tmp_files($1,$1_thunderbird_t)
|
userdom_read_user_tmp_files($1,$1_thunderbird_t)
|
||||||
userdom_write_user_tmp_sockets($1,$1_thunderbird_t)
|
userdom_write_user_tmp_sockets($1,$1_thunderbird_t)
|
||||||
@ -341,14 +338,6 @@ template(`thunderbird_per_role_template',`
|
|||||||
mozilla_dbus_chat($1, $1_thunderbird_t)
|
mozilla_dbus_chat($1, $1_thunderbird_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind($1_thunderbird_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use($1_thunderbird_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
# FIXME: Rules were removed to centralize policy in a gnome_app macro
|
# FIXME: Rules were removed to centralize policy in a gnome_app macro
|
||||||
# A similar thing might be necessary for mozilla compiled without GNOME
|
# A similar thing might be necessary for mozilla compiled without GNOME
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(thunderbird,1.4.1)
|
policy_module(thunderbird,1.4.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -87,6 +87,8 @@ template(`mta_base_mail_template',`
|
|||||||
# It wants to check for nscd
|
# It wants to check for nscd
|
||||||
files_dontaudit_search_pids($1_mail_t)
|
files_dontaudit_search_pids($1_mail_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch($1_mail_t)
|
||||||
|
|
||||||
libs_use_ld_so($1_mail_t)
|
libs_use_ld_so($1_mail_t)
|
||||||
libs_use_shared_libs($1_mail_t)
|
libs_use_shared_libs($1_mail_t)
|
||||||
|
|
||||||
@ -94,17 +96,6 @@ template(`mta_base_mail_template',`
|
|||||||
|
|
||||||
miscfiles_read_localization($1_mail_t)
|
miscfiles_read_localization($1_mail_t)
|
||||||
|
|
||||||
sysnet_read_config($1_mail_t)
|
|
||||||
sysnet_dns_name_resolve($1_mail_t)
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind($1_mail_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use($1_mail_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
postfix_domtrans_user_mail_handler($1_mail_t)
|
postfix_domtrans_user_mail_handler($1_mail_t)
|
||||||
')
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(mta,1.8.1)
|
policy_module(mta,1.8.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(postgresql,1.4.2)
|
policy_module(postgresql,1.4.3)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -42,7 +42,6 @@ allow postgresql_t self:tcp_socket create_stream_socket_perms;
|
|||||||
allow postgresql_t self:udp_socket create_stream_socket_perms;
|
allow postgresql_t self:udp_socket create_stream_socket_perms;
|
||||||
allow postgresql_t self:unix_dgram_socket create_socket_perms;
|
allow postgresql_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
|
allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow postgresql_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
|
manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
|
||||||
manage_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
|
manage_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
|
||||||
@ -116,6 +115,8 @@ files_search_etc(postgresql_t)
|
|||||||
files_read_etc_runtime_files(postgresql_t)
|
files_read_etc_runtime_files(postgresql_t)
|
||||||
files_read_usr_files(postgresql_t)
|
files_read_usr_files(postgresql_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(postgresql_t)
|
||||||
|
|
||||||
init_read_utmp(postgresql_t)
|
init_read_utmp(postgresql_t)
|
||||||
|
|
||||||
libs_use_ld_so(postgresql_t)
|
libs_use_ld_so(postgresql_t)
|
||||||
@ -127,9 +128,6 @@ miscfiles_read_localization(postgresql_t)
|
|||||||
|
|
||||||
seutil_dontaudit_search_config(postgresql_t)
|
seutil_dontaudit_search_config(postgresql_t)
|
||||||
|
|
||||||
sysnet_read_config(postgresql_t)
|
|
||||||
sysnet_use_ldap(postgresql_t)
|
|
||||||
|
|
||||||
userdom_dontaudit_search_sysadm_home_dirs(postgresql_t)
|
userdom_dontaudit_search_sysadm_home_dirs(postgresql_t)
