another slew of renaming
This commit is contained in:
parent
46112fca3e
commit
1815bad1d7
@ -58,7 +58,7 @@ files_list_usr(acct_t)
|
|||||||
files_dontaudit_search_pids(acct_t)
|
files_dontaudit_search_pids(acct_t)
|
||||||
|
|
||||||
init_use_fd(acct_t)
|
init_use_fd(acct_t)
|
||||||
init_use_script_pty(acct_t)
|
init_use_script_ptys(acct_t)
|
||||||
init_exec_script(acct_t)
|
init_exec_script(acct_t)
|
||||||
|
|
||||||
libs_use_ld_so(acct_t)
|
libs_use_ld_so(acct_t)
|
||||||
@ -72,8 +72,8 @@ userdom_dontaudit_search_sysadm_home_dir(acct_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(acct_t)
|
userdom_dontaudit_use_unpriv_user_fd(acct_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(acct_t)
|
term_dontaudit_use_unallocated_ttys(acct_t)
|
||||||
term_dontaudit_use_generic_pty(acct_t)
|
term_dontaudit_use_generic_ptys(acct_t)
|
||||||
files_dontaudit_read_root_files(acct_t)
|
files_dontaudit_read_root_files(acct_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -88,7 +88,7 @@ optional_policy(`cron',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(acct_t)
|
nscd_socket_use(acct_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -33,8 +33,8 @@ allow alsa_t alsa_etc_rw_t:lnk_file create_lnk_perms;
|
|||||||
|
|
||||||
files_read_etc_files(alsa_t)
|
files_read_etc_files(alsa_t)
|
||||||
|
|
||||||
term_use_generic_pty(alsa_t)
|
term_use_generic_ptys(alsa_t)
|
||||||
term_dontaudit_use_unallocated_tty(alsa_t)
|
term_dontaudit_use_unallocated_ttys(alsa_t)
|
||||||
|
|
||||||
libs_use_ld_so(alsa_t)
|
libs_use_ld_so(alsa_t)
|
||||||
libs_use_shared_libs(alsa_t)
|
libs_use_shared_libs(alsa_t)
|
||||||
@ -47,5 +47,5 @@ userdom_manage_unpriv_user_semaphores(alsa_t)
|
|||||||
userdom_manage_unpriv_user_shared_mem(alsa_t)
|
userdom_manage_unpriv_user_shared_mem(alsa_t)
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(alsa_t)
|
nscd_socket_use(alsa_t)
|
||||||
')
|
')
|
||||||
|
@ -128,7 +128,7 @@ kernel_dontaudit_getattr_unlabeled_files(amanda_t)
|
|||||||
kernel_dontaudit_read_proc_symlinks(amanda_t)
|
kernel_dontaudit_read_proc_symlinks(amanda_t)
|
||||||
|
|
||||||
# Added for targeted policy
|
# Added for targeted policy
|
||||||
term_use_unallocated_tty(amanda_t)
|
term_use_unallocated_ttys(amanda_t)
|
||||||
|
|
||||||
corenet_tcp_sendrecv_all_if(amanda_t)
|
corenet_tcp_sendrecv_all_if(amanda_t)
|
||||||
corenet_udp_sendrecv_all_if(amanda_t)
|
corenet_udp_sendrecv_all_if(amanda_t)
|
||||||
@ -182,7 +182,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(amanda_t)
|
nscd_socket_use(amanda_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -8,7 +8,7 @@ policy_module(anaconda,1.0.0)
|
|||||||
|
|
||||||
type anaconda_t;
|
type anaconda_t;
|
||||||
domain_type(anaconda_t)
|
domain_type(anaconda_t)
|
||||||
domain_obj_id_change_exempt(anaconda_t)
|
domain_obj_id_change_exemption(anaconda_t)
|
||||||
role system_r types anaconda_t;
|
role system_r types anaconda_t;
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -44,12 +44,12 @@ fs_search_auto_mountpoints(consoletype_t)
|
|||||||
fs_write_nfs_files(consoletype_t)
|
fs_write_nfs_files(consoletype_t)
|
||||||
|
|
||||||
term_use_console(consoletype_t)
|
term_use_console(consoletype_t)
|
||||||
term_use_unallocated_tty(consoletype_t)
|
term_use_unallocated_ttys(consoletype_t)
|
||||||
|
|
||||||
init_use_fd(consoletype_t)
|
init_use_fd(consoletype_t)
|
||||||
init_use_script_pty(consoletype_t)
|
init_use_script_ptys(consoletype_t)
|
||||||
init_use_script_fd(consoletype_t)
|
init_use_script_fd(consoletype_t)
|
||||||
init_write_script_pipe(consoletype_t)
|
init_write_script_pipes(consoletype_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(consoletype_t)
|
domain_use_wide_inherit_fd(consoletype_t)
|
||||||
|
|
||||||
@ -61,7 +61,7 @@ libs_use_shared_libs(consoletype_t)
|
|||||||
|
|
||||||
userdom_use_sysadm_terms(consoletype_t)
|
userdom_use_sysadm_terms(consoletype_t)
|
||||||
userdom_use_sysadm_fd(consoletype_t)
|
userdom_use_sysadm_fd(consoletype_t)
|
||||||
userdom_rw_sysadm_pipe(consoletype_t)
|
userdom_rw_sysadm_pipes(consoletype_t)
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
fs_rw_tmpfs_chr_files(consoletype_t)
|
fs_rw_tmpfs_chr_files(consoletype_t)
|
||||||
@ -69,7 +69,7 @@ ifdef(`distro_redhat',`
|
|||||||
|
|
||||||
optional_policy(`apm',`
|
optional_policy(`apm',`
|
||||||
apm_use_fd(consoletype_t)
|
apm_use_fd(consoletype_t)
|
||||||
apm_write_pipe(consoletype_t)
|
apm_write_pipes(consoletype_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`authlogin', `
|
optional_policy(`authlogin', `
|
||||||
@ -77,14 +77,14 @@ optional_policy(`authlogin', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_read_pipe(consoletype_t)
|
cron_read_pipes(consoletype_t)
|
||||||
cron_use_system_job_fd(consoletype_t)
|
cron_use_system_job_fd(consoletype_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`firstboot',`
|
optional_policy(`firstboot',`
|
||||||
files_read_etc_files(consoletype_t)
|
files_read_etc_files(consoletype_t)
|
||||||
firstboot_use_fd(consoletype_t)
|
firstboot_use_fd(consoletype_t)
|
||||||
firstboot_write_pipe(consoletype_t)
|
firstboot_write_pipes(consoletype_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`logrotate',`
|
optional_policy(`logrotate',`
|
||||||
@ -101,7 +101,7 @@ optional_policy(`nis',`
|
|||||||
|
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
# Commonly used from postinst scripts
|
# Commonly used from postinst scripts
|
||||||
rpm_read_pipe(consoletype_t)
|
rpm_read_pipes(consoletype_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`userdomain',`
|
optional_policy(`userdomain',`
|
||||||
|
@ -41,15 +41,15 @@ files_read_usr_files(ddcprobe_t)
|
|||||||
term_use_all_user_ttys(ddcprobe_t)
|
term_use_all_user_ttys(ddcprobe_t)
|
||||||
term_use_all_user_ptys(ddcprobe_t)
|
term_use_all_user_ptys(ddcprobe_t)
|
||||||
|
|
||||||
libs_read_lib(ddcprobe_t)
|
libs_read_lib_files(ddcprobe_t)
|
||||||
libs_use_ld_so(ddcprobe_t)
|
libs_use_ld_so(ddcprobe_t)
|
||||||
libs_use_shared_libs(ddcprobe_t)
|
libs_use_shared_libs(ddcprobe_t)
|
||||||
|
|
||||||
miscfiles_read_localization(ddcprobe_t)
|
miscfiles_read_localization(ddcprobe_t)
|
||||||
|
|
||||||
modutils_read_mods_deps(ddcprobe_t)
|
modutils_read_module_deps(ddcprobe_t)
|
||||||
|
|
||||||
userdom_use_all_user_fd(ddcprobe_t)
|
userdom_use_all_users_fd(ddcprobe_t)
|
||||||
|
|
||||||
#reh why? this does not seem even necessary to function properly
|
#reh why? this does not seem even necessary to function properly
|
||||||
kudzu_getattr_exec_file(ddcprobe_t)
|
kudzu_getattr_exec_files(ddcprobe_t)
|
||||||
|
@ -51,7 +51,7 @@ ifdef(`strict_policy',`
|
|||||||
files_dontaudit_search_isid_type_dirs(dmesg_t)
|
files_dontaudit_search_isid_type_dirs(dmesg_t)
|
||||||
|
|
||||||
init_use_fd(dmesg_t)
|
init_use_fd(dmesg_t)
|
||||||
init_use_script_pty(dmesg_t)
|
init_use_script_ptys(dmesg_t)
|
||||||
|
|
||||||
libs_use_ld_so(dmesg_t)
|
libs_use_ld_so(dmesg_t)
|
||||||
libs_use_shared_libs(dmesg_t)
|
libs_use_shared_libs(dmesg_t)
|
||||||
|
@ -33,6 +33,6 @@ libs_use_shared_libs(dmidecode_t)
|
|||||||
locallogin_use_fd(dmidecode_t)
|
locallogin_use_fd(dmidecode_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_generic_pty(dmidecode_t)
|
term_use_generic_ptys(dmidecode_t)
|
||||||
term_use_unallocated_tty(dmidecode_t)
|
term_use_unallocated_ttys(dmidecode_t)
|
||||||
')
|
')
|
||||||
|
@ -90,7 +90,7 @@ interface(`firstboot_dontaudit_use_fd',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`firstboot_write_pipe',`
|
interface(`firstboot_write_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type firstboot_t;
|
type firstboot_t;
|
||||||
')
|
')
|
||||||
|
@ -13,8 +13,8 @@ gen_require(`
|
|||||||
type firstboot_t;
|
type firstboot_t;
|
||||||
type firstboot_exec_t;
|
type firstboot_exec_t;
|
||||||
init_system_domain(firstboot_t,firstboot_exec_t)
|
init_system_domain(firstboot_t,firstboot_exec_t)
|
||||||
domain_obj_id_change_exempt(firstboot_t)
|
domain_obj_id_change_exemption(firstboot_t)
|
||||||
domain_subj_id_change_exempt(firstboot_t)
|
domain_subj_id_change_exemption(firstboot_t)
|
||||||
role system_r types firstboot_t;
|
role system_r types firstboot_t;
|
||||||
|
|
||||||
type firstboot_etc_t;
|
type firstboot_etc_t;
|
||||||
@ -95,8 +95,8 @@ logging_send_syslog_msg(firstboot_t)
|
|||||||
miscfiles_read_localization(firstboot_t)
|
miscfiles_read_localization(firstboot_t)
|
||||||
|
|
||||||
modutils_domtrans_insmod(firstboot_t)
|
modutils_domtrans_insmod(firstboot_t)
|
||||||
modutils_read_module_conf(firstboot_t)
|
modutils_read_module_config(firstboot_t)
|
||||||
modutils_read_mods_deps(firstboot_t)
|
modutils_read_module_deps(firstboot_t)
|
||||||
|
|
||||||
# Add/remove user home directories
|
# Add/remove user home directories
|
||||||
userdom_filetrans_generic_user_home_dir(firstboot_t)
|
userdom_filetrans_generic_user_home_dir(firstboot_t)
|
||||||
|
@ -55,7 +55,7 @@ interface(`kudzu_run',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
