Merge upstream
This commit is contained in:
commit
14ffaf836d
@ -1,3 +1,4 @@
|
|||||||
|
- Unconditional staff and user oidentd home config access from Dominick Grift.
|
||||||
- Conditional mmap_zero support from Dominick Grift.
|
- Conditional mmap_zero support from Dominick Grift.
|
||||||
- Added devtmpfs support.
|
- Added devtmpfs support.
|
||||||
- Dbadm updates from KaiGai Kohei.
|
- Dbadm updates from KaiGai Kohei.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(certwatch, 1.5.1)
|
policy_module(certwatch, 1.5.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(firstboot, 1.11.1)
|
policy_module(firstboot, 1.11.2)
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
class passwd rootok;
|
class passwd rootok;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(smoltclient,1.0.0)
|
policy_module(smoltclient, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -18,7 +18,7 @@ files_tmp_file(smoltclient_tmp_t)
|
|||||||
# Local policy
|
# Local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow smoltclient_t self:process { setsched getsched };
|
allow smoltclient_t self:process { setsched getsched };
|
||||||
|
|
||||||
allow smoltclient_t self:fifo_file rw_fifo_file_perms;
|
allow smoltclient_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow smoltclient_t self:tcp_socket create_socket_perms;
|
allow smoltclient_t self:tcp_socket create_socket_perms;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(awstats, 1.2.0)
|
policy_module(awstats, 1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(staff, 2.1.1)
|
policy_module(staff, 2.1.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -52,10 +52,6 @@ optional_policy(`
|
|||||||
apache_role(staff_r, staff_t)
|
apache_role(staff_r, staff_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
mozilla_run_plugin(staff_t, staff_r)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
auditadm_role_change(staff_r)
|
auditadm_role_change(staff_r)
|
||||||
')
|
')
|
||||||
@ -64,16 +60,33 @@ optional_policy(`
|
|||||||
dbadm_role_change(staff_r)
|
dbadm_role_change(staff_r)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
accountsd_dbus_chat(staff_t)
|
||||||
|
accountsd_read_lib_files(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
gnomeclock_dbus_chat(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
firewallgui_dbus_chat(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
lpd_list_spool(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
kerneloops_dbus_chat(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
logadm_role_change(staff_r)
|
logadm_role_change(staff_r)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
webadm_role_change(staff_r)
|
mozilla_run_plugin(staff_t, staff_r)
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
kerneloops_manage_tmp_files(staff_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -85,22 +98,36 @@ optional_policy(`
|
|||||||
postgresql_role(staff_r, staff_t)
|
postgresql_role(staff_r, staff_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
secadm_role_change(staff_r)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
unconfined_role_change(staff_r)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
rtkit_scheduled(staff_t)
|
rtkit_scheduled(staff_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
rpm_dbus_chat(staff_usertype)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
secadm_role_change(staff_r)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
sandbox_transition(staff_t, staff_r)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
screen_role_template(staff, staff_r, staff_t)
|
screen_role_template(staff, staff_r, staff_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
sysadm_role_change(staff_r)
|
||||||
|
userdom_dontaudit_use_user_terminals(staff_t)
|
||||||
|
')
|
||||||
|
optional_policy(`
|
||||||
|
setroubleshoot_stream_connect(staff_t)
|
||||||
|
setroubleshoot_dbus_chat(staff_t)
|
||||||
|
setroubleshoot_dbus_chat_fixit(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_role_template(staff, staff_r, staff_t)
|
ssh_role_template(staff, staff_r, staff_t)
|
||||||
')
|
')
|
||||||
@ -110,12 +137,23 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
sysadm_role_change(staff_r)
|
telepathy_dbus_session_role(staff_r, staff_t)
|
||||||
userdom_dontaudit_use_user_terminals(staff_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
telepathy_dbus_session_role(staff_r, staff_t)
|
userhelper_console_role_template(staff, staff_r, staff_usertype)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
unconfined_role_change(staff_r)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
virt_stream_connect(staff_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
webadm_role_change(staff_r)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -235,46 +273,3 @@ ifndef(`distro_redhat',`
|
|||||||
wireshark_role(staff_r, staff_t)
|
wireshark_role(staff_r, staff_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
accountsd_dbus_chat(staff_t)
|
|
||||||
accountsd_read_lib_files(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
gnomeclock_dbus_chat(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
firewallgui_dbus_chat(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
lpd_list_spool(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
kerneloops_dbus_chat(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
rpm_dbus_chat(staff_usertype)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
sandbox_transition(staff_t, staff_r)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
setroubleshoot_stream_connect(staff_t)
|
|
||||||
setroubleshoot_dbus_chat(staff_t)
|
|
||||||
setroubleshoot_dbus_chat_fixit(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
virt_stream_connect(staff_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
userhelper_console_role_template(staff, staff_r, staff_usertype)
|
|
||||||
')
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(unprivuser, 2.1.1)
|
policy_module(unprivuser, 2.1.2)
