last fixes for cab

This commit is contained in:
Chris PeBenito 2005-06-01 13:51:54 +00:00
parent d115b24712
commit 1293184998
5 changed files with 42 additions and 3 deletions

View File

@ -78,6 +78,20 @@ type device_t;
class dir r_dir_perms; class dir r_dir_perms;
') ')
########################################
#
# devices_add_dev_dir(domain)
#
define(`devices_add_dev_dir',`
requires_block_template(`$0'_depend)
allow $1 device_t:dir { ra_dir_perms create };
')
define(`devices_add_dev_dir_depend',`
type device_t;
class dir { ra_dir_perms create };
')
######################################## ########################################
# #
# devices_ignore_get_generic_pipe_attributes(domain) # devices_ignore_get_generic_pipe_attributes(domain)

View File

@ -621,6 +621,20 @@ type etc_t;
class dir { getattr search read write add_name remove_name }; class dir { getattr search read write add_name remove_name };
') ')
########################################
#
# files_modify_isid_type_dir(domain)
#
define(`files_modify_isid_type_dir',`
requires_block_template(`$0'_depend)
allow $1 file_t:dir rw_dir_perms;
')
define(`files_modify_isid_type_dir_depend',`
type file_t;
class dir rw_dir_perms;
')
######################################## ########################################
# #
# files_ignore_get_isid_type_dir_attrib(domain) # files_ignore_get_isid_type_dir_attrib(domain)

View File

@ -49,7 +49,10 @@ kernel_read_hardware_state(getty_t)
filesystem_get_persistent_filesystem_attributes(getty_t) filesystem_get_persistent_filesystem_attributes(getty_t)
# Chown, chmod, read and write ttys. # Chown, chmod, read and write ttys.
terminal_use_all_terminals(getty_t) terminal_use_all_private_physical_terminals(getty_t)
terminal_use_general_physical_terminal(getty_t)
terminal_set_all_private_physical_terminal_attributes(getty_t)
terminal_set_general_physical_terminal_attributes(getty_t)
terminal_set_console_attributes(getty_t) terminal_set_console_attributes(getty_t)
authlogin_modify_login_records(getty_t) authlogin_modify_login_records(getty_t)

View File

@ -313,6 +313,9 @@ tunable_policy(`distro_debian', `
') ')
tunable_policy(`distro_redhat',` tunable_policy(`distro_redhat',`
# this is from kmodule, which should get its own policy:
allow initrc_t self:capability sys_admin;
# Red Hat systems seem to have a stray # Red Hat systems seem to have a stray
# fd open from the initrd # fd open from the initrd
kernel_ignore_use_file_descriptors(initrc_t) kernel_ignore_use_file_descriptors(initrc_t)
@ -327,6 +330,7 @@ tunable_policy(`distro_redhat',`
# These seem to be from the initrd # These seem to be from the initrd
# during device initialization: # during device initialization:
devices_add_dev_dir(initrc_t)
devices_legacy_use_dev_zero(initrc_t) devices_legacy_use_dev_zero(initrc_t)
devices_legacy_raw_read_memory(initrc_t) devices_legacy_raw_read_memory(initrc_t)
devices_legacy_raw_write_memory(initrc_t) devices_legacy_raw_write_memory(initrc_t)
@ -339,8 +343,7 @@ tunable_policy(`distro_redhat',`
# readahead asks for these # readahead asks for these
mta_read_mail_aliases(initrc_t) mta_read_mail_aliases(initrc_t)
')
') dnl end distro_redhat
optional_policy(`hotplug.te',` optional_policy(`hotplug.te',`
kernel_read_usb_hardware_state(initrc_t) kernel_read_usb_hardware_state(initrc_t)

View File

@ -136,6 +136,11 @@ selinux_read_config(lvm_t)
selinux_read_file_contexts(lvm_t) selinux_read_file_contexts(lvm_t)
selinux_newrole_sigchld(lvm_t) selinux_newrole_sigchld(lvm_t)
tunable_policy(`distro_redhat',`
# this is from the initrd:
files_modify_isid_type_dir(lvm_t)
')
tunable_policy(`targeted_policy', ` tunable_policy(`targeted_policy', `
terminal_ignore_use_general_physical_terminal(lvm_t) terminal_ignore_use_general_physical_terminal(lvm_t)
terminal_ignore_use_general_pseudoterminal(lvm_t) terminal_ignore_use_general_pseudoterminal(lvm_t)