# cjp: added for ddcprobe
|
# cjp: added for ddcprobe
|
||||||
interface(`kudzu_getattr_exec_file',`
|
interface(`kudzu_getattr_exec_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type kudzu_exec_t;
|
type kudzu_exec_t;
|
||||||
')
|
')
|
||||||
|
@ -65,12 +65,12 @@ fs_write_ramfs_sockets(kudzu_t)
|
|||||||
mls_file_read_up(kudzu_t)
|
mls_file_read_up(kudzu_t)
|
||||||
mls_file_write_down(kudzu_t)
|
mls_file_write_down(kudzu_t)
|
||||||
|
|
||||||
modutils_read_mods_deps(kudzu_t)
|
modutils_read_module_deps(kudzu_t)
|
||||||
modutils_read_module_conf(kudzu_t)
|
modutils_read_module_config(kudzu_t)
|
||||||
modutils_rename_module_conf(kudzu_t)
|
modutils_rename_module_config(kudzu_t)
|
||||||
|
|
||||||
storage_read_scsi_generic(kudzu_t)
|
storage_read_scsi_generic(kudzu_t)
|
||||||
storage_read_tape_device(kudzu_t)
|
storage_read_tape(kudzu_t)
|
||||||
storage_raw_write_fixed_disk(kudzu_t)
|
storage_raw_write_fixed_disk(kudzu_t)
|
||||||
storage_raw_read_fixed_disk(kudzu_t)
|
storage_raw_read_fixed_disk(kudzu_t)
|
||||||
storage_raw_read_removable_device(kudzu_t)
|
storage_raw_read_removable_device(kudzu_t)
|
||||||
@ -78,7 +78,7 @@ storage_raw_read_removable_device(kudzu_t)
|
|||||||
term_search_ptys(kudzu_t)
|
term_search_ptys(kudzu_t)
|
||||||
term_dontaudit_use_console(kudzu_t)
|
term_dontaudit_use_console(kudzu_t)
|
||||||
# so it can write messages to the console
|
# so it can write messages to the console
|
||||||
term_use_unallocated_tty(kudzu_t)
|
term_use_unallocated_ttys(kudzu_t)
|
||||||
|
|
||||||
corecmd_exec_sbin(kudzu_t)
|
corecmd_exec_sbin(kudzu_t)
|
||||||
corecmd_exec_bin(kudzu_t)
|
corecmd_exec_bin(kudzu_t)
|
||||||
@ -101,20 +101,20 @@ files_rw_etc_runtime_files(kudzu_t)
|
|||||||
files_dontaudit_search_isid_type_dirs(kudzu_t)
|
files_dontaudit_search_isid_type_dirs(kudzu_t)
|
||||||
|
|
||||||
init_use_fd(kudzu_t)
|
init_use_fd(kudzu_t)
|
||||||
init_use_script_pty(kudzu_t)
|
init_use_script_ptys(kudzu_t)
|
||||||
init_unix_connect_script(kudzu_t)
|
init_stream_connect_script(kudzu_t)
|
||||||
|
|
||||||
libs_use_ld_so(kudzu_t)
|
libs_use_ld_so(kudzu_t)
|
||||||
libs_use_shared_libs(kudzu_t)
|
libs_use_shared_libs(kudzu_t)
|
||||||
# Read /usr/lib/gconv/gconv-modules.*
|
# Read /usr/lib/gconv/gconv-modules.*
|
||||||
libs_read_lib(kudzu_t)
|
libs_read_lib_files(kudzu_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(kudzu_t)
|
logging_send_syslog_msg(kudzu_t)
|
||||||
|
|
||||||
miscfiles_read_hwdata(kudzu_t)
|
miscfiles_read_hwdata(kudzu_t)
|
||||||
miscfiles_read_localization(kudzu_t)
|
miscfiles_read_localization(kudzu_t)
|
||||||
|
|
||||||
modutils_read_module_conf(kudzu_t)
|
modutils_read_module_config(kudzu_t)
|
||||||
modutils_domtrans_insmod(kudzu_t)
|
modutils_domtrans_insmod(kudzu_t)
|
||||||
|
|
||||||
sysnet_read_config(kudzu_t)
|
sysnet_read_config(kudzu_t)
|
||||||
@ -123,8 +123,8 @@ userdom_search_sysadm_home_dir(kudzu_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(kudzu_t)
|
userdom_dontaudit_use_unpriv_user_fd(kudzu_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(kudzu_t)
|
term_dontaudit_use_unallocated_ttys(kudzu_t)
|
||||||
term_dontaudit_use_generic_pty(kudzu_t)
|
term_dontaudit_use_generic_ptys(kudzu_t)
|
||||||
files_dontaudit_read_root_files(kudzu_t)
|
files_dontaudit_read_root_files(kudzu_t)
|
||||||
|
|
||||||
# cjp: this was originally in the else block
|
# cjp: this was originally in the else block
|
||||||
@ -140,7 +140,7 @@ optional_policy(`gpm',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(kudzu_t)
|
nscd_socket_use(kudzu_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -8,8 +8,8 @@ policy_module(logrotate,1.2.0)
|
|||||||
|
|
||||||
type logrotate_t;
|
type logrotate_t;
|
||||||
domain_type(logrotate_t)
|
domain_type(logrotate_t)
|
||||||
domain_obj_id_change_exempt(logrotate_t)
|
domain_obj_id_change_exemption(logrotate_t)
|
||||||
domain_system_change_exempt(logrotate_t)
|
domain_system_change_exemption(logrotate_t)
|
||||||
role system_r types logrotate_t;
|
role system_r types logrotate_t;
|
||||||
|
|
||||||
type logrotate_exec_t;
|
type logrotate_exec_t;
|
||||||
@ -171,7 +171,7 @@ optional_policy(`mailman',`
|
|||||||
|
|
||||||
optional_policy(`mysql',`
|
optional_policy(`mysql',`
|
||||||
mysql_read_config(logrotate_t)
|
mysql_read_config(logrotate_t)
|
||||||
mysql_search_db_dir(logrotate_t)
|
mysql_search_db(logrotate_t)
|
||||||
mysql_stream_connect(logrotate_t)
|
mysql_stream_connect(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -180,7 +180,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(logrotate_t)
|
nscd_socket_use(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`slrnpull',`
|
optional_policy(`slrnpull',`
|
||||||
|
@ -38,8 +38,8 @@ kernel_read_fs_sysctls(logwatch_t)
|
|||||||
kernel_read_kernel_sysctls(logwatch_t)
|
kernel_read_kernel_sysctls(logwatch_t)
|
||||||
kernel_read_system_state(logwatch_t)
|
kernel_read_system_state(logwatch_t)
|
||||||
|
|
||||||
corecmd_read_sbin_symlink(logwatch_t)
|
corecmd_read_sbin_symlinks(logwatch_t)
|
||||||
corecmd_read_sbin_file(logwatch_t)
|
corecmd_read_sbin_files(logwatch_t)
|
||||||
corecmd_exec_bin(logwatch_t)
|
corecmd_exec_bin(logwatch_t)
|
||||||
corecmd_exec_shell(logwatch_t)
|
corecmd_exec_shell(logwatch_t)
|
||||||
|
|
||||||
@ -56,14 +56,14 @@ files_dontaudit_search_home(logwatch_t)
|
|||||||
|
|
||||||
fs_getattr_all_fs(logwatch_t)
|
fs_getattr_all_fs(logwatch_t)
|
||||||
|
|
||||||
term_dontaudit_getattr_pty_dir(logwatch_t)
|
term_dontaudit_getattr_pty_dirs(logwatch_t)
|
||||||
term_dontaudit_list_ptys(logwatch_t)
|
term_dontaudit_list_ptys(logwatch_t)
|
||||||
|
|
||||||
auth_dontaudit_read_shadow(logwatch_t)
|
auth_dontaudit_read_shadow(logwatch_t)
|
||||||
|
|
||||||
libs_use_ld_so(logwatch_t)
|
libs_use_ld_so(logwatch_t)
|
||||||
libs_use_shared_libs(logwatch_t)
|
libs_use_shared_libs(logwatch_t)
|
||||||
libs_read_lib(logwatch_t)
|
libs_read_lib_files(logwatch_t)
|
||||||
|
|
||||||
logging_read_all_logs(logwatch_t)
|
logging_read_all_logs(logwatch_t)
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ miscfiles_read_localization(logwatch_t)
|
|||||||
selinux_dontaudit_getattr_dir(logwatch_t)
|
selinux_dontaudit_getattr_dir(logwatch_t)
|
||||||
|
|
||||||
userdom_dontaudit_search_sysadm_home_dir(logwatch_t)
|
userdom_dontaudit_search_sysadm_home_dir(logwatch_t)
|
||||||
userdom_dontaudit_getattr_sysadm_home_dir(logwatch_t)
|
userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
|
||||||
|
|
||||||
mta_send_mail(logwatch_t)
|
mta_send_mail(logwatch_t)
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ optional_policy(`mta',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(logwatch_t)
|
nscd_socket_use(logwatch_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`ntp',`
|
optional_policy(`ntp',`
|
||||||
|
@ -98,12 +98,12 @@ fs_getattr_xattr_fs(mrtg_t)
|
|||||||
term_dontaudit_use_console(mrtg_t)
|
term_dontaudit_use_console(mrtg_t)
|
||||||
|
|
||||||
init_use_fd(mrtg_t)
|
init_use_fd(mrtg_t)
|
||||||
init_use_script_pty(mrtg_t)
|
init_use_script_ptys(mrtg_t)
|
||||||
# for uptime
|
# for uptime
|
||||||
init_read_utmp(mrtg_t)
|
init_read_utmp(mrtg_t)
|
||||||
init_dontaudit_write_utmp(mrtg_t)
|
init_dontaudit_write_utmp(mrtg_t)
|
||||||
|
|
||||||
libs_read_lib(mrtg_t)
|
libs_read_lib_files(mrtg_t)
|
||||||
libs_use_ld_so(mrtg_t)
|
libs_use_ld_so(mrtg_t)
|
||||||
libs_use_shared_libs(mrtg_t)
|
libs_use_shared_libs(mrtg_t)
|
||||||
|
|
||||||
@ -126,8 +126,8 @@ ifdef(`distro_redhat',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(mrtg_t)
|
term_dontaudit_use_unallocated_ttys(mrtg_t)
|
||||||
term_dontaudit_use_generic_pty(mrtg_t)
|
term_dontaudit_use_generic_ptys(mrtg_t)
|
||||||
files_dontaudit_read_root_files(mrtg_t)
|
files_dontaudit_read_root_files(mrtg_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -157,7 +157,7 @@ optional_policy(`quota',`
|
|||||||
|
|
||||||
optional_policy(`snmp',`
|
optional_policy(`snmp',`
|
||||||
snmp_udp_chat(mrtg_t)
|
snmp_udp_chat(mrtg_t)
|
||||||
snmp_read_snmp_var_lib(mrtg_t)
|
snmp_read_snmp_var_lib_files(mrtg_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`udev',`
|
optional_policy(`udev',`
|
||||||
|
@ -65,7 +65,7 @@ files_read_etc_files(netutils_t)
|
|||||||
files_dontaudit_search_var(netutils_t)
|
files_dontaudit_search_var(netutils_t)
|
||||||
|
|
||||||
init_use_fd(netutils_t)
|
init_use_fd(netutils_t)
|
||||||
init_use_script_pty(netutils_t)
|
init_use_script_ptys(netutils_t)
|
||||||
|
|
||||||
libs_use_ld_so(netutils_t)
|
libs_use_ld_so(netutils_t)
|
||||||
libs_use_shared_libs(netutils_t)
|
libs_use_shared_libs(netutils_t)
|
||||||
@ -76,11 +76,11 @@ miscfiles_read_localization(netutils_t)
|
|||||||
|
|
||||||
sysnet_read_config(netutils_t)
|
sysnet_read_config(netutils_t)
|
||||||
|
|
||||||
userdom_use_all_user_fd(netutils_t)
|
userdom_use_all_users_fd(netutils_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_generic_pty(netutils_t)
|
term_use_generic_ptys(netutils_t)
|
||||||
term_use_unallocated_tty(netutils_t)