|
||||||
userdom_dontaudit_use_sysadm_ttys(postgresql_t)
|
userdom_dontaudit_use_sysadm_ttys(postgresql_t)
|
||||||
userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
|
userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
|
||||||
@ -161,10 +159,6 @@ optional_policy(`
|
|||||||
kerberos_use(postgresql_t)
|
kerberos_use(postgresql_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(postgresql_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(postgresql_t)
|
seutil_sigchld_newrole(postgresql_t)
|
||||||
')
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(rshd,1.4.1)
|
policy_module(rshd,1.4.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -52,6 +52,8 @@ files_list_home(rshd_t)
|
|||||||
files_read_etc_files(rshd_t)
|
files_read_etc_files(rshd_t)
|
||||||
files_search_tmp(rshd_t)
|
files_search_tmp(rshd_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(rshd_t)
|
||||||
|
|
||||||
libs_use_ld_so(rshd_t)
|
libs_use_ld_so(rshd_t)
|
||||||
libs_use_shared_libs(rshd_t)
|
libs_use_shared_libs(rshd_t)
|
||||||
|
|
||||||
@ -62,8 +64,6 @@ miscfiles_read_localization(rshd_t)
|
|||||||
seutil_read_config(rshd_t)
|
seutil_read_config(rshd_t)
|
||||||
seutil_read_default_contexts(rshd_t)
|
seutil_read_default_contexts(rshd_t)
|
||||||
|
|
||||||
sysnet_read_config(rshd_t)
|
|
||||||
|
|
||||||
userdom_search_all_users_home_content(rshd_t)
|
userdom_search_all_users_home_content(rshd_t)
|
||||||
|
|
||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
@ -80,10 +80,6 @@ optional_policy(`
|
|||||||
kerberos_use(rshd_t)
|
kerberos_use(rshd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(rshd_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
tcpd_wrapped_domain(rshd_t,rshd_exec_t)
|
tcpd_wrapped_domain(rshd_t,rshd_exec_t)
|
||||||
')
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(samba,1.6.3)
|
policy_module(samba,1.6.4)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -197,10 +197,6 @@ optional_policy(`
|
|||||||
kerberos_use(samba_net_t)
|
kerberos_use(samba_net_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(samba_net_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# smbd Local policy
|
# smbd Local policy
|
||||||
@ -727,10 +723,6 @@ optional_policy(`
|
|||||||
kerberos_use(winbind_t)
|
kerberos_use(winbind_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(winbind_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(winbind_t)
|
seutil_sigchld_newrole(winbind_t)
|
||||||
')
|
')
|
||||||
@ -760,6 +752,8 @@ term_list_ptys(winbind_helper_t)
|
|||||||
|
|
||||||
domain_use_interactive_fds(winbind_helper_t)
|
domain_use_interactive_fds(winbind_helper_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(winbind_helper_t)
|
||||||
|
|
||||||
libs_use_ld_so(winbind_helper_t)
|
libs_use_ld_so(winbind_helper_t)
|
||||||
libs_use_shared_libs(winbind_helper_t)
|
libs_use_shared_libs(winbind_helper_t)
|
||||||
|
|
||||||
@ -767,10 +761,6 @@ logging_send_syslog_msg(winbind_helper_t)
|
|||||||
|
|
||||||
miscfiles_read_localization(winbind_helper_t)
|
miscfiles_read_localization(winbind_helper_t)
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(winbind_helper_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
squid_read_log(winbind_helper_t)
|
squid_read_log(winbind_helper_t)
|
||||||
squid_append_log(winbind_helper_t)
|
squid_append_log(winbind_helper_t)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(sendmail,1.6.1)
|
policy_module(sendmail,1.6.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -32,7 +32,6 @@ allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
|
|||||||
allow sendmail_t self:unix_dgram_socket create_socket_perms;
|
allow sendmail_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow sendmail_t self:tcp_socket create_stream_socket_perms;
