Change optional_policy() to refer to the module name rather than modulename.te.

This commit is contained in:
Chris PeBenito 2005-11-23 20:24:27 +00:00
parent af23450c36
commit 1328802a41
124 changed files with 935 additions and 933 deletions

View File

@ -1,3 +1,5 @@
- Change optional_policy() to refer to the module name
rather than modulename.te.
- Fix labeling targets to use installed file_contexts rather
than partial file_contexts in the policy source directory.
- Fix build process to use make's internal vpath functions

View File

@ -77,8 +77,8 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(acct_t)
')
optional_policy(`cron.te',`
optional_policy(`authlogin.te',`
optional_policy(`cron',`
optional_policy(`authlogin',`
# for monthly cron job
auth_create_login_records(acct_t)
auth_manage_login_records(acct_t)
@ -87,20 +87,20 @@ optional_policy(`cron.te',`
cron_system_entry(acct_t,acct_exec_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(acct_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(acct_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(acct_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(acct_t)
')
')

View File

@ -164,19 +164,19 @@ libs_use_shared_libs(amanda_t)
sysnet_read_config(amanda_t)
optional_policy(`authlogin.te',`
optional_policy(`authlogin',`
auth_read_shadow(amanda_t)
')
optional_policy(`logging.te',`
optional_policy(`logging',`
logging_send_syslog_msg(amanda_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(amanda_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(amanda_t)
')
@ -248,10 +248,10 @@ sysnet_read_config(amanda_recover_t)
userdom_search_sysadm_home_subdirs(amanda_recover_t)
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(amanda_recover_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(amanda_recover_t)
')

View File

@ -31,28 +31,28 @@ ifdef(`distro_redhat',`
bootloader_create_runtime_file(anaconda_t)
')
optional_policy(`dmesg.te',`
optional_policy(`dmesg',`
dmesg_domtrans(anaconda_t)
')
optional_policy(`kudzu.te',`
optional_policy(`kudzu',`
kudzu_domtrans(anaconda_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
rpm_domtrans(anaconda_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_domtrans(anaconda_t)
')
optional_policy(`usermanage.te',`
optional_policy(`usermanage',`
usermanage_domtrans_admin_passwd(anaconda_t)
')
ifdef(`TODO',`
optional_policy(`ssh.te',`
optional_policy(`ssh',`
role system_r types sysadm_ssh_agent_t;
domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
')

View File

@ -67,60 +67,60 @@ ifdef(`distro_redhat',`
fs_use_tmpfs_chr_dev(consoletype_t)
')
optional_policy(`apm.te',`
optional_policy(`apm',`
apm_use_fd(consoletype_t)
apm_write_pipe(consoletype_t)
')
optional_policy(`authlogin.te', `
optional_policy(`authlogin', `
auth_read_pam_pid(consoletype_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_read_pipe(consoletype_t)
cron_use_system_job_fd(consoletype_t)
')
optional_policy(`firstboot.te',`
optional_policy(`firstboot',`
files_read_etc_files(consoletype_t)
firstboot_use_fd(consoletype_t)
firstboot_write_pipe(consoletype_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_dontaudit_use_fd(consoletype_t)
')
optional_policy(`lpd.te',`
optional_policy(`lpd',`
lpd_read_config(consoletype_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(consoletype_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
# Commonly used from postinst scripts
rpm_read_pipe(consoletype_t)
')
optional_policy(`userdomain.te',`
optional_policy(`userdomain',`
userdom_use_unpriv_users_fd(consoletype_t)
')
ifdef(`TODO',`
optional_policy(`xdm.te', `
optional_policy(`xdm', `
allow consoletype_t xdm_tmp_t:file rw_file_perms;
')
# this goes to xdm module
ifdef(`targeted_policy',`
optional_policy(`consoletype.te',`
optional_policy(`consoletype',`
consoletype_domtrans(xdm_t)
')
')
optional_policy(`lpd.te', `
optional_policy(`lpd', `
allow consoletype_t printconf_t:file r_file_perms;
')

View File

@ -62,16 +62,16 @@ ifdef(`targeted_policy',`
userdom_use_sysadm_terms(dmesg_t)
userdom_dontaudit_use_unpriv_user_fd(dmesg_t)
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dmesg_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(dmesg_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(dmesg_t)
')
') dnl endif TODO

View File

@ -111,15 +111,15 @@ ifdef(`targeted_policy',`
unconfined_domtrans(firstboot_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(firstboot_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_rw_config(firstboot_t)
')
optional_policy(`usermanage.te',`
optional_policy(`usermanage',`
usermanage_domtrans_chfn(firstboot_t)
usermanage_domtrans_groupadd(firstboot_t)
usermanage_domtrans_passwd(firstboot_t)

View File

@ -134,37 +134,37 @@ tunable_policy(`allow_execmem',`
allow kudzu_t self:process execmem;
')
optional_policy(`gpm.te',`
optional_policy(`gpm',`
gpm_getattr_gpmctl(kudzu_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(kudzu_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(kudzu_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(kudzu_t)
')
ifdef(`TODO',`
allow kudzu_t modules_conf_t:file unlink;
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(kudzu_t)
')
optional_policy(`lpd.te',`
optional_policy(`lpd',`
allow kudzu_t printconf_t:file { getattr read };
')
optional_policy(`xserver.te',`
optional_policy(`xserver',`
allow kudzu_t xserver_exec_t:file getattr;
')
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
allow kudzu_t rhgb_t:unix_stream_socket connectto;
')
optional_policy(`userhelper.te',`
optional_policy(`userhelper',`
role system_r types sysadm_userhelper_t;
domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t)
')

View File

@ -131,52 +131,52 @@ ifdef(`targeted_policy',`
unconfined_domain_template(logrotate_t)
')
optional_policy(`acct.te',`
optional_policy(`acct',`
acct_domtrans(logrotate_t)
acct_manage_data(logrotate_t)
acct_exec_data(logrotate_t)
')
optional_policy(`apache.te',`
optional_policy(`apache',`
apache_read_config(logrotate_t)
apache_domtrans(logrotate_t)
apache_signull(logrotate_t)
')
optional_policy(`consoletype.te',`
optional_policy(`consoletype',`
consoletype_exec(logrotate_t)
')
optional_policy(`hostname.te',`
optional_policy(`hostname',`
hostname_exec(logrotate_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_exec_log(logrotate_t)
')
optional_policy(`mailman.te',`
optional_policy(`mailman',`
mailman_exec(logrotate_t)
mailman_search_data(logrotate_t)
mailman_manage_log(logrotate_t)
')
optional_policy(`mysql.te',`
optional_policy(`mysql',`
mysql_read_config(logrotate_t)
mysql_search_db_dir(logrotate_t)
mysql_stream_connect(logrotate_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(logrotate_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(logrotate_t)
')
optional_policy(`squid.te',`
optional_policy(`squid',`
# cjp: why?
squid_domtrans(logrotate_t)
')

View File

@ -82,7 +82,7 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(netutils_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(netutils_t)
')
@ -144,19 +144,19 @@ ifdef(`targeted_policy',`
')
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(ping_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(ping_t)
')
optional_policy(`pcmcia.te',`
optional_policy(`pcmcia',`
pcmcia_use_cardmgr_fd(ping_t)
')
optional_policy(`hotplug.te',`
optional_policy(`hotplug',`
hotplug_use_fd(ping_t)
')
@ -225,11 +225,11 @@ tunable_policy(`user_ping',`
term_use_all_user_ptys(traceroute_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(traceroute_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(traceroute_t)
')

View File

@ -67,11 +67,11 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(quota_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(quota_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(quota_t)
')
@ -82,7 +82,7 @@ file_type_auto_trans(quota_t, { root_t home_root_t var_t usr_t src_t var_spool_t
allow quota_t file_t:file quotaon;
allow quota_t proc_t:file getattr;
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(quota_t)
')
') dnl end TODO