|
term_use_unallocated_ttys(netutils_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
@ -135,8 +135,8 @@ ifdef(`hide_broken_symptoms',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_unallocated_tty(ping_t)
|
term_use_unallocated_ttys(ping_t)
|
||||||
term_use_generic_pty(ping_t)
|
term_use_generic_ptys(ping_t)
|
||||||
term_use_all_user_ttys(ping_t)
|
term_use_all_user_ttys(ping_t)
|
||||||
term_use_all_user_ptys(ping_t)
|
term_use_all_user_ptys(ping_t)
|
||||||
',`
|
',`
|
||||||
@ -151,7 +151,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(ping_t)
|
nscd_socket_use(ping_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`pcmcia',`
|
optional_policy(`pcmcia',`
|
||||||
@ -219,8 +219,8 @@ files_read_usr_files(traceroute_t)
|
|||||||
sysnet_read_config(traceroute_t)
|
sysnet_read_config(traceroute_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_unallocated_tty(traceroute_t)
|
term_use_unallocated_ttys(traceroute_t)
|
||||||
term_use_generic_pty(traceroute_t)
|
term_use_generic_ptys(traceroute_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
tunable_policy(`user_ping',`
|
tunable_policy(`user_ping',`
|
||||||
@ -233,7 +233,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(traceroute_t)
|
nscd_socket_use(traceroute_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -10,7 +10,7 @@ type portage_exec_t;
|
|||||||
files_type(portage_exec_t)
|
files_type(portage_exec_t)
|
||||||
|
|
||||||
portage_compile_domain_template(portage)
|
portage_compile_domain_template(portage)
|
||||||
domain_obj_id_change_exempt(portage_t)
|
domain_obj_id_change_exemption(portage_t)
|
||||||
|
|
||||||
portage_compile_domain_template(portage_sandbox)
|
portage_compile_domain_template(portage_sandbox)
|
||||||
# the shell is the entrypoint if regular sandbox is disabled
|
# the shell is the entrypoint if regular sandbox is disabled
|
||||||
|
@ -70,7 +70,7 @@ libs_relabel_ld_so(prelink_t)
|
|||||||
libs_use_shared_libs(prelink_t)
|
libs_use_shared_libs(prelink_t)
|
||||||
libs_manage_shared_libs(prelink_t)
|
libs_manage_shared_libs(prelink_t)
|
||||||
libs_relabel_shared_libs(prelink_t)
|
libs_relabel_shared_libs(prelink_t)
|
||||||
libs_use_lib(prelink_t)
|
libs_use_lib_files(prelink_t)
|
||||||
libs_manage_lib_files(prelink_t)
|
libs_manage_lib_files(prelink_t)
|
||||||
libs_relabel_lib_files(prelink_t)
|
libs_relabel_lib_files(prelink_t)
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ files_getattr_all_sockets(quota_t)
|
|||||||
files_read_etc_runtime_files(quota_t)
|
files_read_etc_runtime_files(quota_t)
|
||||||
|
|
||||||
init_use_fd(quota_t)
|
init_use_fd(quota_t)
|
||||||
init_use_script_pty(quota_t)
|
init_use_script_ptys(quota_t)
|
||||||
|
|
||||||
libs_use_ld_so(quota_t)
|
libs_use_ld_so(quota_t)
|
||||||
libs_use_shared_libs(quota_t)
|
libs_use_shared_libs(quota_t)
|
||||||
@ -62,8 +62,8 @@ logging_send_syslog_msg(quota_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(quota_t)
|
userdom_dontaudit_use_unpriv_user_fd(quota_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(quota_t)
|
term_dontaudit_use_unallocated_ttys(quota_t)
|
||||||
term_dontaudit_use_generic_pty(quota_t)
|
term_dontaudit_use_generic_ptys(quota_t)
|
||||||
files_dontaudit_read_root_files(quota_t)
|
files_dontaudit_read_root_files(quota_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -55,7 +55,7 @@ term_dontaudit_use_console(readahead_t)
|
|||||||
auth_dontaudit_read_shadow(readahead_t)
|
auth_dontaudit_read_shadow(readahead_t)
|
||||||
|
|
||||||
init_use_fd(readahead_t)
|
init_use_fd(readahead_t)
|
||||||
init_use_script_pty(readahead_t)
|
init_use_script_ptys(readahead_t)
|
||||||
init_getattr_initctl(readahead_t)
|
init_getattr_initctl(readahead_t)
|
||||||
|
|
||||||
libs_use_ld_so(readahead_t)
|
libs_use_ld_so(readahead_t)
|
||||||
@ -70,8 +70,8 @@ userdom_dontaudit_search_sysadm_home_dir(readahead_t)
|
|||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
files_dontaudit_read_root_files(readahead_t)
|
files_dontaudit_read_root_files(readahead_t)
|
||||||
term_dontaudit_use_unallocated_tty(readahead_t)
|
term_dontaudit_use_unallocated_ttys(readahead_t)
|
||||||
term_dontaudit_use_generic_pty(readahead_t)
|
term_dontaudit_use_generic_ptys(readahead_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -31,7 +31,7 @@ interface(`rpm_domtrans',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`rpm_script_domtrans',`
|
interface(`rpm_domtrans_script',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type rpm_script_t;
|
type rpm_script_t;
|
||||||
')
|
')
|
||||||
@ -67,7 +67,7 @@ interface(`rpm_run',`
|
|||||||
rpm_domtrans($1)
|
rpm_domtrans($1)
|
||||||
role $2 types rpm_t;
|
role $2 types rpm_t;
|
||||||
role $2 types rpm_script_t;
|
role $2 types rpm_script_t;
|
||||||
seutil_run_loadpol(rpm_script_t,$2,$3)
|
seutil_run_loadpolicy(rpm_script_t,$2,$3)
|
||||||
allow rpm_t $3:chr_file rw_term_perms;
|
allow rpm_t $3:chr_file rw_term_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -95,7 +95,7 @@ interface(`rpm_use_fd',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`rpm_read_pipe',`
|
interface(`rpm_read_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type rpm_t;
|
type rpm_t;
|
||||||
')
|
')
|
||||||
@ -111,7 +111,7 @@ interface(`rpm_read_pipe',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`rpm_rw_pipe',`
|
interface(`rpm_rw_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type rpm_t;
|
type rpm_t;
|
||||||
')
|
')
|
||||||
@ -132,7 +132,7 @@ interface(`rpm_manage_log',`
|
|||||||
type rpm_log_t;
|
type rpm_log_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
logging_rw_log_dir($1)
|
logging_rw_generic_log_dirs($1)
|
||||||
allow $1 rpm_log_t:file create_file_perms;
|
allow $1 rpm_log_t:file create_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -9,9 +9,9 @@ policy_module(rpm,1.2.1)
|
|||||||
type rpm_t;
|
type rpm_t;
|
||||||
type rpm_exec_t;
|
type rpm_exec_t;
|
||||||
init_system_domain(rpm_t,rpm_exec_t)
|
init_system_domain(rpm_t,rpm_exec_t)
|
||||||
domain_obj_id_change_exempt(rpm_t)
|
domain_obj_id_change_exemption(rpm_t)
|
||||||
domain_role_change_exempt(rpm_t)
|
domain_role_change_exemption(rpm_t)
|
||||||
domain_system_change_exempt(rpm_t)
|
domain_system_change_exemption(rpm_t)
|
||||||
domain_wide_inherit_fd(rpm_t)
|
domain_wide_inherit_fd(rpm_t)
|
||||||
role system_r types rpm_t;
|
role system_r types rpm_t;
|
||||||
|
|
||||||
@ -33,8 +33,8 @@ typealias rpm_var_lib_t alias var_lib_rpm_t;
|
|||||||
|
|
||||||
type rpm_script_t;
|
type rpm_script_t;
|
||||||
type rpm_script_exec_t;
|
type rpm_script_exec_t;
|
||||||
domain_obj_id_change_exempt(rpm_script_t)
|
domain_obj_id_change_exemption(rpm_script_t)
|
||||||
domain_system_change_exempt(rpm_script_t)
|
domain_system_change_exemption(rpm_script_t)
|
||||||
corecmd_shell_entry_type(rpm_script_t)
|
corecmd_shell_entry_type(rpm_script_t)
|
||||||
domain_type(rpm_script_t)
|
domain_type(rpm_script_t)
|
||||||
domain_entry_file(rpm_t,rpm_script_exec_t)
|
domain_entry_file(rpm_t,rpm_script_exec_t)
|
||||||
@ -138,7 +138,7 @@ auth_dontaudit_read_shadow(rpm_t)
|
|||||||
corecmd_exec_bin(rpm_t)
|
corecmd_exec_bin(rpm_t)
|
||||||
corecmd_exec_sbin(rpm_t)
|
corecmd_exec_sbin(rpm_t)
|
||||||
# transition to rpm script:
|
# transition to rpm script:
|
||||||
rpm_script_domtrans(rpm_t)
|
rpm_domtrans_script(rpm_t)
|
||||||
|
|
||||||
domain_exec_all_entry_files(rpm_t)
|
domain_exec_all_entry_files(rpm_t)
|
||||||
domain_read_all_domains_state(rpm_t)
|
domain_read_all_domains_state(rpm_t)
|
||||||
@ -166,8 +166,8 @@ libs_domtrans_ldconfig(rpm_t)
|
|||||||
logging_send_syslog_msg(rpm_t)
|
logging_send_syslog_msg(rpm_t)
|
||||||
|
|
||||||
# allow compiling and loading new policy
|
# allow compiling and loading new policy
|
||||||
seutil_manage_src_pol(rpm_t)
|
seutil_manage_src_policy(rpm_t)
|
||||||
seutil_manage_binary_pol(rpm_t)
|
seutil_manage_bin_policy(rpm_t)
|
||||||
|
|
||||||
sysnet_read_config(rpm_t)
|
sysnet_read_config(rpm_t)
|
||||||
|
|
||||||
@ -324,10 +324,10 @@ miscfiles_read_localization(rpm_script_t)
|
|||||||
modutils_domtrans_depmod(rpm_script_t)
|
modutils_domtrans_depmod(rpm_script_t)
|
||||||
modutils_domtrans_insmod(rpm_script_t)
|
modutils_domtrans_insmod(rpm_script_t)
|
||||||
|
|
||||||
seutil_domtrans_loadpol(rpm_script_t)
|
seutil_domtrans_loadpolicy(rpm_script_t)
|
||||||
seutil_domtrans_restorecon(rpm_script_t)
|
seutil_domtrans_restorecon(rpm_script_t)
|
||||||
|
|
||||||
userdom_use_all_user_fd(rpm_script_t)
|
userdom_use_all_users_fd(rpm_script_t)
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
unconfined_domain_template(rpm_script_t)
|
unconfined_domain_template(rpm_script_t)
|
||||||
|
@ -52,7 +52,7 @@ template(`su_restricted_domain_template', `
|
|||||||
domain_use_wide_inherit_fd($1_su_t)
|
domain_use_wide_inherit_fd($1_su_t)
|
||||||
|
|
||||||
init_dontaudit_use_fd($1_su_t)
|
init_dontaudit_use_fd($1_su_t)
|
||||||
init_dontaudit_use_script_pty($1_su_t)
|
init_dontaudit_use_script_ptys($1_su_t)
