rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Change optional_policy() to refer to the module name rather than modulename.te.

This commit is contained in:
Chris PeBenito 2005-11-23 20:24:27 +00:00
parent af23450c36
commit 1328802a41
124 changed files with 935 additions and 933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
refpolicy/Changelog
View File

@ -1,3 +1,5 @@
- Change optional_policy() to refer to the module name
rather than modulename.te.
- Fix labeling targets to use installed file_contexts rather - Fix labeling targets to use installed file_contexts rather
than partial file_contexts in the policy source directory. than partial file_contexts in the policy source directory.
- Fix build process to use make's internal vpath functions - Fix build process to use make's internal vpath functions

12
refpolicy/policy/modules/admin/acct.te
View File

@ -77,8 +77,8 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(acct_t) files_dontaudit_read_root_file(acct_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
optional_policy(`authlogin.te',` optional_policy(`authlogin',`
# for monthly cron job # for monthly cron job
auth_create_login_records(acct_t) auth_create_login_records(acct_t)
auth_manage_login_records(acct_t) auth_manage_login_records(acct_t)
@ -87,20 +87,20 @@ optional_policy(`cron.te',`
cron_system_entry(acct_t,acct_exec_t) cron_system_entry(acct_t,acct_exec_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(acct_t) nscd_use_socket(acct_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(acct_t) seutil_sigchld_newrole(acct_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(acct_t) udev_read_db(acct_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(acct_t) rhgb_domain(acct_t)
') ')
') ')

12
refpolicy/policy/modules/admin/amanda.te
View File

@ -164,19 +164,19 @@ libs_use_shared_libs(amanda_t)
sysnet_read_config(amanda_t) sysnet_read_config(amanda_t)
optional_policy(`authlogin.te',` optional_policy(`authlogin',`
auth_read_shadow(amanda_t) auth_read_shadow(amanda_t)
') ')
optional_policy(`logging.te',` optional_policy(`logging',`
logging_send_syslog_msg(amanda_t) logging_send_syslog_msg(amanda_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(amanda_t) nis_use_ypbind(amanda_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(amanda_t) nscd_use_socket(amanda_t)
') ')
@ -248,10 +248,10 @@ sysnet_read_config(amanda_recover_t)
userdom_search_sysadm_home_subdirs(amanda_recover_t) userdom_search_sysadm_home_subdirs(amanda_recover_t)
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(amanda_recover_t) mount_send_nfs_client_request(amanda_recover_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(amanda_recover_t) nis_use_ypbind(amanda_recover_t)
') ')

12
refpolicy/policy/modules/admin/anaconda.te
View File

@ -31,28 +31,28 @@ ifdef(`distro_redhat',`
bootloader_create_runtime_file(anaconda_t) bootloader_create_runtime_file(anaconda_t)
') ')
optional_policy(`dmesg.te',` optional_policy(`dmesg',`
dmesg_domtrans(anaconda_t) dmesg_domtrans(anaconda_t)
') ')
optional_policy(`kudzu.te',` optional_policy(`kudzu',`
kudzu_domtrans(anaconda_t) kudzu_domtrans(anaconda_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
rpm_domtrans(anaconda_t) rpm_domtrans(anaconda_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_domtrans(anaconda_t) udev_domtrans(anaconda_t)
') ')
optional_policy(`usermanage.te',` optional_policy(`usermanage',`
usermanage_domtrans_admin_passwd(anaconda_t) usermanage_domtrans_admin_passwd(anaconda_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`ssh.te',` optional_policy(`ssh',`
role system_r types sysadm_ssh_agent_t; role system_r types sysadm_ssh_agent_t;
domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t) domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
') ')

24
refpolicy/policy/modules/admin/consoletype.te
View File

@ -67,60 +67,60 @@ ifdef(`distro_redhat',`
fs_use_tmpfs_chr_dev(consoletype_t) fs_use_tmpfs_chr_dev(consoletype_t)
') ')
optional_policy(`apm.te',` optional_policy(`apm',`
apm_use_fd(consoletype_t) apm_use_fd(consoletype_t)
apm_write_pipe(consoletype_t) apm_write_pipe(consoletype_t)
') ')
optional_policy(`authlogin.te', ` optional_policy(`authlogin', `
auth_read_pam_pid(consoletype_t) auth_read_pam_pid(consoletype_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_read_pipe(consoletype_t) cron_read_pipe(consoletype_t)
cron_use_system_job_fd(consoletype_t) cron_use_system_job_fd(consoletype_t)
') ')
optional_policy(`firstboot.te',` optional_policy(`firstboot',`
files_read_etc_files(consoletype_t) files_read_etc_files(consoletype_t)
firstboot_use_fd(consoletype_t) firstboot_use_fd(consoletype_t)
firstboot_write_pipe(consoletype_t) firstboot_write_pipe(consoletype_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_dontaudit_use_fd(consoletype_t) logrotate_dontaudit_use_fd(consoletype_t)
') ')
optional_policy(`lpd.te',` optional_policy(`lpd',`
lpd_read_config(consoletype_t) lpd_read_config(consoletype_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(consoletype_t) nis_use_ypbind(consoletype_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
# Commonly used from postinst scripts # Commonly used from postinst scripts
rpm_read_pipe(consoletype_t) rpm_read_pipe(consoletype_t)
') ')
optional_policy(`userdomain.te',` optional_policy(`userdomain',`
userdom_use_unpriv_users_fd(consoletype_t) userdom_use_unpriv_users_fd(consoletype_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`xdm.te', ` optional_policy(`xdm', `
allow consoletype_t xdm_tmp_t:file rw_file_perms; allow consoletype_t xdm_tmp_t:file rw_file_perms;
') ')
# this goes to xdm module # this goes to xdm module
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
optional_policy(`consoletype.te',` optional_policy(`consoletype',`
consoletype_domtrans(xdm_t) consoletype_domtrans(xdm_t)
') ')
') ')
optional_policy(`lpd.te', ` optional_policy(`lpd', `
allow consoletype_t printconf_t:file r_file_perms; allow consoletype_t printconf_t:file r_file_perms;
') ')

6
refpolicy/policy/modules/admin/dmesg.te
View File

@ -62,16 +62,16 @@ ifdef(`targeted_policy',`
userdom_use_sysadm_terms(dmesg_t) userdom_use_sysadm_terms(dmesg_t)
userdom_dontaudit_use_unpriv_user_fd(dmesg_t) userdom_dontaudit_use_unpriv_user_fd(dmesg_t)
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dmesg_t) seutil_sigchld_newrole(dmesg_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(dmesg_t) udev_read_db(dmesg_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(dmesg_t) rhgb_domain(dmesg_t)
') ')
') dnl endif TODO ') dnl endif TODO

6
refpolicy/policy/modules/admin/firstboot.te
View File

@ -111,15 +111,15 @@ ifdef(`targeted_policy',`
unconfined_domtrans(firstboot_t) unconfined_domtrans(firstboot_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(firstboot_t) nis_use_ypbind(firstboot_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_rw_config(firstboot_t) samba_rw_config(firstboot_t)
') ')
optional_policy(`usermanage.te',` optional_policy(`usermanage',`
usermanage_domtrans_chfn(firstboot_t) usermanage_domtrans_chfn(firstboot_t)
usermanage_domtrans_groupadd(firstboot_t) usermanage_domtrans_groupadd(firstboot_t)
usermanage_domtrans_passwd(firstboot_t) usermanage_domtrans_passwd(firstboot_t)

18
refpolicy/policy/modules/admin/kudzu.te
View File

@ -134,37 +134,37 @@ tunable_policy(`allow_execmem',`
allow kudzu_t self:process execmem; allow kudzu_t self:process execmem;
') ')
optional_policy(`gpm.te',` optional_policy(`gpm',`
gpm_getattr_gpmctl(kudzu_t) gpm_getattr_gpmctl(kudzu_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(kudzu_t) nscd_use_socket(kudzu_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(kudzu_t) seutil_sigchld_newrole(kudzu_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(kudzu_t) udev_read_db(kudzu_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
allow kudzu_t modules_conf_t:file unlink; allow kudzu_t modules_conf_t:file unlink;
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(kudzu_t) rhgb_domain(kudzu_t)
') ')
optional_policy(`lpd.te',` optional_policy(`lpd',`
allow kudzu_t printconf_t:file { getattr read }; allow kudzu_t printconf_t:file { getattr read };
') ')
optional_policy(`xserver.te',` optional_policy(`xserver',`
allow kudzu_t xserver_exec_t:file getattr; allow kudzu_t xserver_exec_t:file getattr;
') ')
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
allow kudzu_t rhgb_t:unix_stream_socket connectto; allow kudzu_t rhgb_t:unix_stream_socket connectto;
') ')
optional_policy(`userhelper.te',` optional_policy(`userhelper',`
role system_r types sysadm_userhelper_t; role system_r types sysadm_userhelper_t;
domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t) domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t)
') ')

20
refpolicy/policy/modules/admin/logrotate.te
View File

@ -131,52 +131,52 @@ ifdef(`targeted_policy',`
unconfined_domain_template(logrotate_t) unconfined_domain_template(logrotate_t)
') ')
optional_policy(`acct.te',` optional_policy(`acct',`
acct_domtrans(logrotate_t) acct_domtrans(logrotate_t)
acct_manage_data(logrotate_t) acct_manage_data(logrotate_t)
acct_exec_data(logrotate_t) acct_exec_data(logrotate_t)
') ')
optional_policy(`apache.te',` optional_policy(`apache',`
apache_read_config(logrotate_t) apache_read_config(logrotate_t)
apache_domtrans(logrotate_t) apache_domtrans(logrotate_t)
apache_signull(logrotate_t) apache_signull(logrotate_t)
') ')
optional_policy(`consoletype.te',` optional_policy(`consoletype',`
consoletype_exec(logrotate_t) consoletype_exec(logrotate_t)
') ')
optional_policy(`hostname.te',` optional_policy(`hostname',`
hostname_exec(logrotate_t) hostname_exec(logrotate_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_exec_log(logrotate_t) samba_exec_log(logrotate_t)
') ')
optional_policy(`mailman.te',` optional_policy(`mailman',`
mailman_exec(logrotate_t) mailman_exec(logrotate_t)
mailman_search_data(logrotate_t) mailman_search_data(logrotate_t)
mailman_manage_log(logrotate_t) mailman_manage_log(logrotate_t)
') ')
optional_policy(`mysql.te',` optional_policy(`mysql',`
mysql_read_config(logrotate_t) mysql_read_config(logrotate_t)
mysql_search_db_dir(logrotate_t) mysql_search_db_dir(logrotate_t)
mysql_stream_connect(logrotate_t) mysql_stream_connect(logrotate_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(logrotate_t) nis_use_ypbind(logrotate_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(logrotate_t) nscd_use_socket(logrotate_t)
') ')
optional_policy(`squid.te',` optional_policy(`squid',`
# cjp: why? # cjp: why?
squid_domtrans(logrotate_t) squid_domtrans(logrotate_t)
') ')

14
refpolicy/policy/modules/admin/netutils.te
View File

@ -82,7 +82,7 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(netutils_t) term_use_unallocated_tty(netutils_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(netutils_t) nis_use_ypbind(netutils_t)
') ')
@ -144,19 +144,19 @@ ifdef(`targeted_policy',`
') ')
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(ping_t) nis_use_ypbind(ping_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(ping_t) nscd_use_socket(ping_t)
') ')
optional_policy(`pcmcia.te',` optional_policy(`pcmcia',`
pcmcia_use_cardmgr_fd(ping_t) pcmcia_use_cardmgr_fd(ping_t)
') ')
optional_policy(`hotplug.te',` optional_policy(`hotplug',`
hotplug_use_fd(ping_t) hotplug_use_fd(ping_t)
') ')
@ -225,11 +225,11 @@ tunable_policy(`user_ping',`
term_use_all_user_ptys(traceroute_t) term_use_all_user_ptys(traceroute_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(traceroute_t) nis_use_ypbind(traceroute_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(traceroute_t) nscd_use_socket(traceroute_t)
') ')

6
refpolicy/policy/modules/admin/quota.te
View File

@ -67,11 +67,11 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(quota_t) files_dontaudit_read_root_file(quota_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(quota_t) seutil_sigchld_newrole(quota_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(quota_t) udev_read_db(quota_t)
') ')
@ -82,7 +82,7 @@ file_type_auto_trans(quota_t, { root_t home_root_t var_t usr_t src_t var_spool_t
allow quota_t file_t:file quotaon; allow quota_t file_t:file quotaon;
allow quota_t proc_t:file getattr; allow quota_t proc_t:file getattr;
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(quota_t) rhgb_domain(quota_t)
') ')
') dnl end TODO ') dnl end TODO

26
refpolicy/policy/modules/admin/rpm.te
View File

@ -177,15 +177,15 @@ ifdef(`targeted_policy',`
logging_create_log(rpm_t,rpm_log_t) logging_create_log(rpm_t,rpm_log_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(rpm_t,rpm_exec_t) cron_system_entry(rpm_t,rpm_exec_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(rpm_t) mount_send_nfs_client_request(rpm_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(rpm_t) nis_use_ypbind(rpm_t)
') ')
@ -205,7 +205,7 @@ allow rpm_t mount_t:tcp_socket write;
allow rpm_t rpc_pipefs_t:dir search; allow rpm_t rpc_pipefs_t:dir search;
optional_policy(`gnome-pty-helper.te', ` optional_policy(`gnome-pty-helper',`
allow rpm_t sysadm_gph_t:fd use; allow rpm_t sysadm_gph_t:fd use;
') ')
') dnl endif TODO ') dnl endif TODO
@ -322,12 +322,12 @@ ifdef(`targeted_policy',`
unconfined_domain_template(rpm_script_t) unconfined_domain_template(rpm_script_t)
',` ',`
ifdef(`distro_redhat',` ifdef(`distro_redhat',`
optional_policy(`mta.te',` optional_policy(`mta',`
mta_send_mail(rpm_script_t) mta_send_mail(rpm_script_t)
') ')
') ')
optional_policy(`bootloader.te',` optional_policy(`bootloader',`
bootloader_domtrans(rpm_script_t) bootloader_domtrans(rpm_script_t)
') ')
') ')
@ -336,17 +336,17 @@ tunable_policy(`allow_execmem',`
allow rpm_script_t self:process execmem; allow rpm_script_t self:process execmem;
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(rpm_script_t) nis_use_ypbind(rpm_script_t)
') ')
optional_policy(`usermanage.te',` optional_policy(`usermanage',`
usermanage_domtrans_groupadd(rpm_script_t) usermanage_domtrans_groupadd(rpm_script_t)
usermanage_domtrans_useradd(rpm_script_t) usermanage_domtrans_useradd(rpm_script_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`lpd.te', ` optional_policy(`lpd',`
can_exec(rpm_script_t,printconf_t) can_exec(rpm_script_t,printconf_t)
') ')
') dnl end TODO ') dnl end TODO
@ -371,7 +371,7 @@ seutil_read_src_pol(rpmbuild_t)
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`cups.te', ` optional_policy(`cups',`
allow cupsd_t rpm_var_lib_t:dir r_dir_perms; allow cupsd_t rpm_var_lib_t:dir r_dir_perms;
allow cupsd_t rpm_var_lib_t:file r_file_perms; allow cupsd_t rpm_var_lib_t:file r_file_perms;
allow cupsd_t rpb_var_lib_t:lnk_file r_file_perms; allow cupsd_t rpb_var_lib_t:lnk_file r_file_perms;
@ -379,16 +379,16 @@ allow cupsd_t initrc_exec_t:file r_file_perms;
domain_auto_trans(rpm_script_t, cupsd_exec_t, cupsd_t) domain_auto_trans(rpm_script_t, cupsd_exec_t, cupsd_t)
') ')
optional_policy(`ssh-agent.te', ` optional_policy(`ssh-agent',`
domain_auto_trans(rpm_script_t, ssh_agent_exec_t, sysadm_ssh_agent_t) domain_auto_trans(rpm_script_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
') ')
optional_policy(`prelink.te', ` optional_policy(`prelink',`
domain_auto_trans(rpm_t, prelink_exec_t, prelink_t) domain_auto_trans(rpm_t, prelink_exec_t, prelink_t)
') ')
ifdef(`hide_broken_symptoms', ` ifdef(`hide_broken_symptoms', `
optional_policy(`pamconsole.te', ` optional_policy(`pamconsole',`
domain_trans(rpm_t, pam_console_exec_t, rpm_script_t) domain_trans(rpm_t, pam_console_exec_t, rpm_script_t)
') ')
') ')