View File

@ -177,15 +177,15 @@ ifdef(`targeted_policy',`
logging_create_log(rpm_t,rpm_log_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(rpm_t,rpm_exec_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(rpm_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(rpm_t)
')
@ -205,7 +205,7 @@ allow rpm_t mount_t:tcp_socket write;
allow rpm_t rpc_pipefs_t:dir search;
optional_policy(`gnome-pty-helper.te', `
optional_policy(`gnome-pty-helper',`
allow rpm_t sysadm_gph_t:fd use;
')
') dnl endif TODO
@ -322,12 +322,12 @@ ifdef(`targeted_policy',`
unconfined_domain_template(rpm_script_t)
',`
ifdef(`distro_redhat',`
optional_policy(`mta.te',`
optional_policy(`mta',`
mta_send_mail(rpm_script_t)
')
')
optional_policy(`bootloader.te',`
optional_policy(`bootloader',`
bootloader_domtrans(rpm_script_t)
')
')
@ -336,17 +336,17 @@ tunable_policy(`allow_execmem',`
allow rpm_script_t self:process execmem;
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(rpm_script_t)
')
optional_policy(`usermanage.te',`
optional_policy(`usermanage',`
usermanage_domtrans_groupadd(rpm_script_t)
usermanage_domtrans_useradd(rpm_script_t)
')
ifdef(`TODO',`
optional_policy(`lpd.te', `
optional_policy(`lpd',`
can_exec(rpm_script_t,printconf_t)
')
') dnl end TODO
@ -371,7 +371,7 @@ seutil_read_src_pol(rpmbuild_t)
ifdef(`TODO',`
optional_policy(`cups.te', `
optional_policy(`cups',`
allow cupsd_t rpm_var_lib_t:dir r_dir_perms;
allow cupsd_t rpm_var_lib_t:file r_file_perms;
allow cupsd_t rpb_var_lib_t:lnk_file r_file_perms;
@ -379,16 +379,16 @@ allow cupsd_t initrc_exec_t:file r_file_perms;
domain_auto_trans(rpm_script_t, cupsd_exec_t, cupsd_t)
')
optional_policy(`ssh-agent.te', `
optional_policy(`ssh-agent',`
domain_auto_trans(rpm_script_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
')
optional_policy(`prelink.te', `
optional_policy(`prelink',`
domain_auto_trans(rpm_t, prelink_exec_t, prelink_t)
')
ifdef(`hide_broken_symptoms', `
optional_policy(`pamconsole.te', `
optional_policy(`pamconsole',`
domain_trans(rpm_t, pam_console_exec_t, rpm_script_t)
')
')

View File

@ -77,15 +77,15 @@ template(`su_restricted_domain_template', `
# Only allow transitions to unprivileged user domains.
userdom_spec_domtrans_unpriv_users($1_su_t)
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_read_pipe($1_su_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1_su_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_su_t)
')
@ -247,15 +247,15 @@ template(`su_per_userdomain_template',`
fs_search_cifs($1_su_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_read_pipe($1_su_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1_su_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_su_t)
')

View File

@ -155,11 +155,11 @@ template(`sudo_per_userdomain_template',`
userdom_spec_domtrans_all_users($1_sudo_t)
}
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_sudo_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_sudo_t)
')

View File

@ -89,45 +89,45 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(updfstab_t)
')
optional_policy(`authlogin.te',`
optional_policy(`authlogin',`
auth_domtrans_pam_console(updfstab_t)
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
dbus_system_bus_client_template(updfstab,updfstab_t)
dbus_send_system_bus_msg(updfstab_t)
')
optional_policy(`hald.te',`
optional_policy(`hald',`
hal_stream_connect(updfstab_t)
')
optional_policy(`modutils.te',`
optional_policy(`modutils',`
modutils_read_module_conf(updfstab_t)
modutils_exec_insmod(updfstab_t)
modutils_read_mods_deps(updfstab_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(updfstab_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(updfstab_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(updfstab_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(updfstab_t)
')
allow updfstab_t tmpfs_t:dir getattr;
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
allow initrc_t updfstab_t:dbus send_msg;
allow updfstab_t initrc_t:dbus send_msg;
')

View File

@ -132,7 +132,7 @@ userdom_use_unpriv_users_fd(chfn_t)
# on user home dir
userdom_dontaudit_search_all_users_home(chfn_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(chfn_t)
')
@ -178,7 +178,7 @@ logging_send_syslog_msg(crack_t)
userdom_dontaudit_search_sysadm_home_dir(crack_t)
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(crack_t,crack_exec_t)
')
@ -246,15 +246,15 @@ userdom_use_unpriv_users_fd(groupadd_t)
# for when /root is the cwd
userdom_dontaudit_search_sysadm_home_dir(groupadd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(groupadd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(groupadd_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
rpm_use_fd(groupadd_t)
rpm_rw_pipe(groupadd_t)
')
@ -339,7 +339,7 @@ userdom_use_unpriv_users_fd(passwd_t)
# on user home dir
userdom_dontaudit_search_all_users_home(passwd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(passwd_t)
')
@ -435,7 +435,7 @@ userdom_use_unpriv_users_fd(sysadm_passwd_t)
# on user home dir
userdom_dontaudit_search_all_users_home(sysadm_passwd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(sysadm_passwd_t)
')
@ -530,15 +530,15 @@ userdom_create_generic_user_home(useradd_t,notdevfile_class_set)
mta_manage_spool(useradd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(useradd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(useradd_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
rpm_use_fd(useradd_t)
rpm_rw_pipe(useradd_t)
')

View File

@ -98,14 +98,14 @@ sysnet_manage_config(vpnc_t)
userdom_use_all_user_fd(vpnc_t)
userdom_dontaudit_search_all_users_home(vpnc_t)
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(vpnc_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(vpnc_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(vpnc_t)
')

View File

@ -125,7 +125,7 @@ template(`gpg_per_userdomain_template',`
userdom_use_user_terminals($1,$1_gpg_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_gpg_t)
')

View File

@ -95,18 +95,18 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(webalizer_t)
')
optional_policy(`ftp.te',`
optional_policy(`ftp',`
ftp_read_log(webalizer_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(webalizer_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(webalizer_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(webalizer_t,webalizer_exec_t)
')

View File

@ -200,18 +200,18 @@ ifdef(`targeted_policy',`
term_use_generic_pty(bootloader_t)
')
optional_policy(`fstools.te',`
optional_policy(`fstools',`
fstools_exec(bootloader_t)
')
optional_policy(`lvm.te',`
optional_policy(`lvm',`
dev_rw_lvm_control(bootloader_t)
lvm_domtrans(bootloader_t)
lvm_read_config(bootloader_t)
')
optional_policy(`modutils.te',`
optional_policy(`modutils',`
modutils_exec_insmod(bootloader_t)
modutils_read_mods_deps(bootloader_t)
modutils_read_module_conf(bootloader_t)
@ -220,15 +220,15 @@ optional_policy(`modutils.te',`
modutils_exec_update_mods(bootloader_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(bootloader_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
rpm_rw_pipe(bootloader_t)
')
optional_policy(`userdomain.te',`
optional_policy(`userdomain',`
userdom_dontaudit_search_staff_home_dir(bootloader_t)
userdom_dontaudit_search_sysadm_home_dir(bootloader_t)
')

View File

@ -230,11 +230,11 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(kernel_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(kernel_t)
')
optional_policy(`rpc.te',`
optional_policy(`rpc',`
# nfs kernel server needs kernel UDP access. It is less risky and painful
# to just give it everything.
allow kernel_t self:tcp_socket create_stream_socket_perms;

View File

@ -206,24 +206,24 @@ template(`apache_content_template',`
sysnet_read_config(httpd_$1_script_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
mount_send_nfs_client_request(httpd_$1_script_t)
')
')
optional_policy(`mta.te',`
optional_policy(`mta',`
mta_send_mail(httpd_$1_script_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
tunable_policy(`httpd_enable_cgi && allow_ypbind',`
nis_use_ypbind_uncond(httpd_$1_script_t)
')
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(httpd_$1_script_t)
')
')

View File

@ -383,11 +383,11 @@ tunable_policy(`httpd_tty_comm',`
userdom_dontaudit_use_sysadm_terms(httpd_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(httpd_t)
')
optional_policy(`mailman.te',`
optional_policy(`mailman',`
mailman_signal_cgi(httpd_t)
mailman_domtrans_cgi(httpd_t)
# should have separate types for public and private archives
@ -395,30 +395,30 @@ optional_policy(`mailman.te',`
mailman_read_archive(httpd_t)
')
optional_policy(`mysql.te',`
optional_policy(`mysql',`
mysql_stream_connect(httpd_t)
mysql_rw_db_socket(httpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(httpd_t)
')
optional_policy(`postgresql.te',`
optional_policy(`postgresql',`
# Allow httpd to work with postgresql
postgresql_unix_connect(httpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(httpd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev', `
udev_read_db(httpd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(httpd_t)
')
@ -492,11 +492,11 @@ libs_use_shared_libs(httpd_php_t)
userdom_use_unpriv_users_fd(httpd_php_t)
optional_policy(`mysql.te',`
optional_policy(`mysql',`
mysql_stream_connect(httpd_php_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(httpd_php_t)
')
@ -610,28 +610,28 @@ tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_execute_cifs_files(httpd_suexec_t)
')
optional_policy(`mailman.te',`
optional_policy(`mailman',`
mailman_domtrans_cgi(httpd_suexec_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
tunable_policy(`httpd_can_network_connect',`
mount_send_nfs_client_request(httpd_suexec_t)
')
')
optional_policy(`mta.te',`
optional_policy(`mta',`
mta_stub(httpd_suexec_t)
# apache should set close-on-exec
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(httpd_suexec_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(httpd_suexec_t)
')
@ -665,7 +665,7 @@ ifdef(`targeted_policy',`
')
')
optional_policy(`mysql.te',`
optional_policy(`mysql',`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_socket(httpd_sys_script_t)
')
@ -677,6 +677,6 @@ optional_policy(`mysql.te',`
unconfined_domain_template(httpd_unconfined_script_t)
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(httpd_unconfined_script_t)
')