|
||||||
|
|
||||||
# this module should be named user, but that is
|
# this module should be named user, but that is
|
||||||
# a compile error since user is a keyword.
|
# a compile error since user is a keyword.
|
||||||
@ -18,6 +18,11 @@ optional_policy(`
|
|||||||
apache_role(user_r, user_t)
|
apache_role(user_r, user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
oident_manage_user_content(user_t)
|
||||||
|
oident_relabel_user_content(user_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mozilla_run_plugin(user_t, user_r)
|
mozilla_run_plugin(user_t, user_r)
|
||||||
')
|
')
|
||||||
@ -39,11 +44,11 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
telepathy_dbus_session_role(user_r, user_t)
|
setroubleshoot_dontaudit_stream_connect(user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
setroubleshoot_dontaudit_stream_connect(user_t)
|
telepathy_dbus_session_role(user_r, user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -53,7 +58,7 @@ optional_policy(`
|
|||||||
ifndef(`distro_redhat',`
|
ifndef(`distro_redhat',`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
auth_role(user_r, user_t)
|
auth_role(user_r, user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
bluetooth_role(user_r, user_t)
|
bluetooth_role(user_r, user_t)
|
||||||
@ -70,7 +75,7 @@ ifndef(`distro_redhat',`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_role_template(user, user_r, user_t)
|
dbus_role_template(user, user_r, user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
evolution_role(user_r, user_t)
|
evolution_role(user_r, user_t)
|
||||||
')
|
')
|
||||||
@ -119,11 +124,6 @@ ifndef(`distro_redhat',`
|
|||||||
mta_role(user_r, user_t)
|
mta_role(user_r, user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
oident_manage_user_content(user_t)
|
|
||||||
oident_relabel_user_content(user_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
postgresql_role(user_r, user_t)
|
postgresql_role(user_r, user_t)
|
||||||
')
|
')
|
||||||
|
@ -208,7 +208,7 @@ interface(`amavis_create_pid_files',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
## an amavis environment
|
## an amavis environment
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
|
@ -95,7 +95,7 @@ logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
|
|||||||
manage_dirs_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
|
manage_dirs_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
|
||||||
manage_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
|
manage_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
|
||||||
manage_sock_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
|
manage_sock_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
|
||||||
files_pid_filetrans(amavis_t, amavis_var_run_t, { file sock_file dir })
|
files_pid_filetrans(amavis_t, amavis_var_run_t, { dir file sock_file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(amavis_t)
|
kernel_read_kernel_sysctls(amavis_t)
|
||||||
# amavis tries to access /proc/self/stat, /etc/shadow and /root - perl...
|
# amavis tries to access /proc/self/stat, /etc/shadow and /root - perl...
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(arpwatch, 1.9.0)
|
policy_module(arpwatch, 1.9.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(canna, 1.10.0)
|
policy_module(canna, 1.10.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -20,7 +20,7 @@ interface(`certmaster_domtrans',`
|
|||||||
|
|
||||||
####################################
|
####################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute certmaster.