12
refpolicy/policy/modules/admin/su.if
View File

@ -77,15 +77,15 @@ template(`su_restricted_domain_template', `
# Only allow transitions to unprivileged user domains. # Only allow transitions to unprivileged user domains.
userdom_spec_domtrans_unpriv_users($1_su_t) userdom_spec_domtrans_unpriv_users($1_su_t)
optional_policy(`cron.te',` optional_policy(`cron',`
cron_read_pipe($1_su_t) cron_read_pipe($1_su_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1_su_t) kerberos_use($1_su_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_su_t) nscd_use_socket($1_su_t)
') ')
@ -247,15 +247,15 @@ template(`su_per_userdomain_template',`
fs_search_cifs($1_su_t) fs_search_cifs($1_su_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_read_pipe($1_su_t) cron_read_pipe($1_su_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1_su_t) kerberos_use($1_su_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_su_t) nscd_use_socket($1_su_t)
') ')

4
refpolicy/policy/modules/admin/sudo.if
View File

@ -155,11 +155,11 @@ template(`sudo_per_userdomain_template',`
userdom_spec_domtrans_all_users($1_sudo_t) userdom_spec_domtrans_all_users($1_sudo_t)
} }
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_sudo_t) nis_use_ypbind($1_sudo_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_sudo_t) nscd_use_socket($1_sudo_t)
') ')

18
refpolicy/policy/modules/admin/updfstab.te
View File

@ -89,45 +89,45 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(updfstab_t) files_dontaudit_read_root_file(updfstab_t)
') ')
optional_policy(`authlogin.te',` optional_policy(`authlogin',`
auth_domtrans_pam_console(updfstab_t) auth_domtrans_pam_console(updfstab_t)
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
dbus_system_bus_client_template(updfstab,updfstab_t) dbus_system_bus_client_template(updfstab,updfstab_t)
dbus_send_system_bus_msg(updfstab_t) dbus_send_system_bus_msg(updfstab_t)
') ')
optional_policy(`hald.te',` optional_policy(`hald',`
hal_stream_connect(updfstab_t) hal_stream_connect(updfstab_t)
') ')
optional_policy(`modutils.te',` optional_policy(`modutils',`
modutils_read_module_conf(updfstab_t) modutils_read_module_conf(updfstab_t)
modutils_exec_insmod(updfstab_t) modutils_exec_insmod(updfstab_t)
modutils_read_mods_deps(updfstab_t) modutils_read_mods_deps(updfstab_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(updfstab_t) nscd_use_socket(updfstab_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(updfstab_t) seutil_sigchld_newrole(updfstab_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(updfstab_t) udev_read_db(updfstab_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(updfstab_t) rhgb_domain(updfstab_t)
') ')
allow updfstab_t tmpfs_t:dir getattr; allow updfstab_t tmpfs_t:dir getattr;
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
allow initrc_t updfstab_t:dbus send_msg; allow initrc_t updfstab_t:dbus send_msg;
allow updfstab_t initrc_t:dbus send_msg; allow updfstab_t initrc_t:dbus send_msg;
') ')

20
refpolicy/policy/modules/admin/usermanage.te
View File

@ -132,7 +132,7 @@ userdom_use_unpriv_users_fd(chfn_t)
# on user home dir # on user home dir
userdom_dontaudit_search_all_users_home(chfn_t) userdom_dontaudit_search_all_users_home(chfn_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(chfn_t) nis_use_ypbind(chfn_t)
') ')
@ -178,7 +178,7 @@ logging_send_syslog_msg(crack_t)
userdom_dontaudit_search_sysadm_home_dir(crack_t) userdom_dontaudit_search_sysadm_home_dir(crack_t)
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(crack_t,crack_exec_t) cron_system_entry(crack_t,crack_exec_t)
') ')
@ -246,15 +246,15 @@ userdom_use_unpriv_users_fd(groupadd_t)
# for when /root is the cwd # for when /root is the cwd
userdom_dontaudit_search_sysadm_home_dir(groupadd_t) userdom_dontaudit_search_sysadm_home_dir(groupadd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(groupadd_t) nis_use_ypbind(groupadd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(groupadd_t) nscd_use_socket(groupadd_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
rpm_use_fd(groupadd_t) rpm_use_fd(groupadd_t)
rpm_rw_pipe(groupadd_t) rpm_rw_pipe(groupadd_t)
') ')
@ -339,7 +339,7 @@ userdom_use_unpriv_users_fd(passwd_t)
# on user home dir # on user home dir
userdom_dontaudit_search_all_users_home(passwd_t) userdom_dontaudit_search_all_users_home(passwd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(passwd_t) nis_use_ypbind(passwd_t)
') ')
@ -435,7 +435,7 @@ userdom_use_unpriv_users_fd(sysadm_passwd_t)
# on user home dir # on user home dir
userdom_dontaudit_search_all_users_home(sysadm_passwd_t) userdom_dontaudit_search_all_users_home(sysadm_passwd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(sysadm_passwd_t) nis_use_ypbind(sysadm_passwd_t)
') ')
@ -530,15 +530,15 @@ userdom_create_generic_user_home(useradd_t,notdevfile_class_set)
mta_manage_spool(useradd_t) mta_manage_spool(useradd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(useradd_t) nis_use_ypbind(useradd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(useradd_t) nscd_use_socket(useradd_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
rpm_use_fd(useradd_t) rpm_use_fd(useradd_t)
rpm_rw_pipe(useradd_t) rpm_rw_pipe(useradd_t)
') ')

6
refpolicy/policy/modules/admin/vpn.te
View File

@ -98,14 +98,14 @@ sysnet_manage_config(vpnc_t)
userdom_use_all_user_fd(vpnc_t) userdom_use_all_user_fd(vpnc_t)
userdom_dontaudit_search_all_users_home(vpnc_t) userdom_dontaudit_search_all_users_home(vpnc_t)
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(vpnc_t) mount_send_nfs_client_request(vpnc_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(vpnc_t) nis_use_ypbind(vpnc_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(vpnc_t) nscd_use_socket(vpnc_t)
') ')

2
refpolicy/policy/modules/apps/gpg.if
View File

@ -125,7 +125,7 @@ template(`gpg_per_userdomain_template',`
userdom_use_user_terminals($1,$1_gpg_t) userdom_use_user_terminals($1,$1_gpg_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_gpg_t) nis_use_ypbind($1_gpg_t)
') ')

8
refpolicy/policy/modules/apps/webalizer.te
View File

@ -95,18 +95,18 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(webalizer_t) term_use_unallocated_tty(webalizer_t)
') ')
optional_policy(`ftp.te',` optional_policy(`ftp',`
ftp_read_log(webalizer_t) ftp_read_log(webalizer_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(webalizer_t) nis_use_ypbind(webalizer_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(webalizer_t) nscd_use_socket(webalizer_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(webalizer_t,webalizer_exec_t) cron_system_entry(webalizer_t,webalizer_exec_t)
') ')

12
refpolicy/policy/modules/kernel/bootloader.te
View File

@ -200,18 +200,18 @@ ifdef(`targeted_policy',`
term_use_generic_pty(bootloader_t) term_use_generic_pty(bootloader_t)
') ')
optional_policy(`fstools.te',` optional_policy(`fstools',`
fstools_exec(bootloader_t) fstools_exec(bootloader_t)
') ')
optional_policy(`lvm.te',` optional_policy(`lvm',`
dev_rw_lvm_control(bootloader_t) dev_rw_lvm_control(bootloader_t)
lvm_domtrans(bootloader_t) lvm_domtrans(bootloader_t)
lvm_read_config(bootloader_t) lvm_read_config(bootloader_t)
') ')
optional_policy(`modutils.te',` optional_policy(`modutils',`
modutils_exec_insmod(bootloader_t) modutils_exec_insmod(bootloader_t)
modutils_read_mods_deps(bootloader_t) modutils_read_mods_deps(bootloader_t)
modutils_read_module_conf(bootloader_t) modutils_read_module_conf(bootloader_t)
@ -220,15 +220,15 @@ optional_policy(`modutils.te',`
modutils_exec_update_mods(bootloader_t) modutils_exec_update_mods(bootloader_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(bootloader_t) nscd_use_socket(bootloader_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
rpm_rw_pipe(bootloader_t) rpm_rw_pipe(bootloader_t)
') ')
optional_policy(`userdomain.te',` optional_policy(`userdomain',`
userdom_dontaudit_search_staff_home_dir(bootloader_t) userdom_dontaudit_search_staff_home_dir(bootloader_t)
userdom_dontaudit_search_sysadm_home_dir(bootloader_t) userdom_dontaudit_search_sysadm_home_dir(bootloader_t)
') ')

4
refpolicy/policy/modules/kernel/kernel.te
View File

@ -230,11 +230,11 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(kernel_t) files_read_default_pipes(kernel_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(kernel_t) nis_use_ypbind(kernel_t)
') ')
optional_policy(`rpc.te',` optional_policy(`rpc',`
# nfs kernel server needs kernel UDP access. It is less risky and painful # nfs kernel server needs kernel UDP access. It is less risky and painful
# to just give it everything. # to just give it everything.
allow kernel_t self:tcp_socket create_stream_socket_perms; allow kernel_t self:tcp_socket create_stream_socket_perms;

8
refpolicy/policy/modules/services/apache.if
View File

@ -206,24 +206,24 @@ template(`apache_content_template',`
sysnet_read_config(httpd_$1_script_t) sysnet_read_config(httpd_$1_script_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',` tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
mount_send_nfs_client_request(httpd_$1_script_t) mount_send_nfs_client_request(httpd_$1_script_t)
') ')
') ')
optional_policy(`mta.te',` optional_policy(`mta',`
mta_send_mail(httpd_$1_script_t) mta_send_mail(httpd_$1_script_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
tunable_policy(`httpd_enable_cgi && allow_ypbind',` tunable_policy(`httpd_enable_cgi && allow_ypbind',`
nis_use_ypbind_uncond(httpd_$1_script_t) nis_use_ypbind_uncond(httpd_$1_script_t)
') ')
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(httpd_$1_script_t) nscd_use_socket(httpd_$1_script_t)
') ')
') ')

34
refpolicy/policy/modules/services/apache.te
View File

@ -383,11 +383,11 @@ tunable_policy(`httpd_tty_comm',`
userdom_dontaudit_use_sysadm_terms(httpd_t) userdom_dontaudit_use_sysadm_terms(httpd_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(httpd_t) kerberos_use(httpd_t)
') ')
optional_policy(`mailman.te',` optional_policy(`mailman',`
mailman_signal_cgi(httpd_t) mailman_signal_cgi(httpd_t)
mailman_domtrans_cgi(httpd_t) mailman_domtrans_cgi(httpd_t)
# should have separate types for public and private archives # should have separate types for public and private archives
@ -395,30 +395,30 @@ optional_policy(`mailman.te',`
mailman_read_archive(httpd_t) mailman_read_archive(httpd_t)
') ')
optional_policy(`mysql.te',` optional_policy(`mysql',`
mysql_stream_connect(httpd_t) mysql_stream_connect(httpd_t)
mysql_rw_db_socket(httpd_t) mysql_rw_db_socket(httpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(httpd_t) nscd_use_socket(httpd_t)
') ')
optional_policy(`postgresql.te',` optional_policy(`postgresql',`
# Allow httpd to work with postgresql # Allow httpd to work with postgresql
postgresql_unix_connect(httpd_t) postgresql_unix_connect(httpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(httpd_t) seutil_sigchld_newrole(httpd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev', `
udev_read_db(httpd_t) udev_read_db(httpd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(httpd_t) rhgb_domain(httpd_t)
') ')
@ -492,11 +492,11 @@ libs_use_shared_libs(httpd_php_t)
userdom_use_unpriv_users_fd(httpd_php_t) userdom_use_unpriv_users_fd(httpd_php_t)
optional_policy(`mysql.te',` optional_policy(`mysql',`
mysql_stream_connect(httpd_php_t) mysql_stream_connect(httpd_php_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(httpd_php_t) nis_use_ypbind(httpd_php_t)
') ')
@ -610,28 +610,28 @@ tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_execute_cifs_files(httpd_suexec_t) fs_execute_cifs_files(httpd_suexec_t)
') ')
optional_policy(`mailman.te',` optional_policy(`mailman',`
mailman_domtrans_cgi(httpd_suexec_t) mailman_domtrans_cgi(httpd_suexec_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
tunable_policy(`httpd_can_network_connect',` tunable_policy(`httpd_can_network_connect',`
mount_send_nfs_client_request(httpd_suexec_t) mount_send_nfs_client_request(httpd_suexec_t)
') ')
') ')
optional_policy(`mta.te',` optional_policy(`mta',`
mta_stub(httpd_suexec_t) mta_stub(httpd_suexec_t)
# apache should set close-on-exec # apache should set close-on-exec
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write }; dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(httpd_suexec_t) nis_use_ypbind(httpd_suexec_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(httpd_suexec_t) nscd_use_socket(httpd_suexec_t)
') ')
@ -665,7 +665,7 @@ ifdef(`targeted_policy',`
') ')
') ')
optional_policy(`mysql.te',` optional_policy(`mysql',`
mysql_stream_connect(httpd_sys_script_t) mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_socket(httpd_sys_script_t) mysql_rw_db_socket(httpd_sys_script_t)
') ')
@ -677,6 +677,6 @@ optional_policy(`mysql.te',`
unconfined_domain_template(httpd_unconfined_script_t) unconfined_domain_template(httpd_unconfined_script_t)
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(httpd_unconfined_script_t) nscd_use_socket(httpd_unconfined_script_t)
') ')

26
refpolicy/policy/modules/services/apm.te
View File

@ -155,15 +155,15 @@ ifdef(`distro_redhat',`
can_exec(apmd_t, apmd_var_run_t) can_exec(apmd_t, apmd_var_run_t)
# ifconfig_exec_t needs to be run in its own domain for Red Hat # ifconfig_exec_t needs to be run in its own domain for Red Hat
optional_policy(`sysnetwork.te',` optional_policy(`sysnetwork',`
sysnet_domtrans_ifconfig(apmd_t) sysnet_domtrans_ifconfig(apmd_t)
') ')
optional_policy(`iptables.te',` optional_policy(`iptables',`
iptables_domtrans(apmd_t) iptables_domtrans(apmd_t)
') ')
optional_policy(`netutils.te',` optional_policy(`netutils',`
netutils_domtrans(apmd_t) netutils_domtrans(apmd_t)
') ')
@ -186,37 +186,37 @@ ifdef(`targeted_policy',`
unconfined_domain_template(apmd_t) unconfined_domain_template(apmd_t)
') ')
optional_policy(`clock.te',` optional_policy(`clock',`
clock_domtrans(apmd_t) clock_domtrans(apmd_t)
clock_rw_adjtime(apmd_t) clock_rw_adjtime(apmd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_domtrans_anacron_system_job(apmd_t) cron_domtrans_anacron_system_job(apmd_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_use_fd(apmd_t) logrotate_use_fd(apmd_t)
') ')
optional_policy(`mta.te',` optional_policy(`mta',`
mta_send_mail(apmd_t) mta_send_mail(apmd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(apmd_t) nscd_use_socket(apmd_t)
') ')
optional_policy(`pcmcia.te',` optional_policy(`pcmcia',`
pcmcia_domtrans_cardmgr(apmd_t) pcmcia_domtrans_cardmgr(apmd_t)
pcmcia_domtrans_cardctl(apmd_t) pcmcia_domtrans_cardctl(apmd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(apmd_t) seutil_sigchld_newrole(apmd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(apmd_t) udev_read_db(apmd_t)
udev_read_state(apmd_t) #necessary? udev_read_state(apmd_t) #necessary?
') ')
@ -224,13 +224,13 @@ optional_policy(`udev.te',`
ifdef(`TODO',` ifdef(`TODO',`
allow apmd_t proc_t:file write; allow apmd_t proc_t:file write;
allow apmd_t user_tty_type:chr_file { ioctl read getattr lock write append }; allow apmd_t user_tty_type:chr_file { ioctl read getattr lock write append };
optional_policy(`cron.te',` optional_policy(`cron',`
allow apmd_t crond_t:fifo_file { getattr read write ioctl }; allow apmd_t crond_t:fifo_file { getattr read write ioctl };
') ')
r_dir_file(apmd_t, hwdata_t) r_dir_file(apmd_t, hwdata_t)
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(apmd_t) rhgb_domain(apmd_t)
') ')
') ')