View File

@ -155,15 +155,15 @@ ifdef(`distro_redhat',`
can_exec(apmd_t, apmd_var_run_t)
# ifconfig_exec_t needs to be run in its own domain for Red Hat
optional_policy(`sysnetwork.te',`
optional_policy(`sysnetwork',`
sysnet_domtrans_ifconfig(apmd_t)
')
optional_policy(`iptables.te',`
optional_policy(`iptables',`
iptables_domtrans(apmd_t)
')
optional_policy(`netutils.te',`
optional_policy(`netutils',`
netutils_domtrans(apmd_t)
')
@ -186,37 +186,37 @@ ifdef(`targeted_policy',`
unconfined_domain_template(apmd_t)
')
optional_policy(`clock.te',`
optional_policy(`clock',`
clock_domtrans(apmd_t)
clock_rw_adjtime(apmd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_domtrans_anacron_system_job(apmd_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_use_fd(apmd_t)
')
optional_policy(`mta.te',`
optional_policy(`mta',`
mta_send_mail(apmd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(apmd_t)
')
optional_policy(`pcmcia.te',`
optional_policy(`pcmcia',`
pcmcia_domtrans_cardmgr(apmd_t)
pcmcia_domtrans_cardctl(apmd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(apmd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(apmd_t)
udev_read_state(apmd_t) #necessary?
')
@ -224,13 +224,13 @@ optional_policy(`udev.te',`
ifdef(`TODO',`
allow apmd_t proc_t:file write;
allow apmd_t user_tty_type:chr_file { ioctl read getattr lock write append };
optional_policy(`cron.te',`
optional_policy(`cron',`
allow apmd_t crond_t:fifo_file { getattr read write ioctl };
')
r_dir_file(apmd_t, hwdata_t)
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(apmd_t)
')
')

View File

@ -98,25 +98,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(arpwatch_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(arpwatch_t)
')
optional_policy(`qmail.te',`
optional_policy(`qmail',`
corecmd_search_bin(arpwatch_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(arpwatch_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(arpwatch_t)
')
ifdef(`TODO',`
# TODO from daemon_domain
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(arpwatch_t)
')
')

View File

@ -86,7 +86,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(avahi_t)
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
dbus_system_bus_client_template(avahi,avahi_t)
dbus_connect_system_bus(avahi_t)
dbus_send_system_bus_msg(avahi_t)
@ -96,20 +96,20 @@ optional_policy(`dbus.te',`
allow unconfined_t avahi_t:dbus send_msg;
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(avahi_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(avahi_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(avahi_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(avahi_t)
')
') dnl end TODO

View File

@ -150,7 +150,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(named_t)
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
gen_require(`
class dbus send_msg;
')
@ -161,19 +161,19 @@ optional_policy(`dbus.te',`
dbus_send_system_bus_msg(named_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(named_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(named_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(named_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(named_t)
')
@ -181,7 +181,7 @@ ifdef(`TODO',`
can_udp_send(domain, named_t)
can_udp_send(named_t, domain)
can_tcp_connect(domain, named_t)
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(named_t)
')
')
@ -259,19 +259,19 @@ tunable_policy(`named_write_master_zones',`
allow named_t named_zone_t:lnk_file create_lnk_perms;
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(named_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(ndc_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(ndc_t)
')
optional_policy(`bind.te',`
optional_policy(`bind',`
ppp_dontaudit_use_fd(ndc_t)
')
@ -286,12 +286,12 @@ allow named_t dhcpc_t:dbus send_msg;
allow dhcpc_t named_t:dbus send_msg;
# cjp: this whole block was originally in networkmanager
optional_policy(`networkmanager.te',`
optional_policy(`networkmanager',`
gen_require(`
type NetworkManager_t;
')
# optional_policy(`dbus.te',`
# optional_policy(`dbus',`
# gen_require(`
# class dbus send_msg;
# ')

View File

@ -141,25 +141,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(bluetooth_t)
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
dbus_system_bus_client_template(bluetooth,bluetooth_t)
dbus_send_system_bus_msg(bluetooth_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(bluetooth_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(bluetooth_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(bluetooth_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(bluetooth_t)
')
') dnl end TOOD
@ -208,7 +208,7 @@ miscfiles_read_fonts(bluetooth_helper_t)
userdom_search_all_users_home(bluetooth_helper_t)
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(bluetooth_helper_t)
')

View File

@ -94,24 +94,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(canna_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(canna_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(canna_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(canna_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(canna_t)
')
optional_policy(`canna.te',`
optional_policy(`canna',`
canna_stream_connect(i18n_input_t)
')
')

View File

@ -79,15 +79,15 @@ userdom_dontaudit_getattr_sysadm_tty(comsat_t)
mta_getattr_spool(comsat_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(comsat_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(comsat_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(comsat_t)
')

View File

@ -61,20 +61,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cpucontrol_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(cpucontrol_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cpucontrol_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(cpucontrol_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(cpucontrol_t)
')
') dnl end TODO
@ -121,20 +121,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cpuspeed_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(cpuspeed_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cpuspeed_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(cpuspeed_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(cpuspeed_t)
')
') dnl end TODO

View File

@ -146,12 +146,12 @@ template(`cron_per_userdomain_template',`
allow crond_t $1_cron_spool_t:file create_file_perms;
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_crond_t)
')
ifdef(`TODO',`
optional_policy(`apache.te', `
optional_policy(`apache',`
create_dir_file($1_crond_t, httpd_$1_content_t)
')
allow $1_crond_t tmp_t:dir rw_dir_perms;

View File

@ -133,7 +133,7 @@ userdom_use_unpriv_users_fd(crond_t)
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out.
optional_policy(`rpm.te', `
optional_policy(`rpm',`
rpm_manage_log(crond_t)
')
')
@ -170,29 +170,29 @@ tunable_policy(`fcron_crond', `
allow crond_t system_cron_spool_t:file create_file_perms;
')
optional_policy(`hal.te',`
optional_policy(`hal',`
hal_dbus_send(crond_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(crond_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(crond_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
# Commonly used from postinst scripts
rpm_read_pipe(crond_t)
')
optional_policy(`postgresql.te', `
optional_policy(`postgresql',`
# allow crond to find /usr/lib/postgresql/bin/do.maintenance
postgresql_search_db_dir(crond_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(crond_t)
')
@ -200,7 +200,7 @@ ifdef(`TODO',`
# NB The constraints file has some entries for crond_t, this makes it
# different from all other domains...
optional_policy(`rhgb.te', `
optional_policy(`rhgb',`
rhgb_domain(crond_t)
')
@ -222,7 +222,7 @@ allow crond_t user_home_dir_type:dir r_dir_perms;
# System cron process domain
#
optional_policy(`squid.te',`
optional_policy(`squid',`
# cjp: why?
squid_domtrans(system_crond_t)
')
@ -352,7 +352,7 @@ ifdef(`targeted_policy',`
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out.
optional_policy(`rpm.te', `
optional_policy(`rpm',`
rpm_manage_log(system_crond_t)
')
')
@ -369,33 +369,33 @@ ifdef(`targeted_policy',`
seutil_read_file_contexts(system_crond_t)
')
optional_policy(`cyrus.te',`
optional_policy(`cyrus',`
cyrus_manage_data(system_crond_t)
')
optional_policy(`ftp.te',`
optional_policy(`ftp',`
ftp_read_log(system_crond_t)
')
optional_policy(`inn.te',`
optional_policy(`inn',`
inn_manage_log(system_crond_t)
inn_manage_pid(system_crond_t)
inn_read_config(system_crond_t)
')
optional_policy(`mysql.te',`
optional_policy(`mysql',`
mysql_read_config(system_crond_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(system_crond_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(system_crond_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_read_config(system_crond_t)
samba_read_log(system_crond_t)
#samba_read_secrets(system_crond_t)