|
||||||
# Write to utmp.
|
# Write to utmp.
|
||||||
init_rw_utmp($1_su_t)
|
init_rw_utmp($1_su_t)
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ template(`su_restricted_domain_template', `
|
|||||||
miscfiles_read_localization($1_su_t)
|
miscfiles_read_localization($1_su_t)
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_read_pipe($1_su_t)
|
cron_read_pipes($1_su_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`kerberos',`
|
optional_policy(`kerberos',`
|
||||||
@ -72,7 +72,7 @@ template(`su_restricted_domain_template', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_su_t)
|
nscd_socket_use($1_su_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
@ -205,7 +205,7 @@ template(`su_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_read_pipe($1_su_t)
|
cron_read_pipes($1_su_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`kerberos',`
|
optional_policy(`kerberos',`
|
||||||
@ -213,7 +213,7 @@ template(`su_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_su_t)
|
nscd_socket_use($1_su_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -90,9 +90,9 @@ template(`sudo_per_userdomain_template',`
|
|||||||
|
|
||||||
auth_domtrans_chk_passwd($1_sudo_t)
|
auth_domtrans_chk_passwd($1_sudo_t)
|
||||||
|
|
||||||
corecmd_getattr_bin_file($1_sudo_t)
|
corecmd_getattr_bin_files($1_sudo_t)
|
||||||
corecmd_read_sbin_symlink($1_sudo_t)
|
corecmd_read_sbin_symlinks($1_sudo_t)
|
||||||
corecmd_getattr_sbin_file($1_sudo_t)
|
corecmd_getattr_sbin_files($1_sudo_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd($1_sudo_t)
|
domain_use_wide_inherit_fd($1_sudo_t)
|
||||||
domain_sigchld_wide_inherit_fd($1_sudo_t)
|
domain_sigchld_wide_inherit_fd($1_sudo_t)
|
||||||
@ -128,7 +128,7 @@ template(`sudo_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_sudo_t)
|
nscd_socket_use($1_sudo_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -67,7 +67,7 @@ files_dontaudit_search_home(updfstab_t)
|
|||||||
files_read_etc_runtime_files(updfstab_t)
|
files_read_etc_runtime_files(updfstab_t)
|
||||||
|
|
||||||
init_use_fd(updfstab_t)
|
init_use_fd(updfstab_t)
|
||||||
init_use_script_pty(updfstab_t)
|
init_use_script_ptys(updfstab_t)
|
||||||
|
|
||||||
libs_use_ld_so(updfstab_t)
|
libs_use_ld_so(updfstab_t)
|
||||||
libs_use_shared_libs(updfstab_t)
|
libs_use_shared_libs(updfstab_t)
|
||||||
@ -81,13 +81,13 @@ seutil_read_config(updfstab_t)
|
|||||||
seutil_read_default_contexts(updfstab_t)
|
seutil_read_default_contexts(updfstab_t)
|
||||||
seutil_read_file_contexts(updfstab_t)
|
seutil_read_file_contexts(updfstab_t)
|
||||||
|
|
||||||
userdom_use_sysadm_tty(updfstab_t)
|
userdom_use_sysadm_ttys(updfstab_t)
|
||||||
userdom_dontaudit_search_all_users_home(updfstab_t)
|
userdom_dontaudit_search_all_users_home(updfstab_t)
|
||||||
userdom_dontaudit_use_unpriv_user_fd(updfstab_t)
|
userdom_dontaudit_use_unpriv_user_fd(updfstab_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(updfstab_t)
|
term_dontaudit_use_unallocated_ttys(updfstab_t)
|
||||||
term_dontaudit_use_generic_pty(updfstab_t)
|
term_dontaudit_use_generic_ptys(updfstab_t)
|
||||||
files_dontaudit_read_root_files(updfstab_t)
|
files_dontaudit_read_root_files(updfstab_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ optional_policy(`dbus',`
|
|||||||
init_dbus_chat_script(updfstab_t)
|
init_dbus_chat_script(updfstab_t)
|
||||||
|
|
||||||
dbus_system_bus_client_template(updfstab,updfstab_t)
|
dbus_system_bus_client_template(updfstab,updfstab_t)
|
||||||
dbus_send_system_bus_msg(updfstab_t)
|
dbus_send_system_bus(updfstab_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`hal',`
|
optional_policy(`hal',`
|
||||||
@ -108,13 +108,13 @@ optional_policy(`hal',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`modutils',`
|
optional_policy(`modutils',`
|
||||||
modutils_read_module_conf(updfstab_t)
|
modutils_read_module_config(updfstab_t)
|
||||||
modutils_exec_insmod(updfstab_t)
|
modutils_exec_insmod(updfstab_t)
|
||||||
modutils_read_mods_deps(updfstab_t)
|
modutils_read_module_deps(updfstab_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(updfstab_t)
|
nscd_socket_use(updfstab_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -37,7 +37,7 @@ init_use_fd(usbmodules_t)
|
|||||||
libs_use_ld_so(usbmodules_t)
|
libs_use_ld_so(usbmodules_t)
|
||||||
libs_use_shared_libs(usbmodules_t)
|
libs_use_shared_libs(usbmodules_t)
|
||||||
|
|
||||||
modutils_read_mods_deps(usbmodules_t)
|
modutils_read_module_deps(usbmodules_t)
|
||||||
|
|
||||||
optional_policy(`hotplug',`
|
optional_policy(`hotplug',`
|
||||||
hotplug_read_config(usbmodules_t)
|
hotplug_read_config(usbmodules_t)
|
||||||
|
@ -10,7 +10,7 @@ type admin_passwd_exec_t;
|
|||||||
files_type(admin_passwd_exec_t)
|
files_type(admin_passwd_exec_t)
|
||||||
|
|
||||||
type chfn_t;
|
type chfn_t;
|
||||||
domain_obj_id_change_exempt(chfn_t)
|
domain_obj_id_change_exemption(chfn_t)
|
||||||
domain_type(chfn_t)
|
domain_type(chfn_t)
|
||||||
role system_r types chfn_t;
|
role system_r types chfn_t;
|
||||||
|
|
||||||
@ -32,12 +32,12 @@ files_tmp_file(crack_tmp_t)
|
|||||||
|
|
||||||
type groupadd_t;
|
type groupadd_t;
|
||||||
type groupadd_exec_t;
|
type groupadd_exec_t;
|
||||||
domain_obj_id_change_exempt(groupadd_t)
|
domain_obj_id_change_exemption(groupadd_t)
|
||||||
init_system_domain(groupadd_t,groupadd_exec_t)
|
init_system_domain(groupadd_t,groupadd_exec_t)
|
||||||
role system_r types groupadd_t;
|
role system_r types groupadd_t;
|
||||||
|
|
||||||
type passwd_t;
|
type passwd_t;
|
||||||
domain_obj_id_change_exempt(passwd_t)
|
domain_obj_id_change_exemption(passwd_t)
|
||||||
domain_type(passwd_t)
|
domain_type(passwd_t)
|
||||||
role system_r types passwd_t;
|
role system_r types passwd_t;
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ type passwd_exec_t;
|
|||||||
domain_entry_file(passwd_t,passwd_exec_t)
|
domain_entry_file(passwd_t,passwd_exec_t)
|
||||||
|
|
||||||
type sysadm_passwd_t;
|
type sysadm_passwd_t;
|
||||||
domain_obj_id_change_exempt(sysadm_passwd_t)
|
domain_obj_id_change_exemption(sysadm_passwd_t)
|
||||||
domain_type(sysadm_passwd_t)
|
domain_type(sysadm_passwd_t)
|
||||||
domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
|
domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
|
||||||
role system_r types sysadm_passwd_t;
|
role system_r types sysadm_passwd_t;
|
||||||
@ -55,7 +55,7 @@ files_tmp_file(sysadm_passwd_tmp_t)
|
|||||||
|
|
||||||
type useradd_t;
|
type useradd_t;
|
||||||
type useradd_exec_t;
|
type useradd_exec_t;
|
||||||
domain_obj_id_change_exempt(useradd_t)