10
refpolicy/policy/modules/services/arpwatch.te
View File

@ -98,25 +98,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(arpwatch_t) files_dontaudit_read_root_file(arpwatch_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(arpwatch_t) nis_use_ypbind(arpwatch_t)
') ')
optional_policy(`qmail.te',` optional_policy(`qmail',`
corecmd_search_bin(arpwatch_t) corecmd_search_bin(arpwatch_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(arpwatch_t) seutil_sigchld_newrole(arpwatch_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(arpwatch_t) udev_read_db(arpwatch_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
# TODO from daemon_domain # TODO from daemon_domain
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(arpwatch_t) rhgb_domain(arpwatch_t)
') ')
') ')

10
refpolicy/policy/modules/services/avahi.te
View File

@ -86,7 +86,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(avahi_t) files_dontaudit_read_root_file(avahi_t)
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
dbus_system_bus_client_template(avahi,avahi_t) dbus_system_bus_client_template(avahi,avahi_t)
dbus_connect_system_bus(avahi_t) dbus_connect_system_bus(avahi_t)
dbus_send_system_bus_msg(avahi_t) dbus_send_system_bus_msg(avahi_t)
@ -96,20 +96,20 @@ optional_policy(`dbus.te',`
allow unconfined_t avahi_t:dbus send_msg; allow unconfined_t avahi_t:dbus send_msg;
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(avahi_t) nis_use_ypbind(avahi_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(avahi_t) seutil_sigchld_newrole(avahi_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(avahi_t) udev_read_db(avahi_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(avahi_t) rhgb_domain(avahi_t)
') ')
') dnl end TODO ') dnl end TODO

24
refpolicy/policy/modules/services/bind.te
View File

@ -150,7 +150,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(named_t) files_dontaudit_read_root_file(named_t)
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
gen_require(` gen_require(`
class dbus send_msg; class dbus send_msg;
') ')
@ -161,19 +161,19 @@ optional_policy(`dbus.te',`
dbus_send_system_bus_msg(named_t) dbus_send_system_bus_msg(named_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(named_t) nis_use_ypbind(named_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(named_t) nscd_use_socket(named_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(named_t) seutil_sigchld_newrole(named_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(named_t) udev_read_db(named_t)
') ')
@ -181,7 +181,7 @@ ifdef(`TODO',`
can_udp_send(domain, named_t) can_udp_send(domain, named_t)
can_udp_send(named_t, domain) can_udp_send(named_t, domain)
can_tcp_connect(domain, named_t) can_tcp_connect(domain, named_t)
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(named_t) rhgb_domain(named_t)
') ')
') ')
@ -259,19 +259,19 @@ tunable_policy(`named_write_master_zones',`
allow named_t named_zone_t:lnk_file create_lnk_perms; allow named_t named_zone_t:lnk_file create_lnk_perms;
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(named_t) mount_send_nfs_client_request(named_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(ndc_t) nis_use_ypbind(ndc_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(ndc_t) nscd_use_socket(ndc_t)
') ')
optional_policy(`bind.te',` optional_policy(`bind',`
ppp_dontaudit_use_fd(ndc_t) ppp_dontaudit_use_fd(ndc_t)
') ')
@ -286,12 +286,12 @@ allow named_t dhcpc_t:dbus send_msg;
allow dhcpc_t named_t:dbus send_msg; allow dhcpc_t named_t:dbus send_msg;
# cjp: this whole block was originally in networkmanager # cjp: this whole block was originally in networkmanager
optional_policy(`networkmanager.te',` optional_policy(`networkmanager',`
gen_require(` gen_require(`
type NetworkManager_t; type NetworkManager_t;
') ')
# optional_policy(`dbus.te',` # optional_policy(`dbus',`
# gen_require(` # gen_require(`
# class dbus send_msg; # class dbus send_msg;
# ') # ')

12
refpolicy/policy/modules/services/bluetooth.te
View File

@ -141,25 +141,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(bluetooth_t) files_dontaudit_read_root_file(bluetooth_t)
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
dbus_system_bus_client_template(bluetooth,bluetooth_t) dbus_system_bus_client_template(bluetooth,bluetooth_t)
dbus_send_system_bus_msg(bluetooth_t) dbus_send_system_bus_msg(bluetooth_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(bluetooth_t) nis_use_ypbind(bluetooth_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(bluetooth_t) seutil_sigchld_newrole(bluetooth_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(bluetooth_t) udev_read_db(bluetooth_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(bluetooth_t) rhgb_domain(bluetooth_t)
') ')
') dnl end TOOD ') dnl end TOOD
@ -208,7 +208,7 @@ miscfiles_read_fonts(bluetooth_helper_t)
userdom_search_all_users_home(bluetooth_helper_t) userdom_search_all_users_home(bluetooth_helper_t)
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(bluetooth_helper_t) nscd_use_socket(bluetooth_helper_t)
') ')

10
refpolicy/policy/modules/services/canna.te
View File

@ -94,24 +94,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(canna_t) files_dontaudit_read_root_file(canna_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(canna_t) nis_use_ypbind(canna_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(canna_t) seutil_sigchld_newrole(canna_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(canna_t) udev_read_db(canna_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(canna_t) rhgb_domain(canna_t)
') ')
optional_policy(`canna.te',` optional_policy(`canna',`
canna_stream_connect(i18n_input_t) canna_stream_connect(i18n_input_t)
') ')
') ')

6
refpolicy/policy/modules/services/comsat.te
View File

@ -79,15 +79,15 @@ userdom_dontaudit_getattr_sysadm_tty(comsat_t)
mta_getattr_spool(comsat_t) mta_getattr_spool(comsat_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(comsat_t) kerberos_use(comsat_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(comsat_t) nis_use_ypbind(comsat_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(comsat_t) nscd_use_socket(comsat_t)
') ')

16
refpolicy/policy/modules/services/cpucontrol.te
View File

@ -61,20 +61,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cpucontrol_t) files_dontaudit_read_root_file(cpucontrol_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(cpucontrol_t) nscd_use_socket(cpucontrol_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cpucontrol_t) seutil_sigchld_newrole(cpucontrol_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(cpucontrol_t) udev_read_db(cpucontrol_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(cpucontrol_t) rhgb_domain(cpucontrol_t)
') ')
') dnl end TODO ') dnl end TODO
@ -121,20 +121,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cpuspeed_t) files_dontaudit_read_root_file(cpuspeed_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(cpuspeed_t) nscd_use_socket(cpuspeed_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cpuspeed_t) seutil_sigchld_newrole(cpuspeed_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(cpuspeed_t) udev_read_db(cpuspeed_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(cpuspeed_t) rhgb_domain(cpuspeed_t)
') ')
') dnl end TODO ') dnl end TODO

4
refpolicy/policy/modules/services/cron.if
View File

@ -146,12 +146,12 @@ template(`cron_per_userdomain_template',`
allow crond_t $1_cron_spool_t:file create_file_perms; allow crond_t $1_cron_spool_t:file create_file_perms;
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_crond_t) nis_use_ypbind($1_crond_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`apache.te', ` optional_policy(`apache',`
create_dir_file($1_crond_t, httpd_$1_content_t) create_dir_file($1_crond_t, httpd_$1_content_t)
') ')
allow $1_crond_t tmp_t:dir rw_dir_perms; allow $1_crond_t tmp_t:dir rw_dir_perms;

34
refpolicy/policy/modules/services/cron.te
View File

@ -133,7 +133,7 @@ userdom_use_unpriv_users_fd(crond_t)
ifdef(`distro_redhat', ` ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files # Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out. # via redirection of standard out.
optional_policy(`rpm.te', ` optional_policy(`rpm',`
rpm_manage_log(crond_t) rpm_manage_log(crond_t)
') ')
') ')
@ -170,29 +170,29 @@ tunable_policy(`fcron_crond', `
allow crond_t system_cron_spool_t:file create_file_perms; allow crond_t system_cron_spool_t:file create_file_perms;
') ')
optional_policy(`hal.te',` optional_policy(`hal',`
hal_dbus_send(crond_t) hal_dbus_send(crond_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(crond_t) nis_use_ypbind(crond_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(crond_t) nscd_use_socket(crond_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
# Commonly used from postinst scripts # Commonly used from postinst scripts
rpm_read_pipe(crond_t) rpm_read_pipe(crond_t)
') ')
optional_policy(`postgresql.te', ` optional_policy(`postgresql',`
# allow crond to find /usr/lib/postgresql/bin/do.maintenance # allow crond to find /usr/lib/postgresql/bin/do.maintenance
postgresql_search_db_dir(crond_t) postgresql_search_db_dir(crond_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(crond_t) udev_read_db(crond_t)
') ')
@ -200,7 +200,7 @@ ifdef(`TODO',`
# NB The constraints file has some entries for crond_t, this makes it # NB The constraints file has some entries for crond_t, this makes it
# different from all other domains... # different from all other domains...
optional_policy(`rhgb.te', ` optional_policy(`rhgb',`
rhgb_domain(crond_t) rhgb_domain(crond_t)
') ')
@ -222,7 +222,7 @@ allow crond_t user_home_dir_type:dir r_dir_perms;
# System cron process domain # System cron process domain
# #
optional_policy(`squid.te',` optional_policy(`squid',`
# cjp: why? # cjp: why?
squid_domtrans(system_crond_t) squid_domtrans(system_crond_t)
') ')
@ -352,7 +352,7 @@ ifdef(`targeted_policy',`
ifdef(`distro_redhat', ` ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files # Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out. # via redirection of standard out.
optional_policy(`rpm.te', ` optional_policy(`rpm',`
rpm_manage_log(system_crond_t) rpm_manage_log(system_crond_t)
') ')
') ')
@ -369,33 +369,33 @@ ifdef(`targeted_policy',`
seutil_read_file_contexts(system_crond_t) seutil_read_file_contexts(system_crond_t)
') ')
optional_policy(`cyrus.te',` optional_policy(`cyrus',`
cyrus_manage_data(system_crond_t) cyrus_manage_data(system_crond_t)
') ')
optional_policy(`ftp.te',` optional_policy(`ftp',`
ftp_read_log(system_crond_t) ftp_read_log(system_crond_t)
') ')
optional_policy(`inn.te',` optional_policy(`inn',`
inn_manage_log(system_crond_t) inn_manage_log(system_crond_t)
inn_manage_pid(system_crond_t) inn_manage_pid(system_crond_t)
inn_read_config(system_crond_t) inn_read_config(system_crond_t)
') ')
optional_policy(`mysql.te',` optional_policy(`mysql',`
mysql_read_config(system_crond_t) mysql_read_config(system_crond_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(system_crond_t) nis_use_ypbind(system_crond_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(system_crond_t) nscd_use_socket(system_crond_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_read_config(system_crond_t) samba_read_config(system_crond_t)
samba_read_log(system_crond_t) samba_read_log(system_crond_t)
#samba_read_secrets(system_crond_t) #samba_read_secrets(system_crond_t)

68
refpolicy/policy/modules/services/cups.te
View File

@ -198,35 +198,35 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cupsd_t) files_dontaudit_read_root_file(cupsd_t)
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd,cupsd_t) dbus_system_bus_client_template(cupsd,cupsd_t)
dbus_send_system_bus_msg(cupsd_t) dbus_send_system_bus_msg(cupsd_t)
allow cupsd_t userdomain:dbus send_msg; allow cupsd_t userdomain:dbus send_msg;
') ')
optional_policy(`hostname.te',` optional_policy(`hostname',`
hostname_exec(cupsd_t) hostname_exec(cupsd_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(cupsd_t) mount_send_nfs_client_request(cupsd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(cupsd_t) nscd_use_socket(cupsd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cupsd_t) seutil_sigchld_newrole(cupsd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(cupsd_t) udev_read_db(cupsd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(cupsd_t) rhgb_domain(cupsd_t)
') ')
allow web_client_domain cupsd_t:tcp_socket { connectto recvfrom }; allow web_client_domain cupsd_t:tcp_socket { connectto recvfrom };
@ -246,11 +246,11 @@ dontaudit cupsd_t random_device_t:chr_file ioctl;
# temporary solution, we need something better # temporary solution, we need something better
allow cupsd_t serial_device:chr_file rw_file_perms; allow cupsd_t serial_device:chr_file rw_file_perms;
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
domain_auto_trans(logrotate_t, cupsd_exec_t, cupsd_t) domain_auto_trans(logrotate_t, cupsd_exec_t, cupsd_t)
') ')
optional_policy(`inetd.te', ` optional_policy(`inetd',`
domain_auto_trans(inetd_t, cupsd_exec_t, cupsd_t) domain_auto_trans(inetd_t, cupsd_exec_t, cupsd_t)
') ')
@ -262,7 +262,7 @@ dontaudit cupsd_t etc_t:file write;
# Send to portmap. # Send to portmap.
optional_policy(`portmap.te', ` optional_policy(`portmap', `
allow cupsd_t portmap_t:udp_socket sendto; allow cupsd_t portmap_t:udp_socket sendto;
allow portmap_t cupsd_t:udp_socket recvfrom; allow portmap_t cupsd_t:udp_socket recvfrom;
allow portmap_t cupsd_t:udp_socket sendto; allow portmap_t cupsd_t:udp_socket sendto;
@ -281,7 +281,7 @@ allow cupsd_t var_t:dir { getattr read search };
allow cupsd_t var_t:file r_file_perms; allow cupsd_t var_t:file r_file_perms;
allow cupsd_t var_t:lnk_file { getattr read }; allow cupsd_t var_t:lnk_file { getattr read };
optional_policy(`samba.te', ` optional_policy(`samba',`
# cjp: rw_dir_perms here doesnt make sense # cjp: rw_dir_perms here doesnt make sense
allow cupsd_t samba_var_t:dir rw_dir_perms; allow cupsd_t samba_var_t:dir rw_dir_perms;
allow cupsd_t samba_var_t:file rw_file_perms; allow cupsd_t samba_var_t:file rw_file_perms;
@ -289,7 +289,7 @@ allow cupsd_t samba_var_t:lnk_file { getattr read };
allow smbd_t cupsd_etc_t:dir search; allow smbd_t cupsd_etc_t:dir search;
') ')
optional_policy(`pam.te', ` optional_policy(`authlogin',`
dontaudit cupsd_t pam_var_run_t:file { getattr read }; dontaudit cupsd_t pam_var_run_t:file { getattr read };
') ')
dontaudit cupsd_t { sysadm_home_dir_t staff_home_dir_t }:dir { getattr search }; dontaudit cupsd_t { sysadm_home_dir_t staff_home_dir_t }:dir { getattr search };
@ -369,16 +369,16 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ptal_t) files_dontaudit_read_root_file(ptal_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ptal_t) seutil_sigchld_newrole(ptal_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(ptal_t) udev_read_db(ptal_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(ptal_t) rhgb_domain(ptal_t)
') ')
') dnl end TODO ') dnl end TODO
@ -479,20 +479,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hplip_t) files_dontaudit_read_root_file(hplip_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(hplip_t) mount_send_nfs_client_request(hplip_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hplip_t) seutil_sigchld_newrole(hplip_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(hplip_t) udev_read_db(hplip_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(hplip_t) rhgb_domain(hplip_t)
') ')
') dnl end TODO ') dnl end TODO
@ -599,36 +599,36 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(cupsd_config_t) files_dontaudit_read_root_file(cupsd_config_t)
') ')
optional_policy(`hal.te',` optional_policy(`hal',`
hal_domtrans(cupsd_config_t) hal_domtrans(cupsd_config_t)
') ')
optional_policy(`hostname.te',` optional_policy(`hostname',`
hostname_exec(cupsd_config_t) hostname_exec(cupsd_config_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_use_fd(cupsd_config_t) logrotate_use_fd(cupsd_config_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(cupsd_config_t) nis_use_ypbind(cupsd_config_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(cupsd_config_t) nscd_use_socket(cupsd_config_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cupsd_config_t) seutil_sigchld_newrole(cupsd_config_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(cupsd_config_t) udev_read_db(cupsd_config_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(cupsd_config_t) rhgb_domain(cupsd_config_t)
') ')
') dnl end TODO ') dnl end TODO
@ -637,7 +637,7 @@ allow cupsd_config_t devpts_t:dir search;
allow cupsd_config_t devpts_t:chr_file { getattr ioctl }; allow cupsd_config_t devpts_t:chr_file { getattr ioctl };
ifdef(`distro_redhat', ` ifdef(`distro_redhat', `
optional_policy(`rpm.te',` optional_policy(`rpm',`
allow cupsd_config_t rpm_var_lib_t:dir { getattr search }; allow cupsd_config_t rpm_var_lib_t:dir { getattr search };
allow cupsd_config_t rpm_var_lib_t:file { getattr read }; allow cupsd_config_t rpm_var_lib_t:file { getattr read };
') ')
@ -646,7 +646,7 @@ ifdef(`distro_redhat', `
allow cupsd_config_t var_t:lnk_file read; allow cupsd_config_t var_t:lnk_file read;
optional_policy(`dbus.te',` optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd_config,cupsd_config_t) dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
dbus_connect_system_bus(cupsd_config_t) dbus_connect_system_bus(cupsd_config_t)
dbus_send_system_bus_msg(cupsd_config_t) dbus_send_system_bus_msg(cupsd_config_t)
@ -655,8 +655,8 @@ optional_policy(`dbus.te',`
allow userdomain cupsd_config_t:dbus send_msg; allow userdomain cupsd_config_t:dbus send_msg;
') ')
optional_policy(`hal.te', ` optional_policy(`hal', `
optional_policy(`dbus.te', ` optional_policy(`dbus',`
allow { cupsd_t cupsd_config_t } hald_t:dbus send_msg; allow { cupsd_t cupsd_config_t } hald_t:dbus send_msg;
allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg; allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg;
') ')
@ -703,7 +703,7 @@ allow cupsd_lpd_t self:udp_socket create_socket_perms;
allow cupsd_lpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms; allow cupsd_lpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow cupsd_lpd_t self:capability { setuid setgid }; allow cupsd_lpd_t self:capability { setuid setgid };
files_search_home(cupsd_lpd_t) files_search_home(cupsd_lpd_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(cupsd_lpd_t) kerberos_use(cupsd_lpd_t)
') ')
#end for identd #end for identd
@ -755,10 +755,10 @@ miscfiles_read_localization(cupsd_lpd_t)
sysnet_read_config(cupsd_lpd_t) sysnet_read_config(cupsd_lpd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(cupsd_lpd_t) nis_use_ypbind(cupsd_lpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(cupsd_lpd_t) nscd_use_socket(cupsd_lpd_t)
') ')