View File

@ -198,35 +198,35 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cupsd_t)
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd,cupsd_t)
dbus_send_system_bus_msg(cupsd_t)
allow cupsd_t userdomain:dbus send_msg;
')
optional_policy(`hostname.te',`
optional_policy(`hostname',`
hostname_exec(cupsd_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(cupsd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(cupsd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cupsd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(cupsd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(cupsd_t)
')
allow web_client_domain cupsd_t:tcp_socket { connectto recvfrom };
@ -246,11 +246,11 @@ dontaudit cupsd_t random_device_t:chr_file ioctl;
# temporary solution, we need something better
allow cupsd_t serial_device:chr_file rw_file_perms;
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
domain_auto_trans(logrotate_t, cupsd_exec_t, cupsd_t)
')
optional_policy(`inetd.te', `
optional_policy(`inetd',`
domain_auto_trans(inetd_t, cupsd_exec_t, cupsd_t)
')
@ -262,7 +262,7 @@ dontaudit cupsd_t etc_t:file write;
# Send to portmap.
optional_policy(`portmap.te', `
optional_policy(`portmap', `
allow cupsd_t portmap_t:udp_socket sendto;
allow portmap_t cupsd_t:udp_socket recvfrom;
allow portmap_t cupsd_t:udp_socket sendto;
@ -281,7 +281,7 @@ allow cupsd_t var_t:dir { getattr read search };
allow cupsd_t var_t:file r_file_perms;
allow cupsd_t var_t:lnk_file { getattr read };
optional_policy(`samba.te', `
optional_policy(`samba',`
# cjp: rw_dir_perms here doesnt make sense
allow cupsd_t samba_var_t:dir rw_dir_perms;
allow cupsd_t samba_var_t:file rw_file_perms;
@ -289,7 +289,7 @@ allow cupsd_t samba_var_t:lnk_file { getattr read };
allow smbd_t cupsd_etc_t:dir search;
')
optional_policy(`pam.te', `
optional_policy(`authlogin',`
dontaudit cupsd_t pam_var_run_t:file { getattr read };
')
dontaudit cupsd_t { sysadm_home_dir_t staff_home_dir_t }:dir { getattr search };
@ -369,16 +369,16 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ptal_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ptal_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(ptal_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(ptal_t)
')
') dnl end TODO
@ -479,20 +479,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hplip_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(hplip_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hplip_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(hplip_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(hplip_t)
')
') dnl end TODO
@ -599,36 +599,36 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(cupsd_config_t)
')
optional_policy(`hal.te',`
optional_policy(`hal',`
hal_domtrans(cupsd_config_t)
')
optional_policy(`hostname.te',`
optional_policy(`hostname',`
hostname_exec(cupsd_config_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_use_fd(cupsd_config_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(cupsd_config_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(cupsd_config_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cupsd_config_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(cupsd_config_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(cupsd_config_t)
')
') dnl end TODO
@ -637,7 +637,7 @@ allow cupsd_config_t devpts_t:dir search;
allow cupsd_config_t devpts_t:chr_file { getattr ioctl };
ifdef(`distro_redhat', `
optional_policy(`rpm.te',`
optional_policy(`rpm',`
allow cupsd_config_t rpm_var_lib_t:dir { getattr search };
allow cupsd_config_t rpm_var_lib_t:file { getattr read };
')
@ -646,7 +646,7 @@ ifdef(`distro_redhat', `
allow cupsd_config_t var_t:lnk_file read;
optional_policy(`dbus.te',`
optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
dbus_connect_system_bus(cupsd_config_t)
dbus_send_system_bus_msg(cupsd_config_t)
@ -655,8 +655,8 @@ optional_policy(`dbus.te',`
allow userdomain cupsd_config_t:dbus send_msg;
')
optional_policy(`hal.te', `
optional_policy(`dbus.te', `
optional_policy(`hal', `
optional_policy(`dbus',`
allow { cupsd_t cupsd_config_t } hald_t:dbus send_msg;
allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg;
')
@ -703,7 +703,7 @@ allow cupsd_lpd_t self:udp_socket create_socket_perms;
allow cupsd_lpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow cupsd_lpd_t self:capability { setuid setgid };
files_search_home(cupsd_lpd_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(cupsd_lpd_t)
')
#end for identd
@ -755,10 +755,10 @@ miscfiles_read_localization(cupsd_lpd_t)
sysnet_read_config(cupsd_lpd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(cupsd_lpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(cupsd_lpd_t)
')

View File

@ -85,17 +85,17 @@ sysnet_read_config(cvs_t)
mta_send_mail(cvs_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(cvs_t)
kerberos_read_keytab(cvs_t)
kerberos_read_config(cvs_t)
kerberos_dontaudit_write_config(cvs_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(cvs_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(cvs_t)
')

View File

@ -117,32 +117,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cyrus_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(cyrus_t,cyrus_exec_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(cyrus_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(cyrus_t)
')
optional_policy(`sasl.te',`
optional_policy(`sasl',`
sasl_connect(cyrus_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cyrus_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(cyrus_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(cyrus_t)
')
')

View File

@ -32,7 +32,7 @@ allow dbskkd_t self:udp_socket create_socket_perms;
allow dbskkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow dbskkd_t self:capability { setuid setgid };
files_search_home(dbskkd_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(dbskkd_t)
')
#end for identd
@ -75,10 +75,10 @@ miscfiles_read_localization(dbskkd_t)
sysnet_read_config(dbskkd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(dbskkd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(dbskkd_t)
')

View File

@ -141,11 +141,11 @@ template(`dbus_per_userdomain_template',`
files_read_default_pipes($1_dbusd_t)
')
optional_policy(`authlogin.te',`
optional_policy(`authlogin',`
auth_read_pam_console_data($1_dbusd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_dbusd_t)
')

View File

@ -124,24 +124,24 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(system_dbusd_t)
')
optional_policy(`bind.te',`
optional_policy(`bind',`
bind_domtrans(system_dbusd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(system_dbusd_t)
')
optional_policy(`sysnetwork.te',`
optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(system_dbusd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(system_dbusd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(system_dbusd_t)
')
')

View File

@ -114,33 +114,33 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dhcpd_t)
')
optional_policy(`bind.te',`
optional_policy(`bind',`
# used for dynamic DNS
bind_read_dnssec_keys(dhcpd_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(dhcpd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(dhcpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(dhcpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dhcpd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(dhcpd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(dhcpd_t)
')
') dnl end TODO

View File

@ -86,24 +86,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dictd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(dictd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(dictd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dictd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(dictd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(dictd_t)
')
') dnl end TODO

View File

@ -96,20 +96,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(distccd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(distccd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(distccd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(distccd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(distccd_t)
')
') dnl end TODO

View File

@ -121,19 +121,19 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dovecot_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(dovecot_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(dovecot_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dovecot_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(dovecot_t)
')
@ -170,24 +170,24 @@ seutil_dontaudit_search_config(dovecot_auth_t)
sysnet_dns_name_resolve(dovecot_auth_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(dovecot_auth_t)
')
optional_policy(`logging.te',`
optional_policy(`logging',`
logging_send_syslog_msg(dovecot_auth_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(dovecot_auth_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(dovecot_auth_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(dovecot_t)
')
')

View File

@ -107,32 +107,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(fingerd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(fingerd_t,fingerd_exec_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_exec(fingerd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(fingerd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(fingerd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(fingerd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(fingerd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(fingerd_t)
')
')

View File

@ -132,7 +132,7 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty(ftpd_t)
term_dontaudit_use_unallocated_tty(ftpd_t)
optional_policy(`ftp.te',`
optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',`
# cjp: fix this to use regular interfaces
userdom_manage_user_home_subdir_files(user,ftpd_t)
@ -178,19 +178,19 @@ tunable_policy(`use_samba_home_dirs && ftp_home_dir',`
fs_read_cifs_symlinks(ftpd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t)
cron_system_entry(ftpd_t, ftpd_exec_t)
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_exec(ftpd_t)
')
')
optional_policy(`inetd.te',`
optional_policy(`inetd',`
#reh: typeattributes not allowed in conditionals yet.
#tunable_policy(`! ftpd_is_daemon',`
# inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
@ -198,31 +198,31 @@ optional_policy(`inetd.te',`
inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
optional_policy(`tcpd.te',`
optional_policy(`tcpd',`
tunable_policy(`! ftpd_is_daemon',`
tcpd_domtrans(tcpd_t)
')
')
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(ftpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(ftpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ftpd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev', `
udev_read_db(ftpd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(ftpd_t)
')
')

View File

@ -83,11 +83,11 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(gpm_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(gpm_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(gpm_t)
')
@ -95,7 +95,7 @@ ifdef(`TODO',`
# Access the mouse.
# cjp: why write?
allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms;
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(gpm_t)
')
')

View File

@ -126,70 +126,70 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hald_t)
')
optional_policy(`apm.te',`
optional_policy(`apm',`
# For /usr/libexec/hald-addon-acpi
# writes to /var/run/acpid.socket
apm_stream_connect(hald_t)
')
optional_policy(`cups.te',`
optional_policy(`cups',`
cups_domtrans_config(hald_t)
')
optional_policy(`dbus.te',`
optional_policy(`dbus',`
allow hald_t self:dbus send_msg;
dbus_system_bus_client_template(hald,hald_t)
dbus_send_system_bus_msg(hald_t)
dbus_connect_system_bus(hald_t)
')
optional_policy(`dmidecode.te',`
optional_policy(`dmidecode',`
# For /usr/libexec/hald-probe-smbios
dmidecode_domtrans(hald_t)
')
optional_policy(`hotplug.te',`
optional_policy(`hotplug',`
hotplug_read_config(hald_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_domtrans(hald_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(hald_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(hald_t)
')
optional_policy(`pcmcia.te',`
optional_policy(`pcmcia',`
pcmcia_manage_pid(hald_t)
pcmcia_manage_runtime_chr(hald_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hald_t)
')
optional_policy(`udev.te', `
optional_policy(`udev', `
udev_domtrans(hald_t)
udev_read_db(hald_t)
')
optional_policy(`updfstab.te',`
optional_policy(`updfstab',`
updfstab_domtrans(hald_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(hald_t)
')
allow hald_t device_t:dir create_dir_perms;
optional_policy(`hald.te',`
optional_policy(`hald',`
allow udev_t hald_t:unix_dgram_socket sendto;
')
') dnl end TODO
@ -199,7 +199,7 @@ allow unconfined_t hald_t:dbus send_msg;
allow hald_t unconfined_t:dbus send_msg;
')
optional_policy(`updfstab.te',`
optional_policy(`updfstab',`
allow updfstab_t hald_t:dbus send_msg;
allow hald_t updfstab_t:dbus send_msg;
')

