rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

remove bin policy and kern module assertions for now

Browse Source
This commit is contained in:
Chris PeBenito 2005-10-24 15:10:03 +00:00
parent 1480d3ad21
commit 15fefa4958
5 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
refpolicy/policy/modules/kernel/bootloader.if
View File

@ -368,14 +368,14 @@ interface(`bootloader_write_kernel_modules',`
# #
interface(`bootloader_manage_kernel_modules',` interface(`bootloader_manage_kernel_modules',`
gen_require(` gen_require(`
attribute rw_kern_modules; # attribute rw_kern_modules;
type modules_object_t; type modules_object_t;
') ')
allow $1 modules_object_t:file { rw_file_perms create setattr unlink }; allow $1 modules_object_t:file { rw_file_perms create setattr unlink };
allow $1 modules_object_t:dir rw_dir_perms; allow $1 modules_object_t:dir rw_dir_perms;
typeattribute $1 rw_kern_modules; # typeattribute $1 rw_kern_modules;
') ')
######################################## ########################################

2
refpolicy/policy/modules/kernel/bootloader.te
View File

@ -49,7 +49,7 @@ dev_node(bootloader_tmp_t)
type modules_object_t; type modules_object_t;
files_type(modules_object_t) files_type(modules_object_t)
neverallow ~rw_kern_modules modules_object_t:file { create append write }; #neverallow ~rw_kern_modules modules_object_t:file { create append write };
# #
# system_map_t is for the system.map files in /boot # system_map_t is for the system.map files in /boot

8
refpolicy/policy/modules/kernel/kernel.te
View File

@ -258,9 +258,9 @@ optional_policy(`rpc.te',`
fs_read_noxattr_fs_files(kernel_t) fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t) fs_read_noxattr_fs_symlinks(kernel_t)
# auth_read_all_dirs_except_shadow(kernel_t) auth_read_all_dirs_except_shadow(kernel_t)
# auth_read_all_files_except_shadow(kernel_t) auth_read_all_files_except_shadow(kernel_t)
# auth_read_all_symlinks_except_shadow(kernel_t) auth_read_all_symlinks_except_shadow(kernel_t)
') ')
tunable_policy(`nfs_export_all_rw',` tunable_policy(`nfs_export_all_rw',`
@ -268,7 +268,7 @@ optional_policy(`rpc.te',`
fs_read_noxattr_fs_files(kernel_t) fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t) fs_read_noxattr_fs_symlinks(kernel_t)
# auth_manage_all_files_except_shadow(kernel_t) auth_manage_all_files_except_shadow(kernel_t)
') ')
') ')

4
refpolicy/policy/modules/system/selinuxutil.if
View File

@ -584,7 +584,7 @@ interface(`seutil_read_binary_pol',`
# #
interface(`seutil_create_binary_pol',` interface(`seutil_create_binary_pol',`
gen_require(` gen_require(`
attribute can_write_binary_policy; # attribute can_write_binary_policy;
type selinux_config_t, policy_config_t; type selinux_config_t, policy_config_t;
class dir ra_dir_perms; class dir ra_dir_perms;
class file { getattr create write }; class file { getattr create write };
@ -594,7 +594,7 @@ interface(`seutil_create_binary_pol',`
allow $1 selinux_config_t:dir search; allow $1 selinux_config_t:dir search;
allow $1 policy_config_t:dir ra_dir_perms; allow $1 policy_config_t:dir ra_dir_perms;
allow $1 policy_config_t:file { getattr create write }; allow $1 policy_config_t:file { getattr create write };
typeattribute $1 can_write_binary_policy; # typeattribute $1 can_write_binary_policy;
') ')
######################################## ########################################

2
refpolicy/policy/modules/system/selinuxutil.te
View File

@ -60,7 +60,7 @@ kernel_list_from(policy_config_t)
kernel_read_file_from(policy_config_t) kernel_read_file_from(policy_config_t)
neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto; neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
neverallow ~can_write_binary_policy policy_config_t:file { write append }; #neverallow ~can_write_binary_policy policy_config_t:file { write append };
# #
# policy_src_t is the type of the policy source # policy_src_t is the type of the policy source