6
refpolicy/policy/modules/services/cvs.te
View File

@ -85,17 +85,17 @@ sysnet_read_config(cvs_t)
mta_send_mail(cvs_t) mta_send_mail(cvs_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(cvs_t) kerberos_use(cvs_t)
kerberos_read_keytab(cvs_t) kerberos_read_keytab(cvs_t)
kerberos_read_config(cvs_t) kerberos_read_config(cvs_t)
kerberos_dontaudit_write_config(cvs_t) kerberos_dontaudit_write_config(cvs_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(cvs_t) nis_use_ypbind(cvs_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(cvs_t) nscd_use_socket(cvs_t)
') ')

14
refpolicy/policy/modules/services/cyrus.te
View File

@ -117,32 +117,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cyrus_t) files_dontaudit_read_root_file(cyrus_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(cyrus_t,cyrus_exec_t) cron_system_entry(cyrus_t,cyrus_exec_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(cyrus_t) mount_send_nfs_client_request(cyrus_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(cyrus_t) nis_use_ypbind(cyrus_t)
') ')
optional_policy(`sasl.te',` optional_policy(`sasl',`
sasl_connect(cyrus_t) sasl_connect(cyrus_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cyrus_t) seutil_sigchld_newrole(cyrus_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(cyrus_t) udev_read_db(cyrus_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(cyrus_t) rhgb_domain(cyrus_t)
') ')
') ')

6
refpolicy/policy/modules/services/dbskk.te
View File

@ -32,7 +32,7 @@ allow dbskkd_t self:udp_socket create_socket_perms;
allow dbskkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms; allow dbskkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow dbskkd_t self:capability { setuid setgid }; allow dbskkd_t self:capability { setuid setgid };
files_search_home(dbskkd_t) files_search_home(dbskkd_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(dbskkd_t) kerberos_use(dbskkd_t)
') ')
#end for identd #end for identd
@ -75,10 +75,10 @@ miscfiles_read_localization(dbskkd_t)
sysnet_read_config(dbskkd_t) sysnet_read_config(dbskkd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(dbskkd_t) nis_use_ypbind(dbskkd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(dbskkd_t) nscd_use_socket(dbskkd_t)
') ')

4
refpolicy/policy/modules/services/dbus.if
View File

@ -141,11 +141,11 @@ template(`dbus_per_userdomain_template',`
files_read_default_pipes($1_dbusd_t) files_read_default_pipes($1_dbusd_t)
') ')
optional_policy(`authlogin.te',` optional_policy(`authlogin',`
auth_read_pam_console_data($1_dbusd_t) auth_read_pam_console_data($1_dbusd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_dbusd_t) nscd_use_socket($1_dbusd_t)
') ')

10
refpolicy/policy/modules/services/dbus.te
View File

@ -124,24 +124,24 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(system_dbusd_t) files_read_default_pipes(system_dbusd_t)
') ')
optional_policy(`bind.te',` optional_policy(`bind',`
bind_domtrans(system_dbusd_t) bind_domtrans(system_dbusd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(system_dbusd_t) nscd_use_socket(system_dbusd_t)
') ')
optional_policy(`sysnetwork.te',` optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(system_dbusd_t) sysnet_domtrans_dhcpc(system_dbusd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(system_dbusd_t) udev_read_db(system_dbusd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(system_dbusd_t) rhgb_domain(system_dbusd_t)
') ')
') ')

14
refpolicy/policy/modules/services/dhcp.te
View File

@ -114,33 +114,33 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dhcpd_t) files_dontaudit_read_root_file(dhcpd_t)
') ')
optional_policy(`bind.te',` optional_policy(`bind',`
# used for dynamic DNS # used for dynamic DNS
bind_read_dnssec_keys(dhcpd_t) bind_read_dnssec_keys(dhcpd_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(dhcpd_t) mount_send_nfs_client_request(dhcpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(dhcpd_t) nis_use_ypbind(dhcpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(dhcpd_t) nscd_use_socket(dhcpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dhcpd_t) seutil_sigchld_newrole(dhcpd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(dhcpd_t) udev_read_db(dhcpd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(dhcpd_t) rhgb_domain(dhcpd_t)
') ')
') dnl end TODO ') dnl end TODO

10
refpolicy/policy/modules/services/dictd.te
View File

@ -86,24 +86,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dictd_t) files_dontaudit_read_root_file(dictd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(dictd_t) nis_use_ypbind(dictd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(dictd_t) nscd_use_socket(dictd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dictd_t) seutil_sigchld_newrole(dictd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(dictd_t) udev_read_db(dictd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(dictd_t) rhgb_domain(dictd_t)
') ')
') dnl end TODO ') dnl end TODO

8
refpolicy/policy/modules/services/distcc.te
View File

@ -96,20 +96,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(distccd_t) files_dontaudit_read_root_file(distccd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(distccd_t) nis_use_ypbind(distccd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(distccd_t) seutil_sigchld_newrole(distccd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(distccd_t) udev_read_db(distccd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(distccd_t) rhgb_domain(distccd_t)
') ')
') dnl end TODO ') dnl end TODO

18
refpolicy/policy/modules/services/dovecot.te
View File

@ -121,19 +121,19 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dovecot_t) files_dontaudit_read_root_file(dovecot_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(dovecot_t) kerberos_use(dovecot_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(dovecot_t) nis_use_ypbind(dovecot_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dovecot_t) seutil_sigchld_newrole(dovecot_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(dovecot_t) udev_read_db(dovecot_t)
') ')
@ -170,24 +170,24 @@ seutil_dontaudit_search_config(dovecot_auth_t)
sysnet_dns_name_resolve(dovecot_auth_t) sysnet_dns_name_resolve(dovecot_auth_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(dovecot_auth_t) kerberos_use(dovecot_auth_t)
') ')
optional_policy(`logging.te',` optional_policy(`logging',`
logging_send_syslog_msg(dovecot_auth_t) logging_send_syslog_msg(dovecot_auth_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(dovecot_auth_t) nis_use_ypbind(dovecot_auth_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(dovecot_auth_t) nscd_use_socket(dovecot_auth_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(dovecot_t) rhgb_domain(dovecot_t)
') ')
') ')

14
refpolicy/policy/modules/services/finger.te
View File

@ -107,32 +107,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(fingerd_t) files_dontaudit_read_root_file(fingerd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(fingerd_t,fingerd_exec_t) cron_system_entry(fingerd_t,fingerd_exec_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_exec(fingerd_t) logrotate_exec(fingerd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(fingerd_t) nis_use_ypbind(fingerd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(fingerd_t) nscd_use_socket(fingerd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(fingerd_t) seutil_sigchld_newrole(fingerd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(fingerd_t) udev_read_db(fingerd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(fingerd_t) rhgb_domain(fingerd_t)
') ')
') ')

20
refpolicy/policy/modules/services/ftp.te
View File

@ -132,7 +132,7 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty(ftpd_t) term_dontaudit_use_generic_pty(ftpd_t)
term_dontaudit_use_unallocated_tty(ftpd_t) term_dontaudit_use_unallocated_tty(ftpd_t)
optional_policy(`ftp.te',` optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',` tunable_policy(`ftpd_is_daemon',`
# cjp: fix this to use regular interfaces # cjp: fix this to use regular interfaces
userdom_manage_user_home_subdir_files(user,ftpd_t) userdom_manage_user_home_subdir_files(user,ftpd_t)
@ -178,19 +178,19 @@ tunable_policy(`use_samba_home_dirs && ftp_home_dir',`
fs_read_cifs_symlinks(ftpd_t) fs_read_cifs_symlinks(ftpd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
corecmd_exec_shell(ftpd_t) corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t) files_read_usr_files(ftpd_t)
cron_system_entry(ftpd_t, ftpd_exec_t) cron_system_entry(ftpd_t, ftpd_exec_t)
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_exec(ftpd_t) logrotate_exec(ftpd_t)
') ')
') ')
optional_policy(`inetd.te',` optional_policy(`inetd',`
#reh: typeattributes not allowed in conditionals yet. #reh: typeattributes not allowed in conditionals yet.
#tunable_policy(`! ftpd_is_daemon',` #tunable_policy(`! ftpd_is_daemon',`
# inetd_tcp_service_domain(ftpd_t,ftpd_exec_t) # inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
@ -198,31 +198,31 @@ optional_policy(`inetd.te',`
inetd_tcp_service_domain(ftpd_t,ftpd_exec_t) inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
optional_policy(`tcpd.te',` optional_policy(`tcpd',`
tunable_policy(`! ftpd_is_daemon',` tunable_policy(`! ftpd_is_daemon',`
tcpd_domtrans(tcpd_t) tcpd_domtrans(tcpd_t)
') ')
') ')
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(ftpd_t) mount_send_nfs_client_request(ftpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(ftpd_t) nscd_use_socket(ftpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ftpd_t) seutil_sigchld_newrole(ftpd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev', `
udev_read_db(ftpd_t) udev_read_db(ftpd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(ftpd_t) rhgb_domain(ftpd_t)
') ')
') ')

6
refpolicy/policy/modules/services/gpm.te
View File

@ -83,11 +83,11 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(gpm_t) files_dontaudit_read_root_file(gpm_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(gpm_t) seutil_sigchld_newrole(gpm_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(gpm_t) udev_read_db(gpm_t)
') ')
@ -95,7 +95,7 @@ ifdef(`TODO',`
# Access the mouse. # Access the mouse.
# cjp: why write? # cjp: why write?
allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms; allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms;
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(gpm_t) rhgb_domain(gpm_t)
') ')
') ')

30
refpolicy/policy/modules/services/hal.te
View File

@ -126,70 +126,70 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hald_t) files_dontaudit_read_root_file(hald_t)
') ')
optional_policy(`apm.te',` optional_policy(`apm',`
# For /usr/libexec/hald-addon-acpi # For /usr/libexec/hald-addon-acpi
# writes to /var/run/acpid.socket # writes to /var/run/acpid.socket
apm_stream_connect(hald_t) apm_stream_connect(hald_t)
') ')
optional_policy(`cups.te',` optional_policy(`cups',`
cups_domtrans_config(hald_t) cups_domtrans_config(hald_t)
') ')
optional_policy(`dbus.te',` optional_policy(`dbus',`
allow hald_t self:dbus send_msg; allow hald_t self:dbus send_msg;
dbus_system_bus_client_template(hald,hald_t) dbus_system_bus_client_template(hald,hald_t)
dbus_send_system_bus_msg(hald_t) dbus_send_system_bus_msg(hald_t)
dbus_connect_system_bus(hald_t) dbus_connect_system_bus(hald_t)
') ')
optional_policy(`dmidecode.te',` optional_policy(`dmidecode',`
# For /usr/libexec/hald-probe-smbios # For /usr/libexec/hald-probe-smbios
dmidecode_domtrans(hald_t) dmidecode_domtrans(hald_t)
') ')
optional_policy(`hotplug.te',` optional_policy(`hotplug',`
hotplug_read_config(hald_t) hotplug_read_config(hald_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_domtrans(hald_t) mount_domtrans(hald_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(hald_t) nis_use_ypbind(hald_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(hald_t) nscd_use_socket(hald_t)
') ')
optional_policy(`pcmcia.te',` optional_policy(`pcmcia',`
pcmcia_manage_pid(hald_t) pcmcia_manage_pid(hald_t)
pcmcia_manage_runtime_chr(hald_t) pcmcia_manage_runtime_chr(hald_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hald_t) seutil_sigchld_newrole(hald_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev', `
udev_domtrans(hald_t) udev_domtrans(hald_t)
udev_read_db(hald_t) udev_read_db(hald_t)
') ')
optional_policy(`updfstab.te',` optional_policy(`updfstab',`
updfstab_domtrans(hald_t) updfstab_domtrans(hald_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(hald_t) rhgb_domain(hald_t)
') ')
allow hald_t device_t:dir create_dir_perms; allow hald_t device_t:dir create_dir_perms;
optional_policy(`hald.te',` optional_policy(`hald',`
allow udev_t hald_t:unix_dgram_socket sendto; allow udev_t hald_t:unix_dgram_socket sendto;
') ')
') dnl end TODO ') dnl end TODO
@ -199,7 +199,7 @@ allow unconfined_t hald_t:dbus send_msg;
allow hald_t unconfined_t:dbus send_msg; allow hald_t unconfined_t:dbus send_msg;
') ')
optional_policy(`updfstab.te',` optional_policy(`updfstab',`
allow updfstab_t hald_t:dbus send_msg; allow updfstab_t hald_t:dbus send_msg;
allow hald_t updfstab_t:dbus send_msg; allow hald_t updfstab_t:dbus send_msg;
') ')