|
## Execute certmaster in the caller domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -98,7 +98,7 @@ interface(`certmaster_manage_log',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
## an snort environment
|
## an snort environment
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(certmaster, 1.1.1)
|
policy_module(certmaster, 1.1.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(certmonger, 1.0.0)
|
policy_module(certmonger, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -42,6 +42,7 @@ template(`courier_domain_template',`
|
|||||||
manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
|
manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
|
||||||
manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
|
manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
|
||||||
manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
|
manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
|
||||||
|
files_search_pids(courier_$1_t)
|
||||||
files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
|
files_pid_filetrans(courier_$1_t, courier_var_run_t, dir)
|
||||||
|
|
||||||
kernel_read_system_state(courier_$1_t)
|
kernel_read_system_state(courier_$1_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(courier, 1.9.0)
|
policy_module(courier, 1.9.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(dcc, 1.9.0)
|
policy_module(dcc, 1.9.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -233,7 +233,7 @@ files_tmp_filetrans(dccd_t, dccd_tmp_t, { file dir })
|
|||||||
|
|
||||||
manage_dirs_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
|
manage_dirs_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
|
||||||
manage_files_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
|
manage_files_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
|
||||||
files_pid_filetrans(dccd_t, dccd_var_run_t, { file dir })
|
files_pid_filetrans(dccd_t, dccd_var_run_t, { dir file })
|
||||||
|
|
||||||
kernel_read_system_state(dccd_t)
|
kernel_read_system_state(dccd_t)
|
||||||
kernel_read_kernel_sysctls(dccd_t)
|
kernel_read_kernel_sysctls(dccd_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(djbdns, 1.4.0)
|
policy_module(djbdns, 1.4.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -7,10 +7,11 @@ policy_module(djbdns, 1.4.0)
|
|||||||
|
|
||||||
type djbdns_axfrdns_t;
|
type djbdns_axfrdns_t;
|
||||||
type djbdns_axfrdns_exec_t;
|
type djbdns_axfrdns_exec_t;
|
||||||
type djbdns_axfrdns_conf_t;
|
|
||||||
domain_type(djbdns_axfrdns_t)
|
domain_type(djbdns_axfrdns_t)
|
||||||
domain_entry_file(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
|
domain_entry_file(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
|
||||||
role system_r types djbdns_axfrdns_t;
|
role system_r types djbdns_axfrdns_t;
|
||||||
|
|
||||||
|
type djbdns_axfrdns_conf_t;
|
||||||
files_config_file(djbdns_axfrdns_conf_t)
|
files_config_file(djbdns_axfrdns_conf_t)
|
||||||
|
|
||||||
djbdns_daemontools_domain_template(dnscache)
|
djbdns_daemontools_domain_template(dnscache)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(fetchmail, 1.10.0)
|
policy_module(fetchmail, 1.10.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(icecast, 1.0.0)
|
policy_module(icecast, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(nslcd, 1.1.0)
|
policy_module(nslcd, 1.1.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(nut, 1.1.0)
|
policy_module(nut, 1.1.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -41,7 +41,7 @@ read_files_pattern(nut_upsd_t, nut_conf_t, nut_conf_t)
|
|||||||
manage_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
|
manage_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
|
||||||
manage_dirs_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
|
manage_dirs_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
|
||||||
manage_sock_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
|
manage_sock_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
|
||||||
files_pid_filetrans(nut_upsd_t, nut_var_run_t, { file sock_file dir })
|
files_pid_filetrans(nut_upsd_t, nut_var_run_t, { dir file sock_file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(nut_upsd_t)
|
kernel_read_kernel_sysctls(nut_upsd_t)
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(openct, 1.4.0)
|
policy_module(openct, 1.4.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -23,7 +23,7 @@ allow openct_t self:process signal_perms;
|
|||||||
manage_dirs_pattern(openct_t, openct_var_run_t, openct_var_run_t)
|
manage_dirs_pattern(openct_t, openct_var_run_t, openct_var_run_t)
|
||||||
manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
|
manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
|
||||||
manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
|
manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
|
||||||
files_pid_filetrans(openct_t, openct_var_run_t, { file sock_file dir })
|
files_pid_filetrans(openct_t, openct_var_run_t, { dir file sock_file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(openct_t)
|
kernel_read_kernel_sysctls(openct_t)
|
||||||
kernel_list_proc(openct_t)
|
kernel_list_proc(openct_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(pcscd, 1.6.0)
|
policy_module(pcscd, 1.6.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -44,7 +44,6 @@ corenet_tcp_connect_http_port(pcscd_t)
|
|||||||
dev_rw_generic_usb_dev(pcscd_t)
|
dev_rw_generic_usb_dev(pcscd_t)
|
||||||
dev_rw_smartcard(pcscd_t)
|
dev_rw_smartcard(pcscd_t)
|
||||||
dev_rw_usbfs(pcscd_t)
|
dev_rw_usbfs(pcscd_t)
|
||||||
dev_list_sysfs(pcscd_t)
|
|
||||||
dev_read_sysfs(pcscd_t)
|
dev_read_sysfs(pcscd_t)
|
||||||
|
|
||||||
files_read_etc_files(pcscd_t)
|
files_read_etc_files(pcscd_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(postgresql, 1.11.0)