|
domain_obj_id_change_exemption(useradd_t)
|
||||||
init_system_domain(useradd_t,useradd_exec_t)
|
init_system_domain(useradd_t,useradd_exec_t)
|
||||||
role system_r types useradd_t;
|
role system_r types useradd_t;
|
||||||
|
|
||||||
@ -137,7 +137,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(chfn_t)
|
nscd_socket_use(chfn_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -253,12 +253,12 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(groupadd_t)
|
nscd_socket_use(groupadd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
rpm_use_fd(groupadd_t)
|
rpm_use_fd(groupadd_t)
|
||||||
rpm_rw_pipe(groupadd_t)
|
rpm_rw_pipes(groupadd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -333,7 +333,7 @@ seutil_dontaudit_search_config(passwd_t)
|
|||||||
userdom_use_unpriv_users_fd(passwd_t)
|
userdom_use_unpriv_users_fd(passwd_t)
|
||||||
# make sure that getcon succeeds
|
# make sure that getcon succeeds
|
||||||
userdom_getattr_all_userdomains(passwd_t)
|
userdom_getattr_all_userdomains(passwd_t)
|
||||||
userdom_read_all_userdomains_state(passwd_t)
|
userdom_read_all_users_state(passwd_t)
|
||||||
# user generally runs this from their home directory, so do not audit a search
|
# user generally runs this from their home directory, so do not audit a search
|
||||||
# on user home dir
|
# on user home dir
|
||||||
userdom_dontaudit_search_all_users_home(passwd_t)
|
userdom_dontaudit_search_all_users_home(passwd_t)
|
||||||
@ -343,7 +343,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(passwd_t)
|
nscd_socket_use(passwd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -513,10 +513,10 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(useradd_t)
|
nscd_socket_use(useradd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
rpm_use_fd(useradd_t)
|
rpm_use_fd(useradd_t)
|
||||||
rpm_rw_pipe(useradd_t)
|
rpm_rw_pipes(useradd_t)
|
||||||
')
|
')
|
||||||
|
@ -99,7 +99,7 @@ sysnet_exec_ifconfig(vpnc_t)
|
|||||||
sysnet_filetrans_config(vpnc_t)
|
sysnet_filetrans_config(vpnc_t)
|
||||||
sysnet_manage_config(vpnc_t)
|
sysnet_manage_config(vpnc_t)
|
||||||
|
|
||||||
userdom_use_all_user_fd(vpnc_t)
|
userdom_use_all_users_fd(vpnc_t)
|
||||||
userdom_dontaudit_search_all_users_home(vpnc_t)
|
userdom_dontaudit_search_all_users_home(vpnc_t)
|
||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
@ -115,5 +115,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(vpnc_t)
|
nscd_socket_use(vpnc_t)
|
||||||
')
|
')
|
||||||
|
@ -145,7 +145,7 @@ template(`java_per_userdomain_template',`
|
|||||||
|
|
||||||
libs_legacy_use_shared_libs($1_javaplugin_t)
|
libs_legacy_use_shared_libs($1_javaplugin_t)
|
||||||
libs_legacy_use_ld_so($1_javaplugin_t)
|
libs_legacy_use_ld_so($1_javaplugin_t)
|
||||||
libs_use_lib($1_javaplugin_t)
|
libs_use_lib_files($1_javaplugin_t)
|
||||||
|
|
||||||
miscfiles_legacy_read_localization($1_javaplugin_t)
|
miscfiles_legacy_read_localization($1_javaplugin_t)
|
||||||
')
|
')
|
||||||
@ -155,7 +155,7 @@ template(`java_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_javaplugin_t)
|
nscd_socket_use($1_javaplugin_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -97,15 +97,15 @@ template(`screen_per_userdomain_template',`
|
|||||||
kernel_read_kernel_sysctls($1_screen_t)
|
kernel_read_kernel_sysctls($1_screen_t)
|
||||||
|
|
||||||
corecmd_list_bin($1_screen_t)
|
corecmd_list_bin($1_screen_t)
|
||||||
corecmd_read_bin_file($1_screen_t)
|
corecmd_read_bin_files($1_screen_t)
|
||||||
corecmd_read_bin_symlink($1_screen_t)
|
corecmd_read_bin_symlinks($1_screen_t)
|
||||||
corecmd_read_bin_pipe($1_screen_t)
|
corecmd_read_bin_pipes($1_screen_t)
|
||||||
corecmd_read_bin_socket($1_screen_t)
|
corecmd_read_bin_sockets($1_screen_t)
|
||||||
corecmd_list_sbin($1_screen_t)
|
corecmd_list_sbin($1_screen_t)
|
||||||
corecmd_read_sbin_symlink($1_screen_t)
|
corecmd_read_sbin_symlinks($1_screen_t)
|
||||||
corecmd_read_sbin_file($1_screen_t)
|
corecmd_read_sbin_files($1_screen_t)
|
||||||
corecmd_read_sbin_pipe($1_screen_t)
|
corecmd_read_sbin_pipes($1_screen_t)
|
||||||
corecmd_read_sbin_socket($1_screen_t)
|
corecmd_read_sbin_sockets($1_screen_t)
|
||||||
# Revert to the user domain when a shell is executed.
|
# Revert to the user domain when a shell is executed.
|
||||||
corecmd_shell_domtrans($1_screen_t,$2)
|
corecmd_shell_domtrans($1_screen_t,$2)
|
||||||
corecmd_bin_domtrans($1_screen_t,$2)
|
corecmd_bin_domtrans($1_screen_t,$2)
|
||||||
@ -185,7 +185,7 @@ template(`screen_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_screen_t)
|
nscd_socket_use($1_screen_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -38,10 +38,10 @@ template(`userhelper_per_userdomain_template',`
|
|||||||
type $1_userhelper_t;
|
type $1_userhelper_t;
|
||||||
domain_type($1_userhelper_t)
|
domain_type($1_userhelper_t)
|
||||||
domain_entry_file($1_userhelper_t,userhelper_exec_t)
|
domain_entry_file($1_userhelper_t,userhelper_exec_t)
|
||||||
domain_role_change_exempt($1_userhelper_t)
|
domain_role_change_exemption($1_userhelper_t)
|
||||||
domain_obj_id_change_exempt($1_userhelper_t)
|
domain_obj_id_change_exemption($1_userhelper_t)
|
||||||
domain_wide_inherit_fd($1_userhelper_t)
|
domain_wide_inherit_fd($1_userhelper_t)
|
||||||
domain_subj_id_change_exempt($1_userhelper_t)
|
domain_subj_id_change_exemption($1_userhelper_t)
|
||||||
role system_r types $1_userhelper_t;
|
role system_r types $1_userhelper_t;
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -177,7 +177,7 @@ template(`userhelper_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_userhelper_t)
|
nscd_socket_use($1_userhelper_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -93,8 +93,8 @@ apache_read_log(webalizer_t)
|
|||||||
apache_manage_sys_content(webalizer_t)
|
apache_manage_sys_content(webalizer_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_generic_pty(webalizer_t)
|
term_use_generic_ptys(webalizer_t)
|
||||||
term_use_unallocated_tty(webalizer_t)
|
term_use_unallocated_ttys(webalizer_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`ftp',`
|
optional_policy(`ftp',`
|
||||||
@ -106,7 +106,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(webalizer_t)
|
nscd_socket_use(webalizer_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
|
@ -55,7 +55,7 @@ interface(`bootloader_run',`
|
|||||||
## Domain to not audit.
|
## Domain to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`bootloader_getattr_boot_dir',`
|
interface(`bootloader_getattr_boot_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type boot_t;
|
type boot_t;
|
||||||
')
|
')