View File

@ -81,20 +81,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(howl_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(howl_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(howl_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(howl_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(howl_t)
')
')

View File

@ -126,37 +126,37 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(inetd_t)
')
optional_policy(`amanda.te',`
optional_policy(`amanda',`
amanda_search_lib(inetd_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(inetd_t)
')
# Communicate with the portmapper.
optional_policy(`portmap.te',`
optional_policy(`portmap',`
portmap_udp_sendto(inetd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(inetd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(inetd_t)
')
ifdef(`targeted_policy',`
unconfined_domain_template(inetd_t)
',`
optional_policy(`unconfined.te',`
optional_policy(`unconfined',`
unconfined_domtrans(inetd_t)
')
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(inetd_t)
')
') dnl TODO
@ -220,21 +220,21 @@ tunable_policy(`run_ssh_inetd',`
corenet_tcp_bind_ssh_port(inetd_t)
')
optional_policy(`ftp.te',`
optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',`
# Allows it to check exec privs on daemon
ftp_check_exec(inetd_t)
')
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(inetd_child_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(inetd_child_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(inetd_child_t)
')

View File

@ -121,32 +121,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(innd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(innd_t, innd_exec_t)
')
optional_policy(`hostname.te',`
optional_policy(`hostname',`
hostname_exec(innd_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(innd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(innd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(innd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(innd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(innd_t)
')
allow innd_t sysadm_t:unix_dgram_socket sendto;

View File

@ -136,20 +136,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(kadmind_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(kadmind_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(kadmind_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(kadmind_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(kadmind_t)
')
') dnl end TODO
@ -241,20 +241,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(krb5kdc_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(krb5kdc_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(krb5kdc_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(krb5kdc_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(krb5kdc_t)
')

View File

@ -33,7 +33,7 @@ allow ktalkd_t self:capability { setuid setgid };
allow ktalkd_t self:dir search;
allow ktalkd_t self:{ lnk_file file } { getattr read };
files_search_home(ktalkd_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(ktalkd_t)
')
#end for identd
@ -75,10 +75,10 @@ miscfiles_read_localization(ktalkd_t)
sysnet_read_config(ktalkd_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(ktalkd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(ktalkd_t)
')

View File

@ -137,20 +137,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(slapd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(slapd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(slapd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(slapd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(slapd_t)
')
') dnl end TODO

View File

@ -100,15 +100,15 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(checkpc_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(checkpc_t,checkpc_exec_t)
')
optional_policy(`logging.te',`
optional_policy(`logging',`
logging_send_syslog_msg(checkpc_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(checkpc_t)
')
@ -217,25 +217,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(lpd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(lpd_t)
nis_tcp_connect_ypbind(lpd_t)
')
optional_policy(`portmap.te',`
optional_policy(`portmap',`
portmap_udp_sendto(lpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(lpd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(lpd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(lpd_t)
')
') dnl end TODO

View File

@ -85,11 +85,11 @@ template(`mailman_domain_template', `
sysnet_read_config(mailman_$1_t)
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(mailman_$1_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(mailman_$1_t)
')
')

View File

@ -35,7 +35,7 @@ mailman_domain_template(queue)
# optionals for file contexts yet, so it is promoted
# to global scope until such facilities exist.
optional_policy(`apache.te',`
optional_policy(`apache',`
allow mailman_cgi_t mailman_archive_t:dir create_dir_perms;
allow mailman_cgi_t mailman_archive_t:lnk_file create_lnk_perms;
allow mailman_cgi_t mailman_archive_t:file create_file_perms;
@ -66,7 +66,7 @@ allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t)
ifdef(`TODO',`
optional_policy(`qmail.te', `
optional_policy(`qmail',`
allow mailman_mail_t qmail_spool_t:file { read ioctl getattr };
# do we really need this?
allow mailman_mail_t qmail_lspawn_t:fifo_file write;
@ -107,10 +107,10 @@ mta_tcp_connect_all_mailservers(mailman_queue_t)
su_exec(mailman_queue_t)
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(mailman_queue_t,mailman_queue_exec_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(mailman_queue_t)
')

View File

@ -131,21 +131,21 @@ template(`mta_per_userdomain_template',`
fs_manage_cifs_symlinks($1_mail_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_mail_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_mail_t)
')
optional_policy(`postfix.te',`
optional_policy(`postfix',`
allow $1_mail_t self:capability dac_override;
postfix_read_config($1_mail_t)
postfix_list_spool($1_mail_t)
')
optional_policy(`procmail.te',`
optional_policy(`procmail',`
procmail_exec($1_mail_t)
')
@ -268,11 +268,11 @@ interface(`mta_mailserver_delivery',`
allow $1 mail_spool_t:file { create ioctl read getattr lock append };
allow $1 mail_spool_t:lnk_file { create read getattr };
optional_policy(`dovecot.te',`
optional_policy(`dovecot',`
dovecot_manage_spool($1)
')
optional_policy(`mailman.te',`
optional_policy(`mailman',`
# so MTA can access /var/lib/mailman/mail/wrapper
files_search_var_lib($1)
@ -298,7 +298,7 @@ interface(`mta_mailserver_user_agent',`
typeattribute $1 mta_user_agent;
optional_policy(`apache.te',`
optional_policy(`apache',`
# apache should set close-on-exec
apache_dontaudit_rw_stream_socket($1)
apache_dontaudit_rw_sys_script_stream_socket($1)

View File

@ -39,7 +39,7 @@ files_tmp_file(system_mail_tmp_t)
# cjp: need to resolve this, but require{}
# does not work in the else part of the optional
#ifdef(`targeted_policy',`',`
# optional_policy(`sendmail.te',`',`
# optional_policy(`sendmail',`',`
# init_system_domain(system_mail_t,sendmail_exec_t)
# ')
#')
@ -137,7 +137,7 @@ ifdef(`targeted_policy',`
userdom_create_user_home(user,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
# cjp: another require-in-else to resolve
# optional_policy(`postfix.te',`',`
# optional_policy(`postfix',`',`
corecmd_exec_bin(system_mail_t)
corecmd_exec_sbin(system_mail_t)
@ -152,7 +152,7 @@ ifdef(`targeted_policy',`
# ')
')
optional_policy(`apache.te',`
optional_policy(`apache',`
apache_read_squirrelmail_data(system_mail_t)
apache_append_squirrelmail_data(system_mail_t)
@ -163,31 +163,31 @@ optional_policy(`apache.te',`
apache_dontaudit_rw_sys_script_stream_socket(system_mail_t)
')
optional_policy(`arpwatch.te',`
optional_policy(`arpwatch',`
arpwatch_rw_tmp_files(system_mail_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_read_system_job_tmp_files(system_mail_t)
')
optional_policy(`cvs.te',`
optional_policy(`cvs',`
cvs_read_data(system_mail_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_read_tmp_files(system_mail_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(system_mail_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(system_mail_t)
')
optional_policy(`postfix.te',`
optional_policy(`postfix',`
postfix_stub(system_mail_t)
allow system_mail_t etc_aliases_t:dir create_dir_perms;
@ -199,7 +199,7 @@ optional_policy(`postfix.te',`
domain_use_wide_inherit_fd(system_mail_t)
optional_policy(`crond.te',`
optional_policy(`crond',`
cron_crw_tcp_socket(system_mail_t)
')
@ -207,11 +207,11 @@ optional_policy(`postfix.te',`
type_transition postfix_master_t postfix_etc_t:dir etc_aliases_t;
')
optional_policy(`procmail.te',`
optional_policy(`procmail',`
procmail_exec(system_mail_t)
')
optional_policy(`sendmail.te',`
optional_policy(`sendmail',`
sendmail_stub(system_mail_t)
allow system_mail_t etc_mail_t:dir { getattr search };
@ -226,11 +226,11 @@ optional_policy(`sendmail.te',`
')
ifdef(`TODO',`
optional_policy(`sendmail.te',`
optional_policy(`sendmail',`
allow system_mail_t { var_t var_spool_t }:dir getattr;
dontaudit system_mail_t userpty_type:chr_file { getattr read write };
optional_policy(`crond.te', `
optional_policy(`crond',`
dontaudit system_mail_t system_crond_tmp_t:file append;
')
')
@ -244,7 +244,7 @@ ifdef(`targeted_policy',`
')
optional_policy(`qmail.te',`
optional_policy(`qmail',`
allow system_mail_t qmail_etc_t:dir search;
allow system_mail_t qmail_etc_t:{ file lnk_file } read;
')
@ -252,7 +252,7 @@ optional_policy(`qmail.te',`
allow mta_user_agent system_crond_tmp_t:file { read getattr };
optional_policy(`arpwatch.te',`
optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
arpwatch_manage_tmp_files(system_mail_t)