|
allow sendmail_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow sendmail_t self:udp_socket create_socket_perms;
|
allow sendmail_t self:udp_socket create_socket_perms;
|
||||||
allow sendmail_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
allow sendmail_t sendmail_log_t:dir setattr;
|
allow sendmail_t sendmail_log_t:dir setattr;
|
||||||
manage_files_pattern(sendmail_t,sendmail_log_t,sendmail_log_t)
|
manage_files_pattern(sendmail_t,sendmail_log_t,sendmail_log_t)
|
||||||
@ -84,6 +83,8 @@ init_use_script_ptys(sendmail_t)
|
|||||||
init_read_utmp(sendmail_t)
|
init_read_utmp(sendmail_t)
|
||||||
init_dontaudit_write_utmp(sendmail_t)
|
init_dontaudit_write_utmp(sendmail_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(sendmail_t)
|
||||||
|
|
||||||
libs_use_ld_so(sendmail_t)
|
libs_use_ld_so(sendmail_t)
|
||||||
libs_use_shared_libs(sendmail_t)
|
libs_use_shared_libs(sendmail_t)
|
||||||
# Read /usr/lib/sasl2/.*
|
# Read /usr/lib/sasl2/.*
|
||||||
@ -94,9 +95,6 @@ logging_send_syslog_msg(sendmail_t)
|
|||||||
miscfiles_read_certs(sendmail_t)
|
miscfiles_read_certs(sendmail_t)
|
||||||
miscfiles_read_localization(sendmail_t)
|
miscfiles_read_localization(sendmail_t)
|
||||||
|
|
||||||
sysnet_dns_name_resolve(sendmail_t)
|
|
||||||
sysnet_read_config(sendmail_t)
|
|
||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
|
userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dirs(sendmail_t)
|
userdom_dontaudit_search_sysadm_home_dirs(sendmail_t)
|
||||||
|
|
||||||
@ -112,14 +110,6 @@ optional_policy(`
|
|||||||
clamav_search_lib(sendmail_t)
|
clamav_search_lib(sendmail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(sendmail_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(sendmail_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
postfix_exec_master(sendmail_t)
|
postfix_exec_master(sendmail_t)
|
||||||
postfix_read_config(sendmail_t)
|
postfix_read_config(sendmail_t)
|
||||||
|
@ -101,7 +101,6 @@ allow xdm_t self:fifo_file rw_fifo_file_perms;
|
|||||||
allow xdm_t self:shm create_shm_perms;
|
allow xdm_t self:shm create_shm_perms;
|
||||||
allow xdm_t self:sem create_sem_perms;
|
allow xdm_t self:sem create_sem_perms;
|
||||||
allow xdm_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
allow xdm_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
||||||
allow xdm_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
allow xdm_t self:unix_dgram_socket create_socket_perms;
|
allow xdm_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow xdm_t self:tcp_socket create_stream_socket_perms;
|
allow xdm_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow xdm_t self:udp_socket create_socket_perms;
|
allow xdm_t self:udp_socket create_socket_perms;
|
||||||
@ -335,10 +334,6 @@ optional_policy(`
|
|||||||
mta_dontaudit_getattr_spool_files(xdm_t)
|
mta_dontaudit_getattr_spool_files(xdm_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(xdm_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(xdm_t)
|
seutil_sigchld_newrole(xdm_t)
|
||||||
')
|
')
|
||||||
|
@ -126,14 +126,6 @@ optional_policy(`
|
|||||||
locallogin_use_fds(pam_t)
|
locallogin_use_fds(pam_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(pam_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(pam_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# PAM console local policy
|
# PAM console local policy
|
||||||
|
@ -184,10 +184,6 @@ optional_policy(`
|
|||||||
samba_domtrans_smbmount(mount_t)
|
samba_domtrans_smbmount(mount_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(mount_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Unconfined mount local policy
|
# Unconfined mount local policy
|
||||||
|
Loading…
Reference in New Issue
Block a user