8
refpolicy/policy/modules/services/howl.te
View File

@ -81,20 +81,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(howl_t) files_dontaudit_read_root_file(howl_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(howl_t) nis_use_ypbind(howl_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(howl_t) seutil_sigchld_newrole(howl_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(howl_t) udev_read_db(howl_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(howl_t) rhgb_domain(howl_t)
') ')
') ')

22
refpolicy/policy/modules/services/inetd.te
View File

@ -126,37 +126,37 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(inetd_t) files_dontaudit_read_root_file(inetd_t)
') ')
optional_policy(`amanda.te',` optional_policy(`amanda',`
amanda_search_lib(inetd_t) amanda_search_lib(inetd_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(inetd_t) mount_send_nfs_client_request(inetd_t)
') ')
# Communicate with the portmapper. # Communicate with the portmapper.
optional_policy(`portmap.te',` optional_policy(`portmap',`
portmap_udp_sendto(inetd_t) portmap_udp_sendto(inetd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(inetd_t) seutil_sigchld_newrole(inetd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(inetd_t) udev_read_db(inetd_t)
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
unconfined_domain_template(inetd_t) unconfined_domain_template(inetd_t)
',` ',`
optional_policy(`unconfined.te',` optional_policy(`unconfined',`
unconfined_domtrans(inetd_t) unconfined_domtrans(inetd_t)
') ')
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(inetd_t) rhgb_domain(inetd_t)
') ')
') dnl TODO ') dnl TODO
@ -220,21 +220,21 @@ tunable_policy(`run_ssh_inetd',`
corenet_tcp_bind_ssh_port(inetd_t) corenet_tcp_bind_ssh_port(inetd_t)
') ')
optional_policy(`ftp.te',` optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',` tunable_policy(`ftpd_is_daemon',`
# Allows it to check exec privs on daemon # Allows it to check exec privs on daemon
ftp_check_exec(inetd_t) ftp_check_exec(inetd_t)
') ')
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(inetd_child_t) kerberos_use(inetd_child_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(inetd_child_t) nis_use_ypbind(inetd_child_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(inetd_child_t) nscd_use_socket(inetd_child_t)
') ')

14
refpolicy/policy/modules/services/inn.te
View File

@ -121,32 +121,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(innd_t) files_dontaudit_read_root_file(innd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(innd_t, innd_exec_t) cron_system_entry(innd_t, innd_exec_t)
') ')
optional_policy(`hostname.te',` optional_policy(`hostname',`
hostname_exec(innd_t) hostname_exec(innd_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(innd_t) mount_send_nfs_client_request(innd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(innd_t) nis_use_ypbind(innd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(innd_t) seutil_sigchld_newrole(innd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(innd_t) udev_read_db(innd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(innd_t) rhgb_domain(innd_t)
') ')
allow innd_t sysadm_t:unix_dgram_socket sendto; allow innd_t sysadm_t:unix_dgram_socket sendto;

16
refpolicy/policy/modules/services/kerberos.te
View File

@ -136,20 +136,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(kadmind_t) files_dontaudit_read_root_file(kadmind_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(kadmind_t) nis_use_ypbind(kadmind_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(kadmind_t) seutil_sigchld_newrole(kadmind_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(kadmind_t) udev_read_db(kadmind_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(kadmind_t) rhgb_domain(kadmind_t)
') ')
') dnl end TODO ') dnl end TODO
@ -241,20 +241,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(krb5kdc_t) files_dontaudit_read_root_file(krb5kdc_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(krb5kdc_t) nis_use_ypbind(krb5kdc_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(krb5kdc_t) seutil_sigchld_newrole(krb5kdc_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(krb5kdc_t) udev_read_db(krb5kdc_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(krb5kdc_t) rhgb_domain(krb5kdc_t)
') ')

6
refpolicy/policy/modules/services/ktalk.te
View File

@ -33,7 +33,7 @@ allow ktalkd_t self:capability { setuid setgid };
allow ktalkd_t self:dir search; allow ktalkd_t self:dir search;
allow ktalkd_t self:{ lnk_file file } { getattr read }; allow ktalkd_t self:{ lnk_file file } { getattr read };
files_search_home(ktalkd_t) files_search_home(ktalkd_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(ktalkd_t) kerberos_use(ktalkd_t)
') ')
#end for identd #end for identd
@ -75,10 +75,10 @@ miscfiles_read_localization(ktalkd_t)
sysnet_read_config(ktalkd_t) sysnet_read_config(ktalkd_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(ktalkd_t) nis_use_ypbind(ktalkd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(ktalkd_t) nscd_use_socket(ktalkd_t)
') ')

8
refpolicy/policy/modules/services/ldap.te
View File

@ -137,20 +137,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(slapd_t) files_dontaudit_read_root_file(slapd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(slapd_t) nis_use_ypbind(slapd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(slapd_t) seutil_sigchld_newrole(slapd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(slapd_t) udev_read_db(slapd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(slapd_t) rhgb_domain(slapd_t)
') ')
') dnl end TODO ') dnl end TODO

16
refpolicy/policy/modules/services/lpd.te
View File

@ -100,15 +100,15 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(checkpc_t) term_use_unallocated_tty(checkpc_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(checkpc_t,checkpc_exec_t) cron_system_entry(checkpc_t,checkpc_exec_t)
') ')
optional_policy(`logging.te',` optional_policy(`logging',`
logging_send_syslog_msg(checkpc_t) logging_send_syslog_msg(checkpc_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(checkpc_t) nis_use_ypbind(checkpc_t)
') ')
@ -217,25 +217,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(lpd_t) files_dontaudit_read_root_file(lpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(lpd_t) nis_use_ypbind(lpd_t)
nis_tcp_connect_ypbind(lpd_t) nis_tcp_connect_ypbind(lpd_t)
') ')
optional_policy(`portmap.te',` optional_policy(`portmap',`
portmap_udp_sendto(lpd_t) portmap_udp_sendto(lpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(lpd_t) seutil_sigchld_newrole(lpd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(lpd_t) udev_read_db(lpd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(lpd_t) rhgb_domain(lpd_t)
') ')
') dnl end TODO ') dnl end TODO

4
refpolicy/policy/modules/services/mailman.if
View File

@ -85,11 +85,11 @@ template(`mailman_domain_template', `
sysnet_read_config(mailman_$1_t) sysnet_read_config(mailman_$1_t)
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(mailman_$1_t) mount_send_nfs_client_request(mailman_$1_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(mailman_$1_t) nis_use_ypbind(mailman_$1_t)
') ')
') ')

8
refpolicy/policy/modules/services/mailman.te
View File

@ -35,7 +35,7 @@ mailman_domain_template(queue)
# optionals for file contexts yet, so it is promoted # optionals for file contexts yet, so it is promoted
# to global scope until such facilities exist. # to global scope until such facilities exist.
optional_policy(`apache.te',` optional_policy(`apache',`
allow mailman_cgi_t mailman_archive_t:dir create_dir_perms; allow mailman_cgi_t mailman_archive_t:dir create_dir_perms;
allow mailman_cgi_t mailman_archive_t:lnk_file create_lnk_perms; allow mailman_cgi_t mailman_archive_t:lnk_file create_lnk_perms;
allow mailman_cgi_t mailman_archive_t:file create_file_perms; allow mailman_cgi_t mailman_archive_t:file create_file_perms;
@ -66,7 +66,7 @@ allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t) mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t)
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`qmail.te', ` optional_policy(`qmail',`
allow mailman_mail_t qmail_spool_t:file { read ioctl getattr }; allow mailman_mail_t qmail_spool_t:file { read ioctl getattr };
# do we really need this? # do we really need this?
allow mailman_mail_t qmail_lspawn_t:fifo_file write; allow mailman_mail_t qmail_lspawn_t:fifo_file write;
@ -107,10 +107,10 @@ mta_tcp_connect_all_mailservers(mailman_queue_t)
su_exec(mailman_queue_t) su_exec(mailman_queue_t)
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(mailman_queue_t,mailman_queue_exec_t) cron_system_entry(mailman_queue_t,mailman_queue_exec_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(mailman_queue_t) nscd_use_socket(mailman_queue_t)
') ')

14
refpolicy/policy/modules/services/mta.if
View File

@ -131,21 +131,21 @@ template(`mta_per_userdomain_template',`
fs_manage_cifs_symlinks($1_mail_t) fs_manage_cifs_symlinks($1_mail_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_mail_t) nis_use_ypbind($1_mail_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_mail_t) nscd_use_socket($1_mail_t)
') ')
optional_policy(`postfix.te',` optional_policy(`postfix',`
allow $1_mail_t self:capability dac_override; allow $1_mail_t self:capability dac_override;
postfix_read_config($1_mail_t) postfix_read_config($1_mail_t)
postfix_list_spool($1_mail_t) postfix_list_spool($1_mail_t)
') ')
optional_policy(`procmail.te',` optional_policy(`procmail',`
procmail_exec($1_mail_t) procmail_exec($1_mail_t)
') ')
@ -268,11 +268,11 @@ interface(`mta_mailserver_delivery',`
allow $1 mail_spool_t:file { create ioctl read getattr lock append }; allow $1 mail_spool_t:file { create ioctl read getattr lock append };
allow $1 mail_spool_t:lnk_file { create read getattr }; allow $1 mail_spool_t:lnk_file { create read getattr };
optional_policy(`dovecot.te',` optional_policy(`dovecot',`
dovecot_manage_spool($1) dovecot_manage_spool($1)
') ')
optional_policy(`mailman.te',` optional_policy(`mailman',`
# so MTA can access /var/lib/mailman/mail/wrapper # so MTA can access /var/lib/mailman/mail/wrapper
files_search_var_lib($1) files_search_var_lib($1)
@ -298,7 +298,7 @@ interface(`mta_mailserver_user_agent',`
typeattribute $1 mta_user_agent; typeattribute $1 mta_user_agent;
optional_policy(`apache.te',` optional_policy(`apache',`
# apache should set close-on-exec # apache should set close-on-exec
apache_dontaudit_rw_stream_socket($1) apache_dontaudit_rw_stream_socket($1)
apache_dontaudit_rw_sys_script_stream_socket($1) apache_dontaudit_rw_sys_script_stream_socket($1)

34
refpolicy/policy/modules/services/mta.te
View File

@ -39,7 +39,7 @@ files_tmp_file(system_mail_tmp_t)
# cjp: need to resolve this, but require{} # cjp: need to resolve this, but require{}
# does not work in the else part of the optional # does not work in the else part of the optional
#ifdef(`targeted_policy',`',` #ifdef(`targeted_policy',`',`
# optional_policy(`sendmail.te',`',` # optional_policy(`sendmail',`',`
# init_system_domain(system_mail_t,sendmail_exec_t) # init_system_domain(system_mail_t,sendmail_exec_t)
# ') # ')
#') #')
@ -137,7 +137,7 @@ ifdef(`targeted_policy',`
userdom_create_user_home(user,mailserver_delivery,{ dir file lnk_file fifo_file sock_file }) userdom_create_user_home(user,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
# cjp: another require-in-else to resolve # cjp: another require-in-else to resolve
# optional_policy(`postfix.te',`',` # optional_policy(`postfix',`',`
corecmd_exec_bin(system_mail_t) corecmd_exec_bin(system_mail_t)
corecmd_exec_sbin(system_mail_t) corecmd_exec_sbin(system_mail_t)
@ -152,7 +152,7 @@ ifdef(`targeted_policy',`
# ') # ')
') ')
optional_policy(`apache.te',` optional_policy(`apache',`
apache_read_squirrelmail_data(system_mail_t) apache_read_squirrelmail_data(system_mail_t)
apache_append_squirrelmail_data(system_mail_t) apache_append_squirrelmail_data(system_mail_t)
@ -163,31 +163,31 @@ optional_policy(`apache.te',`
apache_dontaudit_rw_sys_script_stream_socket(system_mail_t) apache_dontaudit_rw_sys_script_stream_socket(system_mail_t)
') ')
optional_policy(`arpwatch.te',` optional_policy(`arpwatch',`
arpwatch_rw_tmp_files(system_mail_t) arpwatch_rw_tmp_files(system_mail_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_read_system_job_tmp_files(system_mail_t) cron_read_system_job_tmp_files(system_mail_t)
') ')
optional_policy(`cvs.te',` optional_policy(`cvs',`
cvs_read_data(system_mail_t) cvs_read_data(system_mail_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_read_tmp_files(system_mail_t) logrotate_read_tmp_files(system_mail_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(system_mail_t) nis_use_ypbind(system_mail_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(system_mail_t) nscd_use_socket(system_mail_t)
') ')
optional_policy(`postfix.te',` optional_policy(`postfix',`
postfix_stub(system_mail_t) postfix_stub(system_mail_t)
allow system_mail_t etc_aliases_t:dir create_dir_perms; allow system_mail_t etc_aliases_t:dir create_dir_perms;
@ -199,7 +199,7 @@ optional_policy(`postfix.te',`
domain_use_wide_inherit_fd(system_mail_t) domain_use_wide_inherit_fd(system_mail_t)
optional_policy(`crond.te',` optional_policy(`crond',`
cron_crw_tcp_socket(system_mail_t) cron_crw_tcp_socket(system_mail_t)
') ')
@ -207,11 +207,11 @@ optional_policy(`postfix.te',`
type_transition postfix_master_t postfix_etc_t:dir etc_aliases_t; type_transition postfix_master_t postfix_etc_t:dir etc_aliases_t;
') ')
optional_policy(`procmail.te',` optional_policy(`procmail',`
procmail_exec(system_mail_t) procmail_exec(system_mail_t)
') ')
optional_policy(`sendmail.te',` optional_policy(`sendmail',`
sendmail_stub(system_mail_t) sendmail_stub(system_mail_t)
allow system_mail_t etc_mail_t:dir { getattr search }; allow system_mail_t etc_mail_t:dir { getattr search };
@ -226,11 +226,11 @@ optional_policy(`sendmail.te',`
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`sendmail.te',` optional_policy(`sendmail',`
allow system_mail_t { var_t var_spool_t }:dir getattr; allow system_mail_t { var_t var_spool_t }:dir getattr;
dontaudit system_mail_t userpty_type:chr_file { getattr read write }; dontaudit system_mail_t userpty_type:chr_file { getattr read write };
optional_policy(`crond.te', ` optional_policy(`crond',`
dontaudit system_mail_t system_crond_tmp_t:file append; dontaudit system_mail_t system_crond_tmp_t:file append;
') ')
') ')
@ -244,7 +244,7 @@ ifdef(`targeted_policy',`
') ')
optional_policy(`qmail.te',` optional_policy(`qmail',`
allow system_mail_t qmail_etc_t:dir search; allow system_mail_t qmail_etc_t:dir search;
allow system_mail_t qmail_etc_t:{ file lnk_file } read; allow system_mail_t qmail_etc_t:{ file lnk_file } read;
') ')
@ -252,7 +252,7 @@ optional_policy(`qmail.te',`
allow mta_user_agent system_crond_tmp_t:file { read getattr }; allow mta_user_agent system_crond_tmp_t:file { read getattr };
optional_policy(`arpwatch.te',` optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t? # why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery) arpwatch_search_data(mailserver_delivery)
arpwatch_manage_tmp_files(system_mail_t) arpwatch_manage_tmp_files(system_mail_t)