View File

@ -120,31 +120,31 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(mysqld_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(mysqld_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(mysqld_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(mysqld_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(mysqld_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(mysqld_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(mysqld_t)
')
optional_policy(`daemontools.te',`
optional_policy(`daemontools',`
domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t)
mysqld_signal(svc_start_t)

View File

@ -111,40 +111,40 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(NetworkManager_t)
')
optional_policy(`bluetooth.te',`
optional_policy(`bluetooth',`
bluetooth_dontaudit_read_helper_files(NetworkManager_t)
')
optional_policy(`consoletype.te',`
optional_policy(`consoletype',`
consoletype_exec(NetworkManager_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(NetworkManager_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(NetworkManager_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(NetworkManager_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(NetworkManager_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(NetworkManager_t)
')
optional_policy(`vpn.te',`
optional_policy(`vpn',`
vpn_domtrans(NetworkManager_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(NetworkManager_t)
')
') dnl end TODO
@ -154,7 +154,7 @@ optional_policy(`rhgb.te',`
# Partially converted rules. THESE ARE ONLY TEMPORARY
#
optional_policy(`dbus.te',`
optional_policy(`dbus',`
gen_require(`
class dbus send_msg;
')
@ -179,7 +179,7 @@ optional_policy(`dbus.te',`
allow unconfined_t NetworkManager_t:dbus send_msg;
')
optional_policy(`hal.te',`
optional_policy(`hal',`
allow NetworkManager_t hald_t:dbus send_msg;
allow hald_t NetworkManager_t:dbus send_msg;
')

View File

@ -108,7 +108,7 @@ interface(`nis_use_ypbind',`
dontaudit $1 var_yp_t:dir search;
')
optional_policy(`mount.te',`
optional_policy(`mount',`
tunable_policy(`allow_ypbind',`
mount_send_nfs_client_request($1)
')

View File

@ -114,24 +114,24 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ypbind_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(ypbind_t)
')
optional_policy(`portmap.te',`
optional_policy(`portmap',`
portmap_udp_sendto(ypbind_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ypbind_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(ypbind_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
optional_policy(`rhgb',`
rhgb_domain(ypbind_t)
')
') dnl end TODO
@ -215,20 +215,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ypserv_t)
')
optional_policy(`portmap.te',`
optional_policy(`portmap',`
portmap_udp_sendto(ypserv_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ypserv_t)
')
optional_policy(`udev.te', `
optional_policy(`udev', `
udev_read_db(ypserv_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
optional_policy(`rhgb', `
rhgb_domain(ypserv_t)
')

View File

@ -121,21 +121,21 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(nscd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(nscd_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_connect_winbind(nscd_t)
samba_search_var(nscd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(nscd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(nscd_t)
')
') dnl end TODO

View File

@ -121,47 +121,47 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ntpd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
# for cron jobs
cron_system_entry(ntpd_t,ntpdate_exec_t)
')
optional_policy(`firstboot.te',`
optional_policy(`firstboot',`
firstboot_dontaudit_use_fd(ntpd_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_exec(ntpd_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(ntpd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(ntpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(ntpd_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
# cjp: the connect was previously missing
# so it might be ok to drop this
samba_connect_winbind(ntpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ntpd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(ntpd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(ntpd_t)
')
allow ntpd_t sysadm_t:udp_socket sendto;

View File

@ -106,25 +106,25 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(pegasus_t)
')
optional_policy(`logging.te',`
optional_policy(`logging',`
logging_send_syslog_msg(pegasus_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(pegasus_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pegasus_t)
seutil_dontaudit_read_config(pegasus_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(pegasus_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(pegasus_t)
')
') dnl end TODO

View File

@ -103,37 +103,37 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(portmap_t)
')
optional_policy(`inetd.te',`
optional_policy(`inetd',`
inetd_udp_sendto(portmap_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(portmap_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(portmap_t)
nis_udp_sendto_ypbind(portmap_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(portmap_t)
')
optional_policy(`rpc.te',`
optional_policy(`rpc',`
rpc_udp_sendto_nfs(portmap_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(portmap_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(portmap_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(portmap_t)
')
@ -205,11 +205,11 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty(portmap_helper_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(portmap_helper_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(portmap_helper_t)
')

View File

@ -89,11 +89,11 @@ template(`postfix_domain_template',`
files_dontaudit_read_root_file(postfix_$1_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(postfix_$1_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(postfix_$1_t)
')
')
@ -126,7 +126,7 @@ template(`postfix_server_domain_template',`
sysnet_read_config(postfix_$1_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(postfix_$1_t)
')
')

View File

@ -168,11 +168,11 @@ sysnet_read_config(postfix_master_t)
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(postfix_master_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(postfix_master_t)
')
@ -306,7 +306,7 @@ mta_delete_spool(postfix_local_t)
# For reading spamassasin
mta_read_config(postfix_local_t)
optional_policy(`procmail.te',`
optional_policy(`procmail',`
procmail_domtrans(postfix_local_t)
')
@ -385,7 +385,7 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(postfix_map_t)
')
optional_policy(`locallogin.te',`
optional_policy(`locallogin',`
locallogin_dontaudit_use_fd(postfix_map_t)
')
@ -425,7 +425,7 @@ allow postfix_pipe_t postfix_private_t:sock_file write;
allow postfix_pipe_t postfix_spool_t:dir search;
allow postfix_pipe_t postfix_spool_t:file rw_file_perms;
optional_policy(`procmail.te',`
optional_policy(`procmail',`
procmail_domtrans(postfix_pipe_t)
')
@ -457,14 +457,14 @@ ifdef(`targeted_policy', `
term_use_generic_pty(postfix_postdrop_t)
')
optional_policy(`crond.te',`
optional_policy(`crond',`
cron_use_fd(postfix_postdrop_t)
cron_rw_pipe(postfix_postdrop_t)
cron_use_system_job_fd(postfix_postdrop_t)
cron_rw_system_job_pipe(postfix_postdrop_t)
')
optional_policy(`ppp.te',`
optional_policy(`ppp',`
ppp_use_fd(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
')
@ -507,7 +507,7 @@ init_use_script_fd(postfix_postqueue_t)
sysnet_dontaudit_read_config(postfix_postqueue_t)
ifdef(`TODO',`
optional_policy(`gnome-pty-helper.te', `allow postfix_postqueue_t user_gph_t:fd use;')
optional_policy(`gnome-pty-helper', `allow postfix_postqueue_t user_gph_t:fd use;')
')
########################################
@ -600,6 +600,6 @@ allow { postfix_smtp_t postfix_smtpd_t } postfix_prng_t:file rw_file_perms;
files_read_usr_files(postfix_smtpd_t)
mta_read_aliases(postfix_smtpd_t)
optional_policy(`sasl.te',`
optional_policy(`sasl',`
sasl_connect(postfix_smtpd_t)
')

View File

@ -151,41 +151,41 @@ tunable_policy(`allow_execmem',`
allow postgresql_t self:process execmem;
')
optional_policy(`consoletype.te', `
optional_policy(`consoletype',`
consoletype_exec(postgresql_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_search_spool(postgresql_t)
cron_system_entry(postgresql_t,postgresql_exec_t)
')
optional_policy(`hostname.te', `
optional_policy(`hostname',`
hostname_exec(postgresql_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(postgresql_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(postgresql_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(postgresql_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(postgresql_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(postgresql_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(postgresql_t)
')
ifdef(`targeted_policy', `', `

View File

@ -180,7 +180,7 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty(pppd_t)
files_dontaudit_read_root_file(pppd_t)
optional_policy(`postfix.te',`
optional_policy(`postfix',`
gen_require(`
bool postfix_disable_trans;
')
@ -190,34 +190,34 @@ ifdef(`targeted_policy', `
}
')
',`
optional_policy(`postfix.te',`
optional_policy(`postfix',`
postfix_domtrans_master(pppd_t)
')
')
optional_policy(`modutils.te',`
optional_policy(`modutils',`
tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
modutils_domtrans_insmod_uncond(pppd_t)
')
')
optional_policy(`mta.te',`
optional_policy(`mta',`
mta_send_mail(pppd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(pppd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(pppd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pppd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(pppd_t)
')
@ -300,27 +300,27 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(pptp_t)
')
optional_policy(`hostname.te',`
optional_policy(`hostname',`
hostname_exec(pptp_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(pptp_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pptp_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(pptp_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(pppd_t)
')
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(pptp_t)
')
')

View File

@ -80,24 +80,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(privoxy_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(privoxy_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(privoxy_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(privoxy_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(privoxy_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(privoxy_t)
')
')