|
policy_module(postgresql, 1.11.1)
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
class db_database all_db_database_perms;
|
class db_database all_db_database_perms;
|
||||||
@ -205,7 +205,7 @@ fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file
|
|||||||
manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
||||||
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
||||||
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
||||||
files_pid_filetrans(postgresql_t, postgresql_var_run_t, { file dir })
|
files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(postgresql_t)
|
kernel_read_kernel_sysctls(postgresql_t)
|
||||||
kernel_read_system_state(postgresql_t)
|
kernel_read_system_state(postgresql_t)
|
||||||
@ -352,7 +352,6 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
|
|||||||
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
|
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
|
||||||
dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
|
dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
|
||||||
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Rules common to administrator clients
|
# Rules common to administrator clients
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(postgrey, 1.7.0)
|
policy_module(postgrey, 1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -50,7 +50,7 @@ files_var_lib_filetrans(postgrey_t, postgrey_var_lib_t, file)
|
|||||||
manage_dirs_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
|
manage_dirs_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
|
||||||
manage_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
|
manage_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
|
||||||
manage_sock_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
|
manage_sock_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
|
||||||
files_pid_filetrans(postgrey_t, postgrey_var_run_t, { file sock_file dir })
|
files_pid_filetrans(postgrey_t, postgrey_var_run_t, { dir file sock_file })
|
||||||
|
|
||||||
kernel_read_system_state(postgrey_t)
|
kernel_read_system_state(postgrey_t)
|
||||||
kernel_read_kernel_sysctls(postgrey_t)
|
kernel_read_kernel_sysctls(postgrey_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(prelude, 1.2.0)
|
policy_module(prelude, 1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(radvd, 1.12.0)
|
policy_module(radvd, 1.12.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -35,7 +35,7 @@ allow radvd_t radvd_etc_t:file read_file_perms;
|
|||||||
|
|
||||||
manage_dirs_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
|
manage_dirs_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
|
||||||
manage_files_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
|
manage_files_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
|
||||||
files_pid_filetrans(radvd_t, radvd_var_run_t, { file dir })
|
files_pid_filetrans(radvd_t, radvd_var_run_t, { dir file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(radvd_t)
|
kernel_read_kernel_sysctls(radvd_t)
|
||||||
kernel_rw_net_sysctls(radvd_t)
|
kernel_rw_net_sysctls(radvd_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(snort, 1.9.0)
|
policy_module(snort, 1.9.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(stunnel, 1.9.0)
|
policy_module(stunnel, 1.9.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -48,7 +48,7 @@ files_tmp_filetrans(stunnel_t, stunnel_tmp_t, { file dir })
|
|||||||
|
|
||||||
manage_dirs_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
|
manage_dirs_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
|
||||||
manage_files_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
|
manage_files_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
|
||||||
files_pid_filetrans(stunnel_t, stunnel_var_run_t, { file dir })
|
files_pid_filetrans(stunnel_t, stunnel_var_run_t, { dir file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(stunnel_t)
|
kernel_read_kernel_sysctls(stunnel_t)
|
||||||
kernel_read_system_state(stunnel_t)
|
kernel_read_system_state(stunnel_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(zabbix, 1.2.0)
|
policy_module(zabbix, 1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -37,7 +37,7 @@ logging_log_filetrans(zabbix_t, zabbix_log_t, file)
|
|||||||
# pid file
|
# pid file
|
||||||
manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
|
manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
|
||||||
manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
|
manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
|
||||||
files_pid_filetrans(zabbix_t, zabbix_var_run_t, { file dir })
|
files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })
|
||||||
|
|
||||||
files_read_etc_files(zabbix_t)
|
files_read_etc_files(zabbix_t)
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(zebra, 1.11.0)
|
policy_module(zebra, 1.11.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -64,7 +64,7 @@ files_tmp_filetrans(zebra_t, zebra_tmp_t, sock_file)
|
|||||||
manage_dirs_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
|
manage_dirs_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
|
||||||
manage_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
|
manage_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
|
||||||
manage_sock_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
|
manage_sock_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
|
||||||
files_pid_filetrans(zebra_t, zebra_var_run_t, { file sock_file dir })
|
files_pid_filetrans(zebra_t, zebra_var_run_t, { dir file sock_file })
|
||||||
|
|
||||||
kernel_read_system_state(zebra_t)
|
kernel_read_system_state(zebra_t)
|
||||||
kernel_read_network_state(zebra_t)
|
kernel_read_network_state(zebra_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user