|
||||||
@ -72,7 +72,7 @@ interface(`bootloader_getattr_boot_dir',`
|
|||||||
## Domain to not audit.
|
## Domain to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`bootloader_dontaudit_getattr_boot_dir',`
|
interface(`bootloader_dontaudit_getattr_boot_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type boot_t;
|
type boot_t;
|
||||||
')
|
')
|
||||||
@ -261,7 +261,7 @@ interface(`bootloader_rw_config',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`bootloader_rw_tmp_file',`
|
interface(`bootloader_rw_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type bootloader_tmp_t;
|
type bootloader_tmp_t;
|
||||||
')
|
')
|
||||||
|
@ -118,7 +118,7 @@ fs_getattr_xattr_fs(bootloader_t)
|
|||||||
fs_read_tmpfs_symlinks(bootloader_t)
|
fs_read_tmpfs_symlinks(bootloader_t)
|
||||||
|
|
||||||
term_getattr_all_user_ttys(bootloader_t)
|
term_getattr_all_user_ttys(bootloader_t)
|
||||||
term_dontaudit_manage_pty_dir(bootloader_t)
|
term_dontaudit_manage_pty_dirs(bootloader_t)
|
||||||
|
|
||||||
corecmd_exec_bin(bootloader_t)
|
corecmd_exec_bin(bootloader_t)
|
||||||
corecmd_exec_sbin(bootloader_t)
|
corecmd_exec_sbin(bootloader_t)
|
||||||
@ -137,13 +137,13 @@ files_read_var_files(bootloader_t)
|
|||||||
files_dontaudit_search_pids(bootloader_t)
|
files_dontaudit_search_pids(bootloader_t)
|
||||||
|
|
||||||
init_getattr_initctl(bootloader_t)
|
init_getattr_initctl(bootloader_t)
|
||||||
init_use_script_pty(bootloader_t)
|
init_use_script_ptys(bootloader_t)
|
||||||
init_use_script_fd(bootloader_t)
|
init_use_script_fd(bootloader_t)
|
||||||
init_rw_script_pipe(bootloader_t)
|
init_rw_script_pipes(bootloader_t)
|
||||||
|
|
||||||
libs_use_ld_so(bootloader_t)
|
libs_use_ld_so(bootloader_t)
|
||||||
libs_use_shared_libs(bootloader_t)
|
libs_use_shared_libs(bootloader_t)
|
||||||
libs_read_lib(bootloader_t)
|
libs_read_lib_files(bootloader_t)
|
||||||
libs_exec_lib_files(bootloader_t)
|
libs_exec_lib_files(bootloader_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(bootloader_t)
|
logging_send_syslog_msg(bootloader_t)
|
||||||
@ -151,8 +151,8 @@ logging_rw_generic_logs(bootloader_t)
|
|||||||
|
|
||||||
miscfiles_read_localization(bootloader_t)
|
miscfiles_read_localization(bootloader_t)
|
||||||
|
|
||||||
seutil_read_binary_pol(bootloader_t)
|
seutil_read_bin_policy(bootloader_t)
|
||||||
seutil_read_loadpol(bootloader_t)
|
seutil_read_loadpolicy(bootloader_t)
|
||||||
seutil_dontaudit_search_config(bootloader_t)
|
seutil_dontaudit_search_config(bootloader_t)
|
||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
@ -195,8 +195,8 @@ ifdef(`distro_redhat',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_unallocated_tty(bootloader_t)
|
term_use_unallocated_ttys(bootloader_t)
|
||||||
term_use_generic_pty(bootloader_t)
|
term_use_generic_ptys(bootloader_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`fstools',`
|
optional_policy(`fstools',`
|
||||||
@ -212,19 +212,19 @@ optional_policy(`lvm',`
|
|||||||
|
|
||||||
optional_policy(`modutils',`
|
optional_policy(`modutils',`
|
||||||
modutils_exec_insmod(bootloader_t)
|
modutils_exec_insmod(bootloader_t)
|
||||||
modutils_read_mods_deps(bootloader_t)
|
modutils_read_module_deps(bootloader_t)
|
||||||
modutils_read_module_conf(bootloader_t)
|
modutils_read_module_config(bootloader_t)
|
||||||
modutils_exec_insmod(bootloader_t)
|
modutils_exec_insmod(bootloader_t)
|
||||||
modutils_exec_depmod(bootloader_t)
|
modutils_exec_depmod(bootloader_t)
|
||||||
modutils_exec_update_mods(bootloader_t)
|
modutils_exec_update_mods(bootloader_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(bootloader_t)
|
nscd_socket_use(bootloader_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
rpm_rw_pipe(bootloader_t)
|
rpm_rw_pipes(bootloader_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`userdomain',`
|
optional_policy(`userdomain',`
|
||||||
|
@ -84,7 +84,7 @@ interface(`corecmd_list_bin',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_getattr_bin_file',`
|
interface(`corecmd_getattr_bin_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type bin_t;
|
type bin_t;
|
||||||
')
|
')
|
||||||
@ -100,7 +100,7 @@ interface(`corecmd_getattr_bin_file',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_bin_file',`
|
interface(`corecmd_read_bin_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type bin_t;
|
type bin_t;
|
||||||
')
|
')
|
||||||
@ -117,7 +117,7 @@ interface(`corecmd_read_bin_file',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_bin_symlink',`
|
interface(`corecmd_read_bin_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type bin_t;
|
type bin_t;
|
||||||
')
|
')
|
||||||
@ -134,7 +134,7 @@ interface(`corecmd_read_bin_symlink',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_bin_pipe',`
|
interface(`corecmd_read_bin_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type bin_t;
|
type bin_t;
|
||||||
')
|
')
|
||||||
@ -151,7 +151,7 @@ interface(`corecmd_read_bin_pipe',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_bin_socket',`
|
interface(`corecmd_read_bin_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type bin_t;
|
type bin_t;
|
||||||
')
|
')
|
||||||
@ -351,9 +351,9 @@ interface(`corecmd_list_sbin',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# corecmd_getattr_sbin_file(domain)
|
# corecmd_getattr_sbin_files(domain)
|
||||||
#
|
#
|
||||||
interface(`corecmd_getattr_sbin_file',`
|
interface(`corecmd_getattr_sbin_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sbin_t;
|
type sbin_t;
|
||||||
')
|
')
|
||||||
@ -363,9 +363,9 @@ interface(`corecmd_getattr_sbin_file',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# corecmd_dontaudit_getattr_sbin_file(domain)
|
# corecmd_dontaudit_getattr_sbin_files(domain)
|
||||||
#
|
#
|
||||||
interface(`corecmd_dontaudit_getattr_sbin_file',`
|
interface(`corecmd_dontaudit_getattr_sbin_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sbin_t;
|
type sbin_t;
|
||||||
')
|
')
|
||||||
@ -381,7 +381,7 @@ interface(`corecmd_dontaudit_getattr_sbin_file',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_sbin_file',`
|
interface(`corecmd_read_sbin_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sbin_t;
|
type sbin_t;
|
||||||
')
|
')
|
||||||
@ -398,7 +398,7 @@ interface(`corecmd_read_sbin_file',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_sbin_symlink',`
|
interface(`corecmd_read_sbin_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sbin_t;
|
type sbin_t;
|
||||||
')
|
')
|
||||||
@ -415,7 +415,7 @@ interface(`corecmd_read_sbin_symlink',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_sbin_pipe',`
|
interface(`corecmd_read_sbin_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sbin_t;
|
type sbin_t;
|
||||||
')
|
')
|
||||||
@ -432,7 +432,7 @@ interface(`corecmd_read_sbin_pipe',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`corecmd_read_sbin_socket',`
|
interface(`corecmd_read_sbin_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sbin_t;
|
type sbin_t;
|
||||||
')
|
')
|
||||||
|
@ -89,7 +89,7 @@ interface(`domain_type',`
|
|||||||
# these 3 seem highly questionable:
|
# these 3 seem highly questionable:
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
rpm_use_fd($1)
|
rpm_use_fd($1)
|
||||||
rpm_read_pipe($1)
|
rpm_read_pipes($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinux',`
|
optional_policy(`selinux',`
|
||||||
@ -161,7 +161,7 @@ interface(`domain_dyntrans_type',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`domain_system_change_exempt',`
|
interface(`domain_system_change_exemption',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute can_system_change;
|
attribute can_system_change;
|
||||||
')
|
')
|
||||||
@ -178,7 +178,7 @@ interface(`domain_system_change_exempt',`
|
|||||||
## The process type to make an exception to the constraint.
|
## The process type to make an exception to the constraint.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`domain_subj_id_change_exempt',`
|
interface(`domain_subj_id_change_exemption',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute can_change_process_identity;
|
attribute can_change_process_identity;
|
||||||
')
|
')
|
||||||
@ -195,7 +195,7 @@ interface(`domain_subj_id_change_exempt',`
|
|||||||
## The process type to make an exception to the constraint.
|
## The process type to make an exception to the constraint.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`domain_role_change_exempt',`
|
interface(`domain_role_change_exemption',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute can_change_process_role;
|
attribute can_change_process_role;
|
||||||
')
|
')
|
||||||
@ -212,7 +212,7 @@ interface(`domain_role_change_exempt',`
|
|||||||
## The process type to make an exception to the constraint.
|
## The process type to make an exception to the constraint.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`domain_obj_id_change_exempt',`
|
interface(`domain_obj_id_change_exemption',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute can_change_object_identity;
|
attribute can_change_object_identity;
|
||||||
')
|
')
|
||||||
@ -678,7 +678,7 @@ interface(`domain_dontaudit_read_all_domains_state',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`domain_dontaudit_list_all_domains_proc',`
|
interface(`domain_dontaudit_list_all_domains_state',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute domain;
|
attribute domain;
|
||||||
')
|
')
|
||||||
@ -1048,7 +1048,7 @@ interface(`domain_mmap_all_entry_files',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
# cjp: added for userhelper
|
# cjp: added for userhelper
|
||||||
interface(`domain_entry_spec_domtrans',`
|
interface(`domain_entry_file_spec_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute entry_type;
|
attribute entry_type;
|
||||||
')
|
')
|
||||||
|
@ -730,7 +730,7 @@ interface(`files_relabel_all_files',`
|
|||||||
allow $1 { file_type $2 }:chr_file { getattr relabelfrom };
|
allow $1 { file_type $2 }:chr_file { getattr relabelfrom };
|
||||||
|
|
||||||
# satisfy the assertions:
|
# satisfy the assertions:
|
||||||
seutil_relabelto_binary_pol($1)
|
seutil_relabelto_bin_policy($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -758,7 +758,7 @@ interface(`files_manage_all_files',`
|
|||||||
allow $1 { file_type $2 }:sock_file create_file_perms;
|
allow $1 { file_type $2 }:sock_file create_file_perms;
|
||||||
|
|
||||||
# satisfy the assertions:
|
# satisfy the assertions:
|
||||||
seutil_create_binary_pol($1)
|
seutil_create_bin_policy($1)
|
||||||
bootloader_manage_kernel_modules($1)
|
bootloader_manage_kernel_modules($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -266,7 +266,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`portmap',`
|
optional_policy(`portmap',`
|
||||||
portmap_udp_sendto(kernel_t)
|
portmap_udp_send(kernel_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpc',`
|
optional_policy(`rpc',`
|
||||||
@ -293,7 +293,7 @@ optional_policy(`rpc',`
|
|||||||
rpc_manage_nfs_ro_content(kernel_t)
|
rpc_manage_nfs_ro_content(kernel_t)
|
||||||
rpc_manage_nfs_rw_content(kernel_t)
|
rpc_manage_nfs_rw_content(kernel_t)
|
||||||
rpc_udp_rw_nfs_sockets(kernel_t)
|
rpc_udp_rw_nfs_sockets(kernel_t)
|
||||||
rpc_udp_sendto_nfs(kernel_t)
|
rpc_udp_send_nfs(kernel_t)
|
||||||
|
|
||||||
tunable_policy(`nfs_export_all_ro',`
|
tunable_policy(`nfs_export_all_ro',`
|
||||||
fs_list_noxattr_fs(kernel_t)
|
fs_list_noxattr_fs(kernel_t)
|
||||||
@ -316,7 +316,7 @@ optional_policy(`rpc',`
|
|||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
seutil_read_config(kernel_t)
|
seutil_read_config(kernel_t)
|
||||||
seutil_read_binary_pol(kernel_t)
|
seutil_read_bin_policy(kernel_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_getattr_fixed_disk',`
|
interface(`storage_getattr_fixed_disk_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type fixed_disk_device_t;
|
type fixed_disk_device_t;