View File

@ -76,26 +76,26 @@ ifdef(`targeted_policy', `
files_getattr_tmp_dir(procmail_t)
')
optional_policy(`logging.te',`
optional_policy(`logging',`
logging_send_syslog_msg(procmail_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(procmail_t)
')
optional_policy(`postfix.te',`
optional_policy(`postfix',`
# for a bug in the postfix local program
postfix_dontaudit_rw_local_tcp_socket(procmail_t)
postfix_dontaudit_use_fd(procmail_t)
')
optional_policy(`sendmail.te',`
optional_policy(`sendmail',`
mta_read_config(procmail_t)
sendmail_rw_tcp_socket(procmail_t)
')
optional_policy(`spamassassin.te',`
optional_policy(`spamassassin',`
corenet_udp_bind_generic_port(procmail_t)
files_getattr_tmp_dir(procmail_t)

View File

@ -107,32 +107,32 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(radiusd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(radiusd_t,radiusd_exec_t)
')
optional_policy(`logrotate.te', `
optional_policy(`logrotate',`
logrotate_exec(radiusd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(radiusd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(radiusd_t)
')
optional_policy(`snmp.te',`
optional_policy(`snmp',`
snmp_use(radiusd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(radiusd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(radiusd_t)
')
') dnl end TODO

View File

@ -83,20 +83,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(radvd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(radvd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(radvd_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db(radvd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(radvd_t)
')
')

View File

@ -151,21 +151,21 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(remote_login_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(remote_login_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(remote_login_t)
')
optional_policy(`usermanage.te',`
optional_policy(`usermanage',`
usermanage_read_crack_db(remote_login_t)
')
ifdef(`TODO',`
# this goes to xdm:
optional_policy(`remotelogin.te',`
optional_policy(`remotelogin',`
# FIXME: what is this for?
remotelogin_signull(xdm_t)
')
@ -179,12 +179,12 @@ domain_auto_trans($1_login_t, alsa_exec_t, alsa_t)
allow remote_login_t userpty_type:chr_file { setattr write };
allow remote_login_t ptyfile:chr_file { getattr ioctl };
optional_policy(`rlogind.te', `
optional_policy(`rlogind',`
allow remote_login_t rlogind_devpts_t:chr_file { setattr rw_file_perms };
allow remote_login_t rlogind_devpts_t:chr_file { relabelfrom relabelto };
')
optional_policy(`telnetd.te', `
optional_policy(`telnetd',`
allow remote_login_t telnetd_devpts_t:chr_file { setattr rw_file_perms };
allow remote_login_t telnetd_devpts_t:chr_file { relabelfrom relabelto };
')

View File

@ -93,18 +93,18 @@ userdom_read_all_user_files(rlogind_t)
remotelogin_domtrans(rlogind_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_read_keytab(rlogind_t)
# for identd; cjp: this should probably only be inetd_child rules?
kerberos_use(rlogind_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(rlogind_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(rlogind_t)
')

View File

@ -98,24 +98,24 @@ template(`rpc_domain_template', `
files_dontaudit_read_root_file($1_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request($1_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db($1_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain($1_t)
')
')

View File

@ -67,7 +67,7 @@ ifdef(`distro_redhat',`
allow rpcd_t self:capability { chown dac_override setgid setuid };
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_read_ypserv_config(rpcd_t)
')
@ -151,7 +151,7 @@ tunable_policy(`allow_gssd_read_tmp',`
userdom_read_unpriv_user_tmp_symlinks(gssd_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(gssd_t)
kerberos_read_keytab(gssd_t)
')

View File

@ -78,16 +78,16 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(rshd_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(rshd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(rshd_t)
')
ifdef(`TODO',`
optional_policy(`rlogind.te', `
optional_policy(`rlogind',`
allow rshd_t rlogind_tmp_t:file rw_file_perms;
')
')

View File

@ -87,14 +87,14 @@ tunable_policy(`allow_rsync_anon_write',`
miscfiles_manage_public_files(rsync_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(rsync_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(rsync_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(rsync_t)
')

View File

@ -134,11 +134,11 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(samba_net_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(samba_net_t)
')
optional_policy(`ldap.te',`
optional_policy(`ldap',`
allow samba_net_t self:tcp_socket create_socket_perms;
corenet_tcp_sendrecv_all_if(samba_net_t)
corenet_raw_sendrecv_all_if(samba_net_t)
@ -149,7 +149,7 @@ optional_policy(`ldap.te',`
sysnet_read_config(samba_net_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(samba_net_t)
')
@ -284,32 +284,32 @@ tunable_policy(`allow_smbd_anon_write',`
miscfiles_manage_public_files(smbd_t)
')
optional_policy(`cups.te',`
optional_policy(`cups',`
cups_read_rw_config(smbd_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(smbd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(smbd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(smbd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(smbd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev', `
udev_read_db(smbd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(smbd_t)
')
') dnl end TODO
@ -416,20 +416,20 @@ ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(nmbd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(nmbd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(nmbd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(nmbd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(nmbd_t)
')
')
@ -511,11 +511,11 @@ sysnet_read_config(smbmount_t)
userdom_use_all_user_fd(smbmount_t)
userdom_use_sysadm_tty(smbmount_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(smbmount_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(smbmount_t)
')
@ -620,28 +620,28 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(winbind_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(winbind_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(winbind_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(winbind_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(winbind_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(winbind_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(winbind_t)
')
') dnl end TODO
@ -680,11 +680,11 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(winbind_helper_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(winbind_helper_t)
')
optional_policy(`squid.te',`
optional_policy(`squid',`
squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t)
')

View File

@ -87,22 +87,22 @@ ifdef(`targeted_policy', `
# auth_read_shadow(saslauthd_t)
#')
optional_policy(`mysql.te',`
optional_policy(`mysql',`
mysql_search_db_dir(saslauthd_t)
mysql_stream_connect(saslauthd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(saslauthd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(saslauthd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(saslauthd_t)
')
')

View File

@ -114,29 +114,29 @@ ifdef(`targeted_policy',`
files_create_pid(sendmail_t,sendmail_var_run_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(sendmail_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(sendmail_t)
')
optional_policy(`postfix.te',`
optional_policy(`postfix',`
postfix_read_config(sendmail_t)
postfix_search_spool(sendmail_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(sendmail_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(sendmail_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
optional_policy(`rhgb',`
rhgb_domain(sendmail_t)
')

View File

@ -115,7 +115,7 @@ userdom_dontaudit_use_unpriv_user_fd(snmpd_t)
userdom_dontaudit_search_sysadm_home_dir(snmpd_t)
ifdef(`distro_redhat', `
optional_policy(`rpm.te', `
optional_policy(`rpm',`
rpm_read_db(snmpd_t)
')
')
@ -126,19 +126,19 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(snmpd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(snmpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(snmpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(snmpd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(snmpd_t)
')
@ -146,23 +146,23 @@ ifdef(`TODO',`
can_udp_send(sysadm_t, snmpd_t)
can_udp_send(snmpd_t, sysadm_t)
optional_policy(`cupsd.te', `
optional_policy(`cupsd',`
allow snmpd_t cupsd_rw_etc_t:file { getattr read };
')
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(snmpd_t)
')
') dnl end TODO
ifdef(`distro_redhat', `
optional_policy(`rpm.te', `
optional_policy(`rpm',`
dontaudit snmpd_t rpm_var_lib_t:dir write;
dontaudit snmpd_t rpm_var_lib_t:file write;
')
')
optional_policy(`amanda.te', `
optional_policy(`amanda',`
dontaudit snmpd_t amanda_dumpdates_t:file { getattr read };
')

View File

@ -124,33 +124,33 @@ tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files(spamd_t)
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry(spamd_t,spamd_exec_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(spamd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(spamd_t)
')
optional_policy(`sendmail.te',`
optional_policy(`sendmail',`
sendmail_stub(spamd_t)
mta_read_config(spamd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(spamd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(spamd_t)
')
optional_policy(`amavis.te', `
optional_policy(`amavis', `
# for bayes tokens
allow spamd_t var_lib_t:dir { getattr search };
allow spamd_t amavisd_lib_t:dir rw_dir_perms;

View File

@ -144,7 +144,7 @@ tunable_policy(`squid_connect_any',`
corenet_tcp_connect_all_ports(squid_t)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
allow squid_t self:capability kill;
cron_use_fd(squid_t)
cron_use_system_job_fd(squid_t)
@ -152,32 +152,32 @@ optional_policy(`logrotate.te',`
cron_write_system_job_pipe(squid_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(squid_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(squid_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(squid_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_domtrans_winbind_helper(squid_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(squid_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(squid_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(squid_t)
')
ifdef(`apache.te',`