14
refpolicy/policy/modules/services/mysql.te
View File

@ -120,31 +120,31 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(mysqld_t) files_dontaudit_read_root_file(mysqld_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(mysqld_t) mount_send_nfs_client_request(mysqld_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(mysqld_t) nis_use_ypbind(mysqld_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(mysqld_t) nscd_use_socket(mysqld_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(mysqld_t) seutil_sigchld_newrole(mysqld_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(mysqld_t) udev_read_db(mysqld_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(mysqld_t) rhgb_domain(mysqld_t)
') ')
optional_policy(`daemontools.te',` optional_policy(`daemontools',`
domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t) domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t)
mysqld_signal(svc_start_t) mysqld_signal(svc_start_t)

22
refpolicy/policy/modules/services/networkmanager.te
View File

@ -111,40 +111,40 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(NetworkManager_t) files_dontaudit_read_root_file(NetworkManager_t)
') ')
optional_policy(`bluetooth.te',` optional_policy(`bluetooth',`
bluetooth_dontaudit_read_helper_files(NetworkManager_t) bluetooth_dontaudit_read_helper_files(NetworkManager_t)
') ')
optional_policy(`consoletype.te',` optional_policy(`consoletype',`
consoletype_exec(NetworkManager_t) consoletype_exec(NetworkManager_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(NetworkManager_t) mount_send_nfs_client_request(NetworkManager_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(NetworkManager_t) nis_use_ypbind(NetworkManager_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(NetworkManager_t) nscd_use_socket(NetworkManager_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(NetworkManager_t) seutil_sigchld_newrole(NetworkManager_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(NetworkManager_t) udev_read_db(NetworkManager_t)
') ')
optional_policy(`vpn.te',` optional_policy(`vpn',`
vpn_domtrans(NetworkManager_t) vpn_domtrans(NetworkManager_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(NetworkManager_t) rhgb_domain(NetworkManager_t)
') ')
') dnl end TODO ') dnl end TODO
@ -154,7 +154,7 @@ optional_policy(`rhgb.te',`
# Partially converted rules. THESE ARE ONLY TEMPORARY # Partially converted rules. THESE ARE ONLY TEMPORARY
# #
optional_policy(`dbus.te',` optional_policy(`dbus',`
gen_require(` gen_require(`
class dbus send_msg; class dbus send_msg;
') ')
@ -179,7 +179,7 @@ optional_policy(`dbus.te',`
allow unconfined_t NetworkManager_t:dbus send_msg; allow unconfined_t NetworkManager_t:dbus send_msg;
') ')
optional_policy(`hal.te',` optional_policy(`hal',`
allow NetworkManager_t hald_t:dbus send_msg; allow NetworkManager_t hald_t:dbus send_msg;
allow hald_t NetworkManager_t:dbus send_msg; allow hald_t NetworkManager_t:dbus send_msg;
') ')

2
refpolicy/policy/modules/services/nis.if
View File

@ -108,7 +108,7 @@ interface(`nis_use_ypbind',`
dontaudit $1 var_yp_t:dir search; dontaudit $1 var_yp_t:dir search;
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
tunable_policy(`allow_ypbind',` tunable_policy(`allow_ypbind',`
mount_send_nfs_client_request($1) mount_send_nfs_client_request($1)
') ')

18
refpolicy/policy/modules/services/nis.te
View File

@ -114,24 +114,24 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ypbind_t) files_dontaudit_read_root_file(ypbind_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(ypbind_t) mount_send_nfs_client_request(ypbind_t)
') ')
optional_policy(`portmap.te',` optional_policy(`portmap',`
portmap_udp_sendto(ypbind_t) portmap_udp_sendto(ypbind_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ypbind_t) seutil_sigchld_newrole(ypbind_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(ypbind_t) udev_read_db(ypbind_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te', ` optional_policy(`rhgb',`
rhgb_domain(ypbind_t) rhgb_domain(ypbind_t)
') ')
') dnl end TODO ') dnl end TODO
@ -215,20 +215,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ypserv_t) files_dontaudit_read_root_file(ypserv_t)
') ')
optional_policy(`portmap.te',` optional_policy(`portmap',`
portmap_udp_sendto(ypserv_t) portmap_udp_sendto(ypserv_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ypserv_t) seutil_sigchld_newrole(ypserv_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev', `
udev_read_db(ypserv_t) udev_read_db(ypserv_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te', ` optional_policy(`rhgb', `
rhgb_domain(ypserv_t) rhgb_domain(ypserv_t)
') ')

8
refpolicy/policy/modules/services/nscd.te
View File

@ -121,21 +121,21 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(nscd_t) files_dontaudit_read_root_file(nscd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(nscd_t) nis_use_ypbind(nscd_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_connect_winbind(nscd_t) samba_connect_winbind(nscd_t)
samba_search_var(nscd_t) samba_search_var(nscd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(nscd_t) udev_read_db(nscd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(nscd_t) rhgb_domain(nscd_t)
') ')
') dnl end TODO ') dnl end TODO

20
refpolicy/policy/modules/services/ntp.te
View File

@ -121,47 +121,47 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ntpd_t) files_dontaudit_read_root_file(ntpd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
# for cron jobs # for cron jobs
cron_system_entry(ntpd_t,ntpdate_exec_t) cron_system_entry(ntpd_t,ntpdate_exec_t)
') ')
optional_policy(`firstboot.te',` optional_policy(`firstboot',`
firstboot_dontaudit_use_fd(ntpd_t) firstboot_dontaudit_use_fd(ntpd_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_exec(ntpd_t) logrotate_exec(ntpd_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(ntpd_t) mount_send_nfs_client_request(ntpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(ntpd_t) nis_use_ypbind(ntpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(ntpd_t) nscd_use_socket(ntpd_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
# cjp: the connect was previously missing # cjp: the connect was previously missing
# so it might be ok to drop this # so it might be ok to drop this
samba_connect_winbind(ntpd_t) samba_connect_winbind(ntpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ntpd_t) seutil_sigchld_newrole(ntpd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(ntpd_t) udev_read_db(ntpd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(ntpd_t) rhgb_domain(ntpd_t)
') ')
allow ntpd_t sysadm_t:udp_socket sendto; allow ntpd_t sysadm_t:udp_socket sendto;

10
refpolicy/policy/modules/services/pegasus.te
View File

@ -106,25 +106,25 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(pegasus_t) files_dontaudit_read_root_file(pegasus_t)
') ')
optional_policy(`logging.te',` optional_policy(`logging',`
logging_send_syslog_msg(pegasus_t) logging_send_syslog_msg(pegasus_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(pegasus_t) nscd_use_socket(pegasus_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pegasus_t) seutil_sigchld_newrole(pegasus_t)
seutil_dontaudit_read_config(pegasus_t) seutil_dontaudit_read_config(pegasus_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(pegasus_t) udev_read_db(pegasus_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(pegasus_t) rhgb_domain(pegasus_t)
') ')
') dnl end TODO ') dnl end TODO

20
refpolicy/policy/modules/services/portmap.te
View File

@ -103,37 +103,37 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(portmap_t) files_dontaudit_read_root_file(portmap_t)
') ')
optional_policy(`inetd.te',` optional_policy(`inetd',`
inetd_udp_sendto(portmap_t) inetd_udp_sendto(portmap_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(portmap_t) mount_send_nfs_client_request(portmap_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(portmap_t) nis_use_ypbind(portmap_t)
nis_udp_sendto_ypbind(portmap_t) nis_udp_sendto_ypbind(portmap_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(portmap_t) nscd_use_socket(portmap_t)
') ')
optional_policy(`rpc.te',` optional_policy(`rpc',`
rpc_udp_sendto_nfs(portmap_t) rpc_udp_sendto_nfs(portmap_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(portmap_t) seutil_sigchld_newrole(portmap_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(portmap_t) udev_read_db(portmap_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(portmap_t) rhgb_domain(portmap_t)
') ')
@ -205,11 +205,11 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty(portmap_helper_t) term_dontaudit_use_generic_pty(portmap_helper_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(portmap_helper_t) mount_send_nfs_client_request(portmap_helper_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(portmap_helper_t) nis_use_ypbind(portmap_helper_t)
') ')

6
refpolicy/policy/modules/services/postfix.if
View File

@ -89,11 +89,11 @@ template(`postfix_domain_template',`
files_dontaudit_read_root_file(postfix_$1_t) files_dontaudit_read_root_file(postfix_$1_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(postfix_$1_t) nscd_use_socket(postfix_$1_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(postfix_$1_t) udev_read_db(postfix_$1_t)
') ')
') ')
@ -126,7 +126,7 @@ template(`postfix_server_domain_template',`
sysnet_read_config(postfix_$1_t) sysnet_read_config(postfix_$1_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(postfix_$1_t) nis_use_ypbind(postfix_$1_t)
') ')
') ')

18
refpolicy/policy/modules/services/postfix.te
View File

@ -168,11 +168,11 @@ sysnet_read_config(postfix_master_t)
mta_rw_aliases(postfix_master_t) mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t) mta_read_sendmail_bin(postfix_master_t)
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(postfix_master_t) mount_send_nfs_client_request(postfix_master_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(postfix_master_t) nis_use_ypbind(postfix_master_t)
') ')
@ -306,7 +306,7 @@ mta_delete_spool(postfix_local_t)
# For reading spamassasin # For reading spamassasin
mta_read_config(postfix_local_t) mta_read_config(postfix_local_t)
optional_policy(`procmail.te',` optional_policy(`procmail',`
procmail_domtrans(postfix_local_t) procmail_domtrans(postfix_local_t)
') ')
@ -385,7 +385,7 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(postfix_map_t) files_read_default_pipes(postfix_map_t)
') ')
optional_policy(`locallogin.te',` optional_policy(`locallogin',`
locallogin_dontaudit_use_fd(postfix_map_t) locallogin_dontaudit_use_fd(postfix_map_t)
') ')
@ -425,7 +425,7 @@ allow postfix_pipe_t postfix_private_t:sock_file write;
allow postfix_pipe_t postfix_spool_t:dir search; allow postfix_pipe_t postfix_spool_t:dir search;
allow postfix_pipe_t postfix_spool_t:file rw_file_perms; allow postfix_pipe_t postfix_spool_t:file rw_file_perms;
optional_policy(`procmail.te',` optional_policy(`procmail',`
procmail_domtrans(postfix_pipe_t) procmail_domtrans(postfix_pipe_t)
') ')
@ -457,14 +457,14 @@ ifdef(`targeted_policy', `
term_use_generic_pty(postfix_postdrop_t) term_use_generic_pty(postfix_postdrop_t)
') ')
optional_policy(`crond.te',` optional_policy(`crond',`
cron_use_fd(postfix_postdrop_t) cron_use_fd(postfix_postdrop_t)
cron_rw_pipe(postfix_postdrop_t) cron_rw_pipe(postfix_postdrop_t)
cron_use_system_job_fd(postfix_postdrop_t) cron_use_system_job_fd(postfix_postdrop_t)
cron_rw_system_job_pipe(postfix_postdrop_t) cron_rw_system_job_pipe(postfix_postdrop_t)
') ')
optional_policy(`ppp.te',` optional_policy(`ppp',`
ppp_use_fd(postfix_postqueue_t) ppp_use_fd(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t) ppp_sigchld(postfix_postqueue_t)
') ')
@ -507,7 +507,7 @@ init_use_script_fd(postfix_postqueue_t)
sysnet_dontaudit_read_config(postfix_postqueue_t) sysnet_dontaudit_read_config(postfix_postqueue_t)
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`gnome-pty-helper.te', `allow postfix_postqueue_t user_gph_t:fd use;') optional_policy(`gnome-pty-helper', `allow postfix_postqueue_t user_gph_t:fd use;')
') ')
######################################## ########################################
@ -600,6 +600,6 @@ allow { postfix_smtp_t postfix_smtpd_t } postfix_prng_t:file rw_file_perms;
files_read_usr_files(postfix_smtpd_t) files_read_usr_files(postfix_smtpd_t)
mta_read_aliases(postfix_smtpd_t) mta_read_aliases(postfix_smtpd_t)
optional_policy(`sasl.te',` optional_policy(`sasl',`
sasl_connect(postfix_smtpd_t) sasl_connect(postfix_smtpd_t)
') ')

18
refpolicy/policy/modules/services/postgresql.te
View File

@ -151,41 +151,41 @@ tunable_policy(`allow_execmem',`
allow postgresql_t self:process execmem; allow postgresql_t self:process execmem;
') ')
optional_policy(`consoletype.te', ` optional_policy(`consoletype',`
consoletype_exec(postgresql_t) consoletype_exec(postgresql_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_search_spool(postgresql_t) cron_search_spool(postgresql_t)
cron_system_entry(postgresql_t,postgresql_exec_t) cron_system_entry(postgresql_t,postgresql_exec_t)
') ')
optional_policy(`hostname.te', ` optional_policy(`hostname',`
hostname_exec(postgresql_t) hostname_exec(postgresql_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(postgresql_t) kerberos_use(postgresql_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(postgresql_t) mount_send_nfs_client_request(postgresql_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(postgresql_t) nis_use_ypbind(postgresql_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(postgresql_t) seutil_sigchld_newrole(postgresql_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(postgresql_t) udev_read_db(postgresql_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(postgresql_t) rhgb_domain(postgresql_t)
') ')
ifdef(`targeted_policy', `', ` ifdef(`targeted_policy', `', `

28
refpolicy/policy/modules/services/ppp.te
View File

@ -180,7 +180,7 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty(pppd_t) term_dontaudit_use_generic_pty(pppd_t)
files_dontaudit_read_root_file(pppd_t) files_dontaudit_read_root_file(pppd_t)
optional_policy(`postfix.te',` optional_policy(`postfix',`
gen_require(` gen_require(`
bool postfix_disable_trans; bool postfix_disable_trans;
') ')
@ -190,34 +190,34 @@ ifdef(`targeted_policy', `
} }
') ')
',` ',`
optional_policy(`postfix.te',` optional_policy(`postfix',`
postfix_domtrans_master(pppd_t) postfix_domtrans_master(pppd_t)
') ')
') ')
optional_policy(`modutils.te',` optional_policy(`modutils',`
tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',` tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
modutils_domtrans_insmod_uncond(pppd_t) modutils_domtrans_insmod_uncond(pppd_t)
') ')
') ')
optional_policy(`mta.te',` optional_policy(`mta',`
mta_send_mail(pppd_t) mta_send_mail(pppd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(pppd_t) nis_use_ypbind(pppd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(pppd_t) nscd_use_socket(pppd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pppd_t) seutil_sigchld_newrole(pppd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(pppd_t) udev_read_db(pppd_t)
') ')
@ -300,27 +300,27 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(pptp_t) files_dontaudit_read_root_file(pptp_t)
') ')
optional_policy(`hostname.te',` optional_policy(`hostname',`
hostname_exec(pptp_t) hostname_exec(pptp_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(pptp_t) nscd_use_socket(pptp_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pptp_t) seutil_sigchld_newrole(pptp_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(pptp_t) udev_read_db(pptp_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(pppd_t) rhgb_domain(pppd_t)
') ')
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(pptp_t) rhgb_domain(pptp_t)
') ')
') ')

10
refpolicy/policy/modules/services/privoxy.te
View File

@ -80,24 +80,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(privoxy_t) files_dontaudit_read_root_file(privoxy_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(privoxy_t) mount_send_nfs_client_request(privoxy_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(privoxy_t) nis_use_ypbind(privoxy_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(privoxy_t) seutil_sigchld_newrole(privoxy_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(privoxy_t) udev_read_db(privoxy_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(privoxy_t) rhgb_domain(privoxy_t)
') ')
') ')