|
||||||
')
|
')
|
||||||
@ -27,7 +27,7 @@ interface(`storage_getattr_fixed_disk',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_dontaudit_getattr_fixed_disk',`
|
interface(`storage_dontaudit_getattr_fixed_disk_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type fixed_disk_device_t;
|
type fixed_disk_device_t;
|
||||||
')
|
')
|
||||||
@ -44,7 +44,7 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_setattr_fixed_disk',`
|
interface(`storage_setattr_fixed_disk_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type fixed_disk_device_t;
|
type fixed_disk_device_t;
|
||||||
')
|
')
|
||||||
@ -62,7 +62,7 @@ interface(`storage_setattr_fixed_disk',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_dontaudit_setattr_fixed_disk',`
|
interface(`storage_dontaudit_setattr_fixed_disk_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type fixed_disk_device_t;
|
type fixed_disk_device_t;
|
||||||
')
|
')
|
||||||
@ -295,7 +295,7 @@ interface(`storage_raw_write_lvm_volume',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_getattr_scsi_generic',`
|
interface(`storage_getattr_scsi_generic_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type scsi_generic_device_t;
|
type scsi_generic_device_t;
|
||||||
')
|
')
|
||||||
@ -313,7 +313,7 @@ interface(`storage_getattr_scsi_generic',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_setattr_scsi_generic',`
|
interface(`storage_setattr_scsi_generic_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type scsi_generic_device_t;
|
type scsi_generic_device_t;
|
||||||
')
|
')
|
||||||
@ -377,7 +377,7 @@ interface(`storage_write_scsi_generic',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_set_scsi_generic_attributes',`
|
interface(`storage_setattr_scsi_generic_dev_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type scsi_generic_device_t;
|
type scsi_generic_device_t;
|
||||||
')
|
')
|
||||||
@ -412,7 +412,7 @@ interface(`storage_dontaudit_rw_scsi_generic',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_getattr_removable_device',`
|
interface(`storage_getattr_removable_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type removable_device_t;
|
type removable_device_t;
|
||||||
')
|
')
|
||||||
@ -430,7 +430,7 @@ interface(`storage_getattr_removable_device',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_dontaudit_getattr_removable_device',`
|
interface(`storage_dontaudit_getattr_removable_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type removable_device_t;
|
type removable_device_t;
|
||||||
')
|
')
|
||||||
@ -465,7 +465,7 @@ interface(`storage_dontaudit_read_removable_device',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_setattr_removable_device',`
|
interface(`storage_setattr_removable_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type removable_device_t;
|
type removable_device_t;
|
||||||
')
|
')
|
||||||
@ -483,7 +483,7 @@ interface(`storage_setattr_removable_device',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_dontaudit_setattr_removable_device',`
|
interface(`storage_dontaudit_setattr_removable_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type removable_device_t;
|
type removable_device_t;
|
||||||
')
|
')
|
||||||
@ -574,7 +574,7 @@ interface(`storage_dontaudit_raw_write_removable_device',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_read_tape_device',`
|
interface(`storage_read_tape',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tape_device_t;
|
type tape_device_t;
|
||||||
')
|
')
|
||||||
@ -592,7 +592,7 @@ interface(`storage_read_tape_device',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_write_tape_device',`
|
interface(`storage_write_tape',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tape_device_t;
|
type tape_device_t;
|
||||||
')
|
')
|
||||||
@ -610,7 +610,7 @@ interface(`storage_write_tape_device',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_getattr_tape_device',`
|
interface(`storage_getattr_tape_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tape_device_t;
|
type tape_device_t;
|
||||||
')
|
')
|
||||||
@ -628,7 +628,7 @@ interface(`storage_getattr_tape_device',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`storage_setattr_tape_device',`
|
interface(`storage_setattr_tape_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tape_device_t;
|
type tape_device_t;
|
||||||
')
|
')
|
||||||
|
@ -237,7 +237,7 @@ interface(`term_setattr_console',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`term_dontaudit_getattr_pty_dir',`
|
interface(`term_dontaudit_getattr_pty_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type devpts_t;
|
type devpts_t;
|
||||||
')
|
')
|
||||||
@ -324,7 +324,7 @@ interface(`term_dontaudit_list_ptys',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`term_dontaudit_manage_pty_dir',`
|
interface(`term_dontaudit_manage_pty_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type devpts_t;
|
type devpts_t;
|
||||||
')
|
')
|
||||||
@ -341,7 +341,7 @@ interface(`term_dontaudit_manage_pty_dir',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
# cjp: added for ppp
|
# cjp: added for ppp
|
||||||
interface(`term_ioctl_generic_pty',`
|
interface(`term_ioctl_generic_ptys',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type devpts_t;
|
type devpts_t;
|
||||||
')
|
')
|
||||||
@ -361,7 +361,7 @@ interface(`term_ioctl_generic_pty',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`term_use_generic_pty',`
|
interface(`term_use_generic_ptys',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type devpts_t;
|
type devpts_t;
|
||||||
')
|
')
|
||||||
@ -381,7 +381,7 @@ interface(`term_use_generic_pty',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`term_dontaudit_use_generic_pty',`
|
interface(`term_dontaudit_use_generic_ptys',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type devpts_t;
|
type devpts_t;
|
||||||
')
|
')
|
||||||
@ -703,7 +703,7 @@ interface(`term_write_unallocated_ttys',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`term_use_unallocated_tty',`
|
interface(`term_use_unallocated_ttys',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tty_device_t;
|
type tty_device_t;
|
||||||
')
|
')
|
||||||
@ -721,7 +721,7 @@ interface(`term_use_unallocated_tty',`
|
|||||||
## The type of the process to not audit.
|
## The type of the process to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`term_dontaudit_use_unallocated_tty',`
|
interface(`term_dontaudit_use_unallocated_ttys',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type tty_device_t;
|
type tty_device_t;
|
||||||
')
|
')
|
||||||
|
@ -176,7 +176,7 @@ template(`apache_content_template',`
|
|||||||
files_read_etc_runtime_files(httpd_$1_script_t)
|
files_read_etc_runtime_files(httpd_$1_script_t)
|
||||||
files_read_usr_files(httpd_$1_script_t)
|
files_read_usr_files(httpd_$1_script_t)
|
||||||
|
|
||||||
libs_read_lib(httpd_$1_script_t)
|
libs_read_lib_files(httpd_$1_script_t)
|
||||||
|
|
||||||
miscfiles_read_localization(httpd_$1_script_t)
|
miscfiles_read_localization(httpd_$1_script_t)
|
||||||
|
|
||||||
@ -226,7 +226,7 @@ template(`apache_content_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(httpd_$1_script_t)
|
nscd_socket_use(httpd_$1_script_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -400,7 +400,7 @@ interface(`apache_use_fd',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`apache_dontaudit_rw_stream_socket',`
|
interface(`apache_dontaudit_rw_stream_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type httpd_t;
|
type httpd_t;
|
||||||
')
|
')
|
||||||
@ -417,7 +417,7 @@ interface(`apache_dontaudit_rw_stream_socket',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`apache_dontaudit_rw_tcp_socket',`
|
interface(`apache_dontaudit_rw_tcp_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type httpd_t;
|
type httpd_t;
|
||||||
')
|
')
|
||||||
@ -642,7 +642,7 @@ interface(`apache_domtrans_sys_script',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`apache_dontaudit_rw_sys_script_stream_socket',`
|
interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type httpd_sys_script_t;
|
type httpd_sys_script_t;
|
||||||
')
|
')
|
||||||
|
@ -263,11 +263,11 @@ files_read_etc_files(httpd_t)
|
|||||||
files_read_var_lib_symlinks(httpd_t)
|
files_read_var_lib_symlinks(httpd_t)
|
||||||
|
|
||||||
init_use_fd(httpd_t)
|
init_use_fd(httpd_t)
|
||||||
init_use_script_pty(httpd_t)
|
init_use_script_ptys(httpd_t)
|
||||||
|
|
||||||
libs_use_ld_so(httpd_t)
|
libs_use_ld_so(httpd_t)
|
||||||
libs_use_shared_libs(httpd_t)
|
libs_use_shared_libs(httpd_t)
|
||||||
libs_read_lib(httpd_t)
|
libs_read_lib_files(httpd_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(httpd_t)
|
logging_send_syslog_msg(httpd_t)
|
||||||
|
|
||||||
@ -287,8 +287,8 @@ userdom_dontaudit_search_sysadm_home_dir(httpd_t)
|
|||||||
mta_send_mail(httpd_t)
|
mta_send_mail(httpd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(httpd_t)
|
term_dontaudit_use_unallocated_ttys(httpd_t)
|
||||||
term_dontaudit_use_generic_pty(httpd_t)
|
term_dontaudit_use_generic_ptys(httpd_t)
|
||||||
files_dontaudit_read_root_files(httpd_t)
|
files_dontaudit_read_root_files(httpd_t)
|
||||||
|
|
||||||
tunable_policy(`httpd_enable_homedirs',`
|
tunable_policy(`httpd_enable_homedirs',`
|
||||||
@ -413,16 +413,16 @@ optional_policy(`mailman',`
|
|||||||
|
|
||||||
optional_policy(`mysql',`
|
optional_policy(`mysql',`
|
||||||
mysql_stream_connect(httpd_t)
|
mysql_stream_connect(httpd_t)
|
||||||
mysql_rw_db_socket(httpd_t)
|
mysql_rw_db_sockets(httpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(httpd_t)
|
nscd_socket_use(httpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`postgresql',`
|
optional_policy(`postgresql',`
|
||||||
# Allow httpd to work with postgresql
|
# Allow httpd to work with postgresql
|
||||||
postgresql_unix_connect(httpd_t)
|
postgresql_stream_connect(httpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
@ -645,7 +645,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(httpd_suexec_t)
|
nscd_socket_use(httpd_suexec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -680,7 +680,7 @@ ifdef(`targeted_policy',`
|
|||||||
|
|
||||||
optional_policy(`mysql',`
|
optional_policy(`mysql',`
|
||||||
mysql_stream_connect(httpd_sys_script_t)
|
mysql_stream_connect(httpd_sys_script_t)
|
||||||
mysql_rw_db_socket(httpd_sys_script_t)
|
mysql_rw_db_sockets(httpd_sys_script_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -695,5 +695,5 @@ optional_policy(`cron',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(httpd_unconfined_script_t)
|
nscd_socket_use(httpd_unconfined_script_t)
|
||||||
')
|
')
|
||||||
|
@ -46,7 +46,7 @@ interface(`apm_use_fd',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`apm_write_pipe',`
|
interface(`apm_write_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type apmd_t;
|
type apmd_t;
|
||||||
')
|
')
|
||||||
@ -62,7 +62,7 @@ interface(`apm_write_pipe',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`apm_rw_stream_socket',`
|
interface(`apm_rw_stream_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type apmd_t;
|
type apmd_t;
|
||||||
')
|
')
|
||||||
|
@ -115,7 +115,7 @@ domain_read_all_domains_state(apmd_t)
|
|||||||
domain_use_wide_inherit_fd(apmd_t)
|
domain_use_wide_inherit_fd(apmd_t)
|
||||||
domain_dontaudit_getattr_all_sockets(apmd_t)
|
domain_dontaudit_getattr_all_sockets(apmd_t)
|
||||||
domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive?
|
domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive?
|
||||||
domain_dontaudit_list_all_domains_proc(apmd_t) # Excessive?
|
domain_dontaudit_list_all_domains_state(apmd_t) # Excessive?
|
||||||
|
|
||||||
files_exec_etc_files(apmd_t)
|
files_exec_etc_files(apmd_t)
|
||||||
files_read_etc_runtime_files(apmd_t)
|
files_read_etc_runtime_files(apmd_t)
|
||||||
@ -126,7 +126,7 @@ files_dontaudit_getattr_all_sockets(apmd_t) # Excessive?