View File

@ -189,15 +189,15 @@ template(`ssh_per_userdomain_template',`
corenet_tcp_bind_ssh_port($1_ssh_t)
')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1_ssh_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_ssh_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_ssh_t)
')
@ -328,11 +328,11 @@ template(`ssh_per_userdomain_template',`
fs_cifs_domtrans($1_ssh_agent_t, $1_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_ssh_agent_t)
')
# optional_policy(`xdm.te', `
# optional_policy(`xdm',`
# # KDM:
# xdm_sigchld($1_ssh_agent_t)
# ')
@ -374,7 +374,7 @@ template(`ssh_per_userdomain_template',`
# $1_ssh_keysign_t local policy
#
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_ssh_keysign_t)
')
')
@ -506,7 +506,7 @@ template(`ssh_server_template', `
# cjp: commenting out until typeattribute works in conditional
# and require block in optional else is resolved
#optional_policy(`inetd.te',`
#optional_policy(`inetd',`
# tunable_policy(`run_ssh_inetd',`
# allow $1_t self:process signal;
# files_list_pids($1_t)
@ -523,15 +523,15 @@ template(`ssh_server_template', `
init_use_script_pty($1_t)
#')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1_t)
')
optional_policy(`mount.te', `
optional_policy(`mount',`
mount_send_nfs_client_request($1_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_t)
')

View File

@ -52,7 +52,7 @@ ifdef(`targeted_policy',`
ssh_server_template(sshd_extern)
# cjp: commenting this out until typeattribute works in a conditional
# optional_policy(`inetd.te',`
# optional_policy(`inetd',`
# tunable_policy(`run_ssh_inetd',`
# inetd_tcp_service_domain(sshd_t,sshd_exec_t)
# ',`
@ -111,7 +111,7 @@ ifdef(`targeted_policy',`',`
userdom_signal_unpriv_users(sshd_t)
')
optional_policy(`rpm.te',`
optional_policy(`rpm',`
rpm_use_script_fd(sshd_t)
')
@ -123,11 +123,11 @@ ifdef(`targeted_policy',`',`
# some versions of sshd on the new SE Linux require setattr
allow sshd_t ptyfile:chr_file relabelto;
optional_policy(`xauth.te',`
optional_policy(`xauth',`
domain_trans(sshd_t, xauth_exec_t, userdomain)
')
',`
optional_policy(`xauth.te',`
optional_policy(`xauth',`
domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain)
')
# Relabel and access ptys created by sshd
@ -166,7 +166,7 @@ ifdef(`targeted_policy',`',`
# is allocated
allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms;
optional_policy(`inetd.te',`
optional_policy(`inetd',`
tunable_policy(`run_ssh_inetd',`
domain_trans(inetd_t, sshd_exec_t, sshd_extern_t)
',`
@ -248,16 +248,16 @@ ifdef(`targeted_policy',`',`
files_dontaudit_read_root_file(ssh_keygen_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ssh_keygen_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(ssh_keygen_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
optional_policy(`rhgb',`
rhgb_domain(ssh_keygen_t)
')
')

View File

@ -102,20 +102,20 @@ ifdef(`distro_gentoo', `
files_dontaudit_read_root_file(stunnel_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(stunnel_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(stunnel_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(stunnel_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(stunnel_t)
')
') dnl end TODO
@ -127,15 +127,15 @@ ifdef(`distro_gentoo', `
files_read_etc_files(stunnel_t)
files_search_home(stunnel_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(stunnel_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(stunnel_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(stunnel_t)
')
')

View File

@ -51,22 +51,22 @@ sysnet_read_config(tcpd_t)
inetd_domtrans_child(tcpd_t)
optional_policy(`finger.te',`
optional_policy(`finger',`
finger_domtrans(tcpd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(tcpd_t)
')
optional_policy(`portmap.te',`
optional_policy(`portmap',`
portmap_udp_sendto(tcpd_t)
')
optional_policy(`rlogin.te',`
optional_policy(`rlogin',`
rlogin_domtrans(tcpd_t)
')
optional_policy(`rshd.te',`
optional_policy(`rshd',`
rshd_domtrans(tcpd_t)
')

View File

@ -89,15 +89,15 @@ sysnet_read_config(telnetd_t)
remotelogin_domtrans(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules?
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(telnetd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(telnetd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(telnetd_t)
')

View File

@ -89,24 +89,24 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(tftpd_t)
')
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request(tftpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(tftpd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(tftpd_t)
')
optional_policy(`udev.te', `
optional_policy(`udev', `
udev_read_db(tftpd_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(tftpd_t)
')
')

View File

@ -97,14 +97,14 @@ miscfiles_read_localization(uucpd_t)
sysnet_read_config(uucpd_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(uucpd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(uucpd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(uucpd_t)
')

View File

@ -100,7 +100,7 @@ ifdef(`targeted_policy',`
files_create_var_lib(xdm_t,xdm_var_lib_t)
')
optional_policy(`locallogin.te',`
optional_policy(`locallogin',`
locallogin_signull(xdm_t)
')

View File

@ -112,28 +112,28 @@ ifdef(`targeted_policy', `
unconfined_sigchld(zebra_t)
')
optional_policy(`ldap.te',`
optional_policy(`ldap',`
ldap_use(zebra_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(zebra_t)
')
optional_policy(`zebra.te',`
optional_policy(`zebra',`
rpm_read_pipe(zebra_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(zebra_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(zebra_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
optional_policy(`rhgb',`
rhgb_domain(zebra_t)
')
') dnl end TODO

View File

@ -91,23 +91,23 @@ template(`authlogin_per_userdomain_template',`
# Inherit and use descriptors from gnome-pty-helper.
#ifdef(`gnome-pty-helper.te',`allow $1_chkpwd_t $1_gph_t:fd use;')
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1_chkpwd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_chkpwd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_chkpwd_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_connect_winbind($1_chkpwd_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_use_newrole_fd($1_chkpwd_t)
')
')
@ -243,15 +243,15 @@ interface(`auth_domtrans_chk_passwd',`
sysnet_dns_name_resolve($1)
sysnet_use_ldap($1)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_connect_winbind($1)
')
')
@ -931,11 +931,11 @@ interface(`auth_use_nsswitch',`
sysnet_dns_name_resolve($1)
sysnet_use_ldap($1)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_connect_winbind($1)
')
')

View File

@ -119,15 +119,15 @@ logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fd(pam_t)
optional_policy(`locallogin.te',`
optional_policy(`locallogin',`
locallogin_use_fd(pam_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(pam_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(pam_t)
')
@ -230,30 +230,30 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(pam_console_t)
')
optional_policy(`gpm.te',`
optional_policy(`gpm',`
gpm_getattr_gpmctl(pam_console_t)
gpm_setattr_gpmctl(pam_console_t)
')
optional_policy(`hotplug.te', `
optional_policy(`hotplug',`
hotplug_use_fd(pam_console_t)
hotplug_dontaudit_search_config(pam_console_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(pam_console_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pam_console_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(pam_console_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
optional_policy(`rhgb',`
rhgb_domain(pam_console_t)
')
@ -306,19 +306,19 @@ sysnet_use_ldap(system_chkpwd_t)
userdom_dontaudit_use_unpriv_user_tty(system_chkpwd_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use(system_chkpwd_t)
')
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind(system_chkpwd_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(system_chkpwd_t)
')
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_connect_winbind(system_chkpwd_t)
')
@ -354,12 +354,12 @@ logging_search_logs(utempter_t)
# Allow utemper to write to /tmp/.xses-*
userdom_write_unpriv_user_tmp(utempter_t)
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(utempter_t)
')
ifdef(`TODO',`
optional_policy(`xdm.te',`
optional_policy(`xdm',`
can_pipe_xdm(utempter_t)
')
')

View File

@ -67,31 +67,31 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(hwclock_t)
')
optional_policy(`apm.te',`
optional_policy(`apm',`
apm_append_log(hwclock_t)
apm_rw_stream_socket(hwclock_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket(hwclock_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hwclock_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db(hwclock_t)
')
optional_policy(`userdomain.te',`
optional_policy(`userdomain',`
userdom_dontaudit_use_unpriv_user_fd(hwclock_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
optional_policy(`rhgb',`
rhgb_domain(hwclock_t)
')
optional_policy(`gnome-pty-helper.te', `allow hwclock_t sysadm_gph_t:fd use;')
optional_policy(`gnome-pty-helper', `allow hwclock_t sysadm_gph_t:fd use;')
') dnl end TODO

View File

@ -90,21 +90,21 @@ interface(`domain_type',`
')
# allow any domain to connect to the LDAP server
optional_policy(`ldap.te',`
optional_policy(`ldap',`
ldap_use($1)
')
# these 3 seem highly questionable:
optional_policy(`rpm.te',`
optional_policy(`rpm',`
rpm_use_fd($1)
rpm_read_pipe($1)
')
optional_policy(`selinux.te',`
optional_policy(`selinux',`
selinux_dontaudit_read_fs($1)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_dontaudit_read_config($1)
')
')

View File

@ -416,7 +416,7 @@ interface(`files_read_all_files',`
allow $1 file_type:dir search;
allow $1 file_type:file r_file_perms;
optional_policy(`authlogin.te',`
optional_policy(`authlogin',`
auth_read_shadow($1)
')
')

Some files were not shown because too many files have changed in this diff Show More