10
refpolicy/policy/modules/services/procmail.te
View File

@ -76,26 +76,26 @@ ifdef(`targeted_policy', `
files_getattr_tmp_dir(procmail_t) files_getattr_tmp_dir(procmail_t)
') ')
optional_policy(`logging.te',` optional_policy(`logging',`
logging_send_syslog_msg(procmail_t) logging_send_syslog_msg(procmail_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(procmail_t) nscd_use_socket(procmail_t)
') ')
optional_policy(`postfix.te',` optional_policy(`postfix',`
# for a bug in the postfix local program # for a bug in the postfix local program
postfix_dontaudit_rw_local_tcp_socket(procmail_t) postfix_dontaudit_rw_local_tcp_socket(procmail_t)
postfix_dontaudit_use_fd(procmail_t) postfix_dontaudit_use_fd(procmail_t)
') ')
optional_policy(`sendmail.te',` optional_policy(`sendmail',`
mta_read_config(procmail_t) mta_read_config(procmail_t)
sendmail_rw_tcp_socket(procmail_t) sendmail_rw_tcp_socket(procmail_t)
') ')
optional_policy(`spamassassin.te',` optional_policy(`spamassassin',`
corenet_udp_bind_generic_port(procmail_t) corenet_udp_bind_generic_port(procmail_t)
files_getattr_tmp_dir(procmail_t) files_getattr_tmp_dir(procmail_t)

14
refpolicy/policy/modules/services/radius.te
View File

@ -107,32 +107,32 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(radiusd_t) files_dontaudit_read_root_file(radiusd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(radiusd_t,radiusd_exec_t) cron_system_entry(radiusd_t,radiusd_exec_t)
') ')
optional_policy(`logrotate.te', ` optional_policy(`logrotate',`
logrotate_exec(radiusd_t) logrotate_exec(radiusd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(radiusd_t) nis_use_ypbind(radiusd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(radiusd_t) seutil_sigchld_newrole(radiusd_t)
') ')
optional_policy(`snmp.te',` optional_policy(`snmp',`
snmp_use(radiusd_t) snmp_use(radiusd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(radiusd_t) udev_read_db(radiusd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(radiusd_t) rhgb_domain(radiusd_t)
') ')
') dnl end TODO ') dnl end TODO

8
refpolicy/policy/modules/services/radvd.te
View File

@ -83,20 +83,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(radvd_t) files_dontaudit_read_root_file(radvd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(radvd_t) nis_use_ypbind(radvd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(radvd_t) seutil_sigchld_newrole(radvd_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db(radvd_t) udev_read_db(radvd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(radvd_t) rhgb_domain(radvd_t)
') ')
') ')

12
refpolicy/policy/modules/services/remotelogin.te
View File

@ -151,21 +151,21 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(remote_login_t) fs_read_cifs_symlinks(remote_login_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(remote_login_t) nis_use_ypbind(remote_login_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(remote_login_t) nscd_use_socket(remote_login_t)
') ')
optional_policy(`usermanage.te',` optional_policy(`usermanage',`
usermanage_read_crack_db(remote_login_t) usermanage_read_crack_db(remote_login_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
# this goes to xdm: # this goes to xdm:
optional_policy(`remotelogin.te',` optional_policy(`remotelogin',`
# FIXME: what is this for? # FIXME: what is this for?
remotelogin_signull(xdm_t) remotelogin_signull(xdm_t)
') ')
@ -179,12 +179,12 @@ domain_auto_trans($1_login_t, alsa_exec_t, alsa_t)
allow remote_login_t userpty_type:chr_file { setattr write }; allow remote_login_t userpty_type:chr_file { setattr write };
allow remote_login_t ptyfile:chr_file { getattr ioctl }; allow remote_login_t ptyfile:chr_file { getattr ioctl };
optional_policy(`rlogind.te', ` optional_policy(`rlogind',`
allow remote_login_t rlogind_devpts_t:chr_file { setattr rw_file_perms }; allow remote_login_t rlogind_devpts_t:chr_file { setattr rw_file_perms };
allow remote_login_t rlogind_devpts_t:chr_file { relabelfrom relabelto }; allow remote_login_t rlogind_devpts_t:chr_file { relabelfrom relabelto };
') ')
optional_policy(`telnetd.te', ` optional_policy(`telnetd',`
allow remote_login_t telnetd_devpts_t:chr_file { setattr rw_file_perms }; allow remote_login_t telnetd_devpts_t:chr_file { setattr rw_file_perms };
allow remote_login_t telnetd_devpts_t:chr_file { relabelfrom relabelto }; allow remote_login_t telnetd_devpts_t:chr_file { relabelfrom relabelto };
') ')

6
refpolicy/policy/modules/services/rlogin.te
View File

@ -93,18 +93,18 @@ userdom_read_all_user_files(rlogind_t)
remotelogin_domtrans(rlogind_t) remotelogin_domtrans(rlogind_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_read_keytab(rlogind_t) kerberos_read_keytab(rlogind_t)
# for identd; cjp: this should probably only be inetd_child rules? # for identd; cjp: this should probably only be inetd_child rules?
kerberos_use(rlogind_t) kerberos_use(rlogind_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(rlogind_t) nis_use_ypbind(rlogind_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(rlogind_t) nscd_use_socket(rlogind_t)
') ')

10
refpolicy/policy/modules/services/rpc.if
View File

@ -98,24 +98,24 @@ template(`rpc_domain_template', `
files_dontaudit_read_root_file($1_t) files_dontaudit_read_root_file($1_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request($1_t) mount_send_nfs_client_request($1_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_t) nis_use_ypbind($1_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t) seutil_sigchld_newrole($1_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db($1_t) udev_read_db($1_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain($1_t) rhgb_domain($1_t)
') ')
') ')

4
refpolicy/policy/modules/services/rpc.te
View File

@ -67,7 +67,7 @@ ifdef(`distro_redhat',`
allow rpcd_t self:capability { chown dac_override setgid setuid }; allow rpcd_t self:capability { chown dac_override setgid setuid };
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_read_ypserv_config(rpcd_t) nis_read_ypserv_config(rpcd_t)
') ')
@ -151,7 +151,7 @@ tunable_policy(`allow_gssd_read_tmp',`
userdom_read_unpriv_user_tmp_symlinks(gssd_t) userdom_read_unpriv_user_tmp_symlinks(gssd_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(gssd_t) kerberos_use(gssd_t)
kerberos_read_keytab(gssd_t) kerberos_read_keytab(gssd_t)
') ')

6
refpolicy/policy/modules/services/rshd.te
View File

@ -78,16 +78,16 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(rshd_t) fs_read_cifs_symlinks(rshd_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(rshd_t) kerberos_use(rshd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(rshd_t) nscd_use_socket(rshd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rlogind.te', ` optional_policy(`rlogind',`
allow rshd_t rlogind_tmp_t:file rw_file_perms; allow rshd_t rlogind_tmp_t:file rw_file_perms;
') ')
') ')

6
refpolicy/policy/modules/services/rsync.te
View File

@ -87,14 +87,14 @@ tunable_policy(`allow_rsync_anon_write',`
miscfiles_manage_public_files(rsync_t) miscfiles_manage_public_files(rsync_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(rsync_t) kerberos_use(rsync_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(rsync_t) nis_use_ypbind(rsync_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(rsync_t) nscd_use_socket(rsync_t)
') ')

48
refpolicy/policy/modules/services/samba.te
View File

@ -134,11 +134,11 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(samba_net_t) term_use_unallocated_tty(samba_net_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(samba_net_t) kerberos_use(samba_net_t)
') ')
optional_policy(`ldap.te',` optional_policy(`ldap',`
allow samba_net_t self:tcp_socket create_socket_perms; allow samba_net_t self:tcp_socket create_socket_perms;
corenet_tcp_sendrecv_all_if(samba_net_t) corenet_tcp_sendrecv_all_if(samba_net_t)
corenet_raw_sendrecv_all_if(samba_net_t) corenet_raw_sendrecv_all_if(samba_net_t)
@ -149,7 +149,7 @@ optional_policy(`ldap.te',`
sysnet_read_config(samba_net_t) sysnet_read_config(samba_net_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(samba_net_t) nscd_use_socket(samba_net_t)
') ')
@ -284,32 +284,32 @@ tunable_policy(`allow_smbd_anon_write',`
miscfiles_manage_public_files(smbd_t) miscfiles_manage_public_files(smbd_t)
') ')
optional_policy(`cups.te',` optional_policy(`cups',`
cups_read_rw_config(smbd_t) cups_read_rw_config(smbd_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(smbd_t) kerberos_use(smbd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(smbd_t) nis_use_ypbind(smbd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(smbd_t) nscd_use_socket(smbd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(smbd_t) seutil_sigchld_newrole(smbd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev', `
udev_read_db(smbd_t) udev_read_db(smbd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(smbd_t) rhgb_domain(smbd_t)
') ')
') dnl end TODO ') dnl end TODO
@ -416,20 +416,20 @@ ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(nmbd_t) term_dontaudit_use_unallocated_tty(nmbd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(nmbd_t) nis_use_ypbind(nmbd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(nmbd_t) seutil_sigchld_newrole(nmbd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(nmbd_t) udev_read_db(nmbd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(nmbd_t) rhgb_domain(nmbd_t)
') ')
') ')
@ -511,11 +511,11 @@ sysnet_read_config(smbmount_t)
userdom_use_all_user_fd(smbmount_t) userdom_use_all_user_fd(smbmount_t)
userdom_use_sysadm_tty(smbmount_t) userdom_use_sysadm_tty(smbmount_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(smbmount_t) nis_use_ypbind(smbmount_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(smbmount_t) nscd_use_socket(smbmount_t)
') ')
@ -620,28 +620,28 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(winbind_t) files_dontaudit_read_root_file(winbind_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(winbind_t) kerberos_use(winbind_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(winbind_t) mount_send_nfs_client_request(winbind_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(winbind_t) nscd_use_socket(winbind_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(winbind_t) seutil_sigchld_newrole(winbind_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(winbind_t) udev_read_db(winbind_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(winbind_t) rhgb_domain(winbind_t)
') ')
') dnl end TODO ') dnl end TODO
@ -680,11 +680,11 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(winbind_helper_t) term_use_unallocated_tty(winbind_helper_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(winbind_helper_t) nscd_use_socket(winbind_helper_t)
') ')
optional_policy(`squid.te',` optional_policy(`squid',`
squid_read_log(winbind_helper_t) squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t) squid_append_log(winbind_helper_t)
') ')

8
refpolicy/policy/modules/services/sasl.te
View File

@ -87,22 +87,22 @@ ifdef(`targeted_policy', `
# auth_read_shadow(saslauthd_t) # auth_read_shadow(saslauthd_t)
#') #')
optional_policy(`mysql.te',` optional_policy(`mysql',`
mysql_search_db_dir(saslauthd_t) mysql_search_db_dir(saslauthd_t)
mysql_stream_connect(saslauthd_t) mysql_stream_connect(saslauthd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(saslauthd_t) seutil_sigchld_newrole(saslauthd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(saslauthd_t) udev_read_db(saslauthd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(saslauthd_t) rhgb_domain(saslauthd_t)
') ')
') ')

12
refpolicy/policy/modules/services/sendmail.te
View File

@ -114,29 +114,29 @@ ifdef(`targeted_policy',`
files_create_pid(sendmail_t,sendmail_var_run_t) files_create_pid(sendmail_t,sendmail_var_run_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(sendmail_t) nis_use_ypbind(sendmail_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(sendmail_t) nscd_use_socket(sendmail_t)
') ')
optional_policy(`postfix.te',` optional_policy(`postfix',`
postfix_read_config(sendmail_t) postfix_read_config(sendmail_t)
postfix_search_spool(sendmail_t) postfix_search_spool(sendmail_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(sendmail_t) seutil_sigchld_newrole(sendmail_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(sendmail_t) udev_read_db(sendmail_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te', ` optional_policy(`rhgb',`
rhgb_domain(sendmail_t) rhgb_domain(sendmail_t)
') ')

18
refpolicy/policy/modules/services/snmp.te
View File

@ -115,7 +115,7 @@ userdom_dontaudit_use_unpriv_user_fd(snmpd_t)
userdom_dontaudit_search_sysadm_home_dir(snmpd_t) userdom_dontaudit_search_sysadm_home_dir(snmpd_t)
ifdef(`distro_redhat', ` ifdef(`distro_redhat', `
optional_policy(`rpm.te', ` optional_policy(`rpm',`
rpm_read_db(snmpd_t) rpm_read_db(snmpd_t)
') ')
') ')
@ -126,19 +126,19 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(snmpd_t) files_dontaudit_read_root_file(snmpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(snmpd_t) nis_use_ypbind(snmpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(snmpd_t) nscd_use_socket(snmpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(snmpd_t) seutil_sigchld_newrole(snmpd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(snmpd_t) udev_read_db(snmpd_t)
') ')
@ -146,23 +146,23 @@ ifdef(`TODO',`
can_udp_send(sysadm_t, snmpd_t) can_udp_send(sysadm_t, snmpd_t)
can_udp_send(snmpd_t, sysadm_t) can_udp_send(snmpd_t, sysadm_t)
optional_policy(`cupsd.te', ` optional_policy(`cupsd',`
allow snmpd_t cupsd_rw_etc_t:file { getattr read }; allow snmpd_t cupsd_rw_etc_t:file { getattr read };
') ')
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(snmpd_t) rhgb_domain(snmpd_t)
') ')
') dnl end TODO ') dnl end TODO
ifdef(`distro_redhat', ` ifdef(`distro_redhat', `
optional_policy(`rpm.te', ` optional_policy(`rpm',`
dontaudit snmpd_t rpm_var_lib_t:dir write; dontaudit snmpd_t rpm_var_lib_t:dir write;
dontaudit snmpd_t rpm_var_lib_t:file write; dontaudit snmpd_t rpm_var_lib_t:file write;
') ')
') ')
optional_policy(`amanda.te', ` optional_policy(`amanda',`
dontaudit snmpd_t amanda_dumpdates_t:file { getattr read }; dontaudit snmpd_t amanda_dumpdates_t:file { getattr read };
') ')

14
refpolicy/policy/modules/services/spamassassin.te
View File

@ -124,33 +124,33 @@ tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files(spamd_t) fs_manage_cifs_files(spamd_t)
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry(spamd_t,spamd_exec_t) cron_system_entry(spamd_t,spamd_exec_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(spamd_t) nis_use_ypbind(spamd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(spamd_t) seutil_sigchld_newrole(spamd_t)
') ')
optional_policy(`sendmail.te',` optional_policy(`sendmail',`
sendmail_stub(spamd_t) sendmail_stub(spamd_t)
mta_read_config(spamd_t) mta_read_config(spamd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(spamd_t) udev_read_db(spamd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(spamd_t) rhgb_domain(spamd_t)
') ')
optional_policy(`amavis.te', ` optional_policy(`amavis', `
# for bayes tokens # for bayes tokens
allow spamd_t var_lib_t:dir { getattr search }; allow spamd_t var_lib_t:dir { getattr search };
allow spamd_t amavisd_lib_t:dir rw_dir_perms; allow spamd_t amavisd_lib_t:dir rw_dir_perms;

16
refpolicy/policy/modules/services/squid.te
View File

@ -144,7 +144,7 @@ tunable_policy(`squid_connect_any',`
corenet_tcp_connect_all_ports(squid_t) corenet_tcp_connect_all_ports(squid_t)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
allow squid_t self:capability kill; allow squid_t self:capability kill;
cron_use_fd(squid_t) cron_use_fd(squid_t)
cron_use_system_job_fd(squid_t) cron_use_system_job_fd(squid_t)
@ -152,32 +152,32 @@ optional_policy(`logrotate.te',`
cron_write_system_job_pipe(squid_t) cron_write_system_job_pipe(squid_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(squid_t) mount_send_nfs_client_request(squid_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(squid_t) nis_use_ypbind(squid_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(squid_t) nscd_use_socket(squid_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_domtrans_winbind_helper(squid_t) samba_domtrans_winbind_helper(squid_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(squid_t) seutil_sigchld_newrole(squid_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(squid_t) udev_read_db(squid_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(squid_t) rhgb_domain(squid_t)
') ')
ifdef(`apache.te',` ifdef(`apache.te',`

20
refpolicy/policy/modules/services/ssh.if
View File

@ -189,15 +189,15 @@ template(`ssh_per_userdomain_template',`
corenet_tcp_bind_ssh_port($1_ssh_t) corenet_tcp_bind_ssh_port($1_ssh_t)
') ')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1_ssh_t) kerberos_use($1_ssh_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_ssh_t) nis_use_ypbind($1_ssh_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_ssh_t) nscd_use_socket($1_ssh_t)
') ')
@ -328,11 +328,11 @@ template(`ssh_per_userdomain_template',`
fs_cifs_domtrans($1_ssh_agent_t, $1_t) fs_cifs_domtrans($1_ssh_agent_t, $1_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_ssh_agent_t) nis_use_ypbind($1_ssh_agent_t)
') ')
# optional_policy(`xdm.te', ` # optional_policy(`xdm',`
# # KDM: # # KDM:
# xdm_sigchld($1_ssh_agent_t) # xdm_sigchld($1_ssh_agent_t)
# ') # ')
@ -374,7 +374,7 @@ template(`ssh_per_userdomain_template',`
# $1_ssh_keysign_t local policy # $1_ssh_keysign_t local policy
# #
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_ssh_keysign_t) nscd_use_socket($1_ssh_keysign_t)
') ')
') ')
@ -506,7 +506,7 @@ template(`ssh_server_template', `
# cjp: commenting out until typeattribute works in conditional # cjp: commenting out until typeattribute works in conditional
# and require block in optional else is resolved # and require block in optional else is resolved
#optional_policy(`inetd.te',` #optional_policy(`inetd',`
# tunable_policy(`run_ssh_inetd',` # tunable_policy(`run_ssh_inetd',`
# allow $1_t self:process signal; # allow $1_t self:process signal;
# files_list_pids($1_t) # files_list_pids($1_t)
@ -523,15 +523,15 @@ template(`ssh_server_template', `
init_use_script_pty($1_t) init_use_script_pty($1_t)
#') #')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1_t) kerberos_use($1_t)
') ')
optional_policy(`mount.te', ` optional_policy(`mount',`
mount_send_nfs_client_request($1_t) mount_send_nfs_client_request($1_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_t) nscd_use_socket($1_t)
') ')

16
refpolicy/policy/modules/services/ssh.te
View File

@ -52,7 +52,7 @@ ifdef(`targeted_policy',`
ssh_server_template(sshd_extern) ssh_server_template(sshd_extern)
# cjp: commenting this out until typeattribute works in a conditional # cjp: commenting this out until typeattribute works in a conditional
# optional_policy(`inetd.te',` # optional_policy(`inetd',`
# tunable_policy(`run_ssh_inetd',` # tunable_policy(`run_ssh_inetd',`
# inetd_tcp_service_domain(sshd_t,sshd_exec_t) # inetd_tcp_service_domain(sshd_t,sshd_exec_t)
# ',` # ',`
@ -111,7 +111,7 @@ ifdef(`targeted_policy',`',`
userdom_signal_unpriv_users(sshd_t) userdom_signal_unpriv_users(sshd_t)
') ')
optional_policy(`rpm.te',` optional_policy(`rpm',`
rpm_use_script_fd(sshd_t) rpm_use_script_fd(sshd_t)
') ')
@ -123,11 +123,11 @@ ifdef(`targeted_policy',`',`
# some versions of sshd on the new SE Linux require setattr # some versions of sshd on the new SE Linux require setattr
allow sshd_t ptyfile:chr_file relabelto; allow sshd_t ptyfile:chr_file relabelto;
optional_policy(`xauth.te',` optional_policy(`xauth',`
domain_trans(sshd_t, xauth_exec_t, userdomain) domain_trans(sshd_t, xauth_exec_t, userdomain)
') ')
',` ',`
optional_policy(`xauth.te',` optional_policy(`xauth',`
domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain) domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain)
') ')
# Relabel and access ptys created by sshd # Relabel and access ptys created by sshd
@ -166,7 +166,7 @@ ifdef(`targeted_policy',`',`
# is allocated # is allocated
allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms; allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms;
optional_policy(`inetd.te',` optional_policy(`inetd',`
tunable_policy(`run_ssh_inetd',` tunable_policy(`run_ssh_inetd',`
domain_trans(inetd_t, sshd_exec_t, sshd_extern_t) domain_trans(inetd_t, sshd_exec_t, sshd_extern_t)
',` ',`
@ -248,16 +248,16 @@ ifdef(`targeted_policy',`',`
files_dontaudit_read_root_file(ssh_keygen_t) files_dontaudit_read_root_file(ssh_keygen_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ssh_keygen_t) seutil_sigchld_newrole(ssh_keygen_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(ssh_keygen_t) udev_read_db(ssh_keygen_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te', ` optional_policy(`rhgb',`
rhgb_domain(ssh_keygen_t) rhgb_domain(ssh_keygen_t)
') ')
') ')

14
refpolicy/policy/modules/services/stunnel.te
View File

@ -102,20 +102,20 @@ ifdef(`distro_gentoo', `
files_dontaudit_read_root_file(stunnel_t) files_dontaudit_read_root_file(stunnel_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(stunnel_t) mount_send_nfs_client_request(stunnel_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(stunnel_t) seutil_sigchld_newrole(stunnel_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(stunnel_t) udev_read_db(stunnel_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(stunnel_t) rhgb_domain(stunnel_t)
') ')
') dnl end TODO ') dnl end TODO
@ -127,15 +127,15 @@ ifdef(`distro_gentoo', `
files_read_etc_files(stunnel_t) files_read_etc_files(stunnel_t)
files_search_home(stunnel_t) files_search_home(stunnel_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(stunnel_t) kerberos_use(stunnel_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(stunnel_t) nis_use_ypbind(stunnel_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(stunnel_t) nscd_use_socket(stunnel_t)
') ')
') ')

10
refpolicy/policy/modules/services/tcpd.te
View File

@ -51,22 +51,22 @@ sysnet_read_config(tcpd_t)
inetd_domtrans_child(tcpd_t) inetd_domtrans_child(tcpd_t)
optional_policy(`finger.te',` optional_policy(`finger',`
finger_domtrans(tcpd_t) finger_domtrans(tcpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(tcpd_t) nis_use_ypbind(tcpd_t)
') ')
optional_policy(`portmap.te',` optional_policy(`portmap',`
portmap_udp_sendto(tcpd_t) portmap_udp_sendto(tcpd_t)
') ')
optional_policy(`rlogin.te',` optional_policy(`rlogin',`
rlogin_domtrans(tcpd_t) rlogin_domtrans(tcpd_t)
') ')
optional_policy(`rshd.te',` optional_policy(`rshd',`
rshd_domtrans(tcpd_t) rshd_domtrans(tcpd_t)
') ')

6
refpolicy/policy/modules/services/telnet.te
View File

@ -89,15 +89,15 @@ sysnet_read_config(telnetd_t)
remotelogin_domtrans(telnetd_t) remotelogin_domtrans(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules? # for identd; cjp: this should probably only be inetd_child rules?
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(telnetd_t) kerberos_use(telnetd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(telnetd_t) nis_use_ypbind(telnetd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(telnetd_t) nscd_use_socket(telnetd_t)
') ')

10
refpolicy/policy/modules/services/tftp.te
View File

@ -89,24 +89,24 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(tftpd_t) files_dontaudit_read_root_file(tftpd_t)
') ')
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request(tftpd_t) mount_send_nfs_client_request(tftpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(tftpd_t) nscd_use_socket(tftpd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(tftpd_t) seutil_sigchld_newrole(tftpd_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev', `
udev_read_db(tftpd_t) udev_read_db(tftpd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(tftpd_t) rhgb_domain(tftpd_t)
') ')
') ')

6
refpolicy/policy/modules/services/uucp.te
View File

@ -97,14 +97,14 @@ miscfiles_read_localization(uucpd_t)
sysnet_read_config(uucpd_t) sysnet_read_config(uucpd_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(uucpd_t) kerberos_use(uucpd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(uucpd_t) nis_use_ypbind(uucpd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(uucpd_t) nscd_use_socket(uucpd_t)
') ')

2
refpolicy/policy/modules/services/xdm.te
View File

@ -100,7 +100,7 @@ ifdef(`targeted_policy',`
files_create_var_lib(xdm_t,xdm_var_lib_t) files_create_var_lib(xdm_t,xdm_var_lib_t)
') ')
optional_policy(`locallogin.te',` optional_policy(`locallogin',`
locallogin_signull(xdm_t) locallogin_signull(xdm_t)
') ')

12
refpolicy/policy/modules/services/zebra.te
View File

@ -112,28 +112,28 @@ ifdef(`targeted_policy', `
unconfined_sigchld(zebra_t) unconfined_sigchld(zebra_t)
') ')
optional_policy(`ldap.te',` optional_policy(`ldap',`
ldap_use(zebra_t) ldap_use(zebra_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(zebra_t) nis_use_ypbind(zebra_t)
') ')
optional_policy(`zebra.te',` optional_policy(`zebra',`
rpm_read_pipe(zebra_t) rpm_read_pipe(zebra_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(zebra_t) seutil_sigchld_newrole(zebra_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(zebra_t) udev_read_db(zebra_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',` optional_policy(`rhgb',`
rhgb_domain(zebra_t) rhgb_domain(zebra_t)
') ')
') dnl end TODO ') dnl end TODO

20
refpolicy/policy/modules/system/authlogin.if
View File

@ -91,23 +91,23 @@ template(`authlogin_per_userdomain_template',`
# Inherit and use descriptors from gnome-pty-helper. # Inherit and use descriptors from gnome-pty-helper.
#ifdef(`gnome-pty-helper.te',`allow $1_chkpwd_t $1_gph_t:fd use;') #ifdef(`gnome-pty-helper.te',`allow $1_chkpwd_t $1_gph_t:fd use;')
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1_chkpwd_t) kerberos_use($1_chkpwd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_chkpwd_t) nis_use_ypbind($1_chkpwd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_chkpwd_t) nscd_use_socket($1_chkpwd_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_connect_winbind($1_chkpwd_t) samba_connect_winbind($1_chkpwd_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_use_newrole_fd($1_chkpwd_t) seutil_use_newrole_fd($1_chkpwd_t)
') ')
') ')
@ -243,15 +243,15 @@ interface(`auth_domtrans_chk_passwd',`
sysnet_dns_name_resolve($1) sysnet_dns_name_resolve($1)
sysnet_use_ldap($1) sysnet_use_ldap($1)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1) kerberos_use($1)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1) nis_use_ypbind($1)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_connect_winbind($1) samba_connect_winbind($1)
') ')
') ')
@ -931,11 +931,11 @@ interface(`auth_use_nsswitch',`
sysnet_dns_name_resolve($1) sysnet_dns_name_resolve($1)
sysnet_use_ldap($1) sysnet_use_ldap($1)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1) nis_use_ypbind($1)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_connect_winbind($1) samba_connect_winbind($1)
') ')
') ')

30
refpolicy/policy/modules/system/authlogin.te
View File

@ -119,15 +119,15 @@ logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fd(pam_t) userdom_use_unpriv_users_fd(pam_t)
optional_policy(`locallogin.te',` optional_policy(`locallogin',`
locallogin_use_fd(pam_t) locallogin_use_fd(pam_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(pam_t) nis_use_ypbind(pam_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(pam_t) nscd_use_socket(pam_t)
') ')
@ -230,30 +230,30 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(pam_console_t) files_dontaudit_read_root_file(pam_console_t)
') ')
optional_policy(`gpm.te',` optional_policy(`gpm',`
gpm_getattr_gpmctl(pam_console_t) gpm_getattr_gpmctl(pam_console_t)
gpm_setattr_gpmctl(pam_console_t) gpm_setattr_gpmctl(pam_console_t)
') ')
optional_policy(`hotplug.te', ` optional_policy(`hotplug',`
hotplug_use_fd(pam_console_t) hotplug_use_fd(pam_console_t)
hotplug_dontaudit_search_config(pam_console_t) hotplug_dontaudit_search_config(pam_console_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(pam_console_t) nscd_use_socket(pam_console_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pam_console_t) seutil_sigchld_newrole(pam_console_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(pam_console_t) udev_read_db(pam_console_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te', ` optional_policy(`rhgb',`
rhgb_domain(pam_console_t) rhgb_domain(pam_console_t)
') ')
@ -306,19 +306,19 @@ sysnet_use_ldap(system_chkpwd_t)
userdom_dontaudit_use_unpriv_user_tty(system_chkpwd_t) userdom_dontaudit_use_unpriv_user_tty(system_chkpwd_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use(system_chkpwd_t) kerberos_use(system_chkpwd_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind(system_chkpwd_t) nis_use_ypbind(system_chkpwd_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(system_chkpwd_t) nscd_use_socket(system_chkpwd_t)
') ')
optional_policy(`samba.te',` optional_policy(`samba',`
samba_connect_winbind(system_chkpwd_t) samba_connect_winbind(system_chkpwd_t)
') ')
@ -354,12 +354,12 @@ logging_search_logs(utempter_t)
# Allow utemper to write to /tmp/.xses-* # Allow utemper to write to /tmp/.xses-*
userdom_write_unpriv_user_tmp(utempter_t) userdom_write_unpriv_user_tmp(utempter_t)
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(utempter_t) nscd_use_socket(utempter_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`xdm.te',` optional_policy(`xdm',`
can_pipe_xdm(utempter_t) can_pipe_xdm(utempter_t)
') ')
') ')

14
refpolicy/policy/modules/system/clock.te
View File

@ -67,31 +67,31 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(hwclock_t) files_dontaudit_read_root_file(hwclock_t)
') ')
optional_policy(`apm.te',` optional_policy(`apm',`
apm_append_log(hwclock_t) apm_append_log(hwclock_t)
apm_rw_stream_socket(hwclock_t) apm_rw_stream_socket(hwclock_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket(hwclock_t) nscd_use_socket(hwclock_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hwclock_t) seutil_sigchld_newrole(hwclock_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db(hwclock_t) udev_read_db(hwclock_t)
') ')
optional_policy(`userdomain.te',` optional_policy(`userdomain',`
userdom_dontaudit_use_unpriv_user_fd(hwclock_t) userdom_dontaudit_use_unpriv_user_fd(hwclock_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te', ` optional_policy(`rhgb',`
rhgb_domain(hwclock_t) rhgb_domain(hwclock_t)
') ')
optional_policy(`gnome-pty-helper.te', `allow hwclock_t sysadm_gph_t:fd use;') optional_policy(`gnome-pty-helper', `allow hwclock_t sysadm_gph_t:fd use;')
') dnl end TODO ') dnl end TODO

8
refpolicy/policy/modules/system/domain.if
View File

@ -90,21 +90,21 @@ interface(`domain_type',`
') ')
# allow any domain to connect to the LDAP server # allow any domain to connect to the LDAP server
optional_policy(`ldap.te',` optional_policy(`ldap',`
ldap_use($1) ldap_use($1)
') ')
# these 3 seem highly questionable: # these 3 seem highly questionable:
optional_policy(`rpm.te',` optional_policy(`rpm',`
rpm_use_fd($1) rpm_use_fd($1)
rpm_read_pipe($1) rpm_read_pipe($1)
') ')
optional_policy(`selinux.te',` optional_policy(`selinux',`
selinux_dontaudit_read_fs($1) selinux_dontaudit_read_fs($1)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_dontaudit_read_config($1) seutil_dontaudit_read_config($1)
') ')
') ')

2
refpolicy/policy/modules/system/files.if
View File

@ -416,7 +416,7 @@ interface(`files_read_all_files',`
allow $1 file_type:dir search; allow $1 file_type:dir search;
allow $1 file_type:file r_file_perms; allow $1 file_type:file r_file_perms;
optional_policy(`authlogin.te',` optional_policy(`authlogin',`
auth_read_shadow($1) auth_read_shadow($1)
') ')
') ')

Some files were not shown because too many files have changed in this diff Show More