|
|||||||
|
|
||||||
init_domtrans_script(apmd_t)
|
init_domtrans_script(apmd_t)
|
||||||
init_use_fd(apmd_t)
|
init_use_fd(apmd_t)
|
||||||
init_use_script_pty(apmd_t)
|
init_use_script_ptys(apmd_t)
|
||||||
init_rw_utmp(apmd_t)
|
init_rw_utmp(apmd_t)
|
||||||
init_write_initctl(apmd_t)
|
init_write_initctl(apmd_t)
|
||||||
|
|
||||||
@ -141,7 +141,7 @@ miscfiles_read_localization(apmd_t)
|
|||||||
miscfiles_read_hwdata(apmd_t)
|
miscfiles_read_hwdata(apmd_t)
|
||||||
|
|
||||||
modutils_domtrans_insmod(apmd_t)
|
modutils_domtrans_insmod(apmd_t)
|
||||||
modutils_read_module_conf(apmd_t)
|
modutils_read_module_config(apmd_t)
|
||||||
|
|
||||||
seutil_dontaudit_read_config(apmd_t)
|
seutil_dontaudit_read_config(apmd_t)
|
||||||
|
|
||||||
@ -180,8 +180,8 @@ ifdef(`distro_suse',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(apmd_t)
|
term_dontaudit_use_unallocated_ttys(apmd_t)
|
||||||
term_dontaudit_use_generic_pty(apmd_t)
|
term_dontaudit_use_generic_ptys(apmd_t)
|
||||||
files_dontaudit_read_root_files(apmd_t)
|
files_dontaudit_read_root_files(apmd_t)
|
||||||
unconfined_domain_template(apmd_t)
|
unconfined_domain_template(apmd_t)
|
||||||
')
|
')
|
||||||
@ -197,7 +197,7 @@ optional_policy(`clock',`
|
|||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_system_entry(apmd_t, apmd_exec_t)
|
cron_system_entry(apmd_t, apmd_exec_t)
|
||||||
cron_domtrans_anacron_system_job(apmd_t)
|
cron_anacron_domtrans_system_job(apmd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
@ -217,7 +217,7 @@ optional_policy(`mta',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(apmd_t)
|
nscd_socket_use(apmd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`pcmcia',`
|
optional_policy(`pcmcia',`
|
||||||
|
@ -74,7 +74,7 @@ interface(`arpwatch_manage_tmp_files',`
|
|||||||
## Domain to not audit.
|
## Domain to not audit.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`arpwatch_dontaudit_rw_packet_socket',`
|
interface(`arpwatch_dontaudit_rw_packet_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type arpwatch_t;
|
type arpwatch_t;
|
||||||
')
|
')
|
||||||
|
@ -68,7 +68,7 @@ fs_search_auto_mountpoints(arpwatch_t)
|
|||||||
|
|
||||||
term_dontaudit_use_console(arpwatch_t)
|
term_dontaudit_use_console(arpwatch_t)
|
||||||
|
|
||||||
corecmd_read_sbin_symlink(arpwatch_t)
|
corecmd_read_sbin_symlinks(arpwatch_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(arpwatch_t)
|
domain_use_wide_inherit_fd(arpwatch_t)
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ files_read_usr_files(arpwatch_t)
|
|||||||
files_search_var_lib(arpwatch_t)
|
files_search_var_lib(arpwatch_t)
|
||||||
|
|
||||||
init_use_fd(arpwatch_t)
|
init_use_fd(arpwatch_t)
|
||||||
init_use_script_pty(arpwatch_t)
|
init_use_script_ptys(arpwatch_t)
|
||||||
|
|
||||||
libs_use_ld_so(arpwatch_t)
|
libs_use_ld_so(arpwatch_t)
|
||||||
libs_use_shared_libs(arpwatch_t)
|
libs_use_shared_libs(arpwatch_t)
|
||||||
@ -94,8 +94,8 @@ userdom_dontaudit_search_sysadm_home_dir(arpwatch_t)
|
|||||||
mta_send_mail(arpwatch_t)
|
mta_send_mail(arpwatch_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(arpwatch_t)
|
term_dontaudit_use_unallocated_ttys(arpwatch_t)
|
||||||
term_dontaudit_use_generic_pty(arpwatch_t)
|
term_dontaudit_use_generic_ptys(arpwatch_t)
|
||||||
files_dontaudit_read_root_files(arpwatch_t)
|
files_dontaudit_read_root_files(arpwatch_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ kernel_read_proc_symlinks(automount_t)
|
|||||||
kernel_read_system_state(automount_t)
|
kernel_read_system_state(automount_t)
|
||||||
kernel_list_proc(automount_t)
|
kernel_list_proc(automount_t)
|
||||||
|
|
||||||
bootloader_getattr_boot_dir(automount_t)
|
bootloader_getattr_boot_dirs(automount_t)
|
||||||
|
|
||||||
corecmd_exec_sbin(automount_t)
|
corecmd_exec_sbin(automount_t)
|
||||||
corecmd_exec_bin(automount_t)
|
corecmd_exec_bin(automount_t)
|
||||||
@ -108,10 +108,10 @@ fs_search_auto_mountpoints(automount_t)
|
|||||||
fs_manage_auto_mountpoints(automount_t)
|
fs_manage_auto_mountpoints(automount_t)
|
||||||
|
|
||||||
term_dontaudit_use_console(automount_t)
|
term_dontaudit_use_console(automount_t)
|
||||||
term_dontaudit_getattr_pty_dir(automount_t)
|
term_dontaudit_getattr_pty_dirs(automount_t)
|
||||||
|
|
||||||
init_use_fd(automount_t)
|
init_use_fd(automount_t)
|
||||||
init_use_script_pty(automount_t)
|
init_use_script_ptys(automount_t)
|
||||||
|
|
||||||
libs_use_ld_so(automount_t)
|
libs_use_ld_so(automount_t)
|
||||||
libs_use_shared_libs(automount_t)
|
libs_use_shared_libs(automount_t)
|
||||||
@ -133,8 +133,8 @@ userdom_dontaudit_search_sysadm_home_dir(automount_t)
|
|||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
files_dontaudit_read_root_files(automount_t)
|
files_dontaudit_read_root_files(automount_t)
|
||||||
term_dontaudit_use_unallocated_tty(automount_t)
|
term_dontaudit_use_unallocated_ttys(automount_t)
|
||||||
term_dontaudit_use_generic_pty(automount_t)
|
term_dontaudit_use_generic_ptys(automount_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`apm',`
|
optional_policy(`apm',`
|
||||||
|
@ -65,7 +65,7 @@ domain_use_wide_inherit_fd(avahi_t)
|
|||||||
files_read_etc_files(avahi_t)
|
files_read_etc_files(avahi_t)
|
||||||
|
|
||||||
init_use_fd(avahi_t)
|
init_use_fd(avahi_t)
|
||||||
init_use_script_pty(avahi_t)
|
init_use_script_ptys(avahi_t)
|
||||||
init_signal_script(avahi_t)
|
init_signal_script(avahi_t)
|
||||||
init_signull_script(avahi_t)
|
init_signull_script(avahi_t)
|
||||||
|
|
||||||
@ -82,15 +82,15 @@ userdom_dontaudit_use_unpriv_user_fd(avahi_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(avahi_t)
|
userdom_dontaudit_search_sysadm_home_dir(avahi_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(avahi_t)
|
term_dontaudit_use_unallocated_ttys(avahi_t)
|
||||||
term_dontaudit_use_generic_pty(avahi_t)
|
term_dontaudit_use_generic_ptys(avahi_t)
|
||||||
files_dontaudit_read_root_files(avahi_t)
|
files_dontaudit_read_root_files(avahi_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
dbus_system_bus_client_template(avahi,avahi_t)
|
dbus_system_bus_client_template(avahi,avahi_t)
|
||||||
dbus_connect_system_bus(avahi_t)
|
dbus_connect_system_bus(avahi_t)
|
||||||
dbus_send_system_bus_msg(avahi_t)
|
dbus_send_system_bus(avahi_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
|
@ -143,7 +143,7 @@ interface(`bind_write_config',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`bind_manage_config_dir',`
|
interface(`bind_manage_config_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_conf_t;
|
type named_conf_t;
|
||||||
')
|
')
|
||||||
@ -200,7 +200,7 @@ interface(`bind_manage_cache',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`bind_setattr_pid_dir',`
|
interface(`bind_setattr_pid_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_var_run_t;
|
type named_var_run_t;
|
||||||
')
|
')
|
||||||
|
@ -131,7 +131,7 @@ files_read_etc_files(named_t)
|
|||||||
files_read_etc_runtime_files(named_t)
|
files_read_etc_runtime_files(named_t)
|
||||||
|
|
||||||
init_use_fd(named_t)
|
init_use_fd(named_t)
|
||||||
init_use_script_pty(named_t)
|
init_use_script_ptys(named_t)
|
||||||
|
|
||||||
libs_use_ld_so(named_t)
|
libs_use_ld_so(named_t)
|
||||||
libs_use_shared_libs(named_t)
|
libs_use_shared_libs(named_t)
|
||||||
@ -146,8 +146,8 @@ userdom_dontaudit_use_unpriv_user_fd(named_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(named_t)
|
userdom_dontaudit_search_sysadm_home_dir(named_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(named_t)
|
term_dontaudit_use_unallocated_ttys(named_t)
|
||||||
term_dontaudit_use_generic_pty(named_t)
|
term_dontaudit_use_generic_ptys(named_t)
|
||||||
files_dontaudit_read_root_files(named_t)
|
files_dontaudit_read_root_files(named_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -170,7 +170,7 @@ optional_policy(`dbus',`
|
|||||||
|
|
||||||
dbus_system_bus_client_template(named,named_t)
|
dbus_system_bus_client_template(named,named_t)
|
||||||
dbus_connect_system_bus(named_t)
|
dbus_connect_system_bus(named_t)
|
||||||
dbus_send_system_bus_msg(named_t)
|
dbus_send_system_bus(named_t)
|
||||||
|
|
||||||
optional_policy(`networkmanager',`
|
optional_policy(`networkmanager',`
|
||||||
networkmanager_dbus_chat(named_t)
|
networkmanager_dbus_chat(named_t)
|
||||||
@ -185,9 +185,9 @@ optional_policy(`networkmanager',`
|
|||||||
# this seems like fds that arent being
|
# this seems like fds that arent being
|
||||||
# closed. these should probably be
|
# closed. these should probably be
|
||||||
# dontaudits instead.
|
# dontaudits instead.
|
||||||
networkmanager_rw_udp_socket(named_t)
|
networkmanager_rw_udp_sockets(named_t)
|
||||||
networkmanager_rw_packet_socket(named_t)
|
networkmanager_rw_packet_sockets(named_t)
|
||||||
networkmanager_rw_routing_socket(named_t)
|
networkmanager_rw_routing_sockets(named_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
@ -195,7 +195,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(named_t)
|
nscd_socket_use(named_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
@ -256,7 +256,7 @@ files_read_etc_files(ndc_t)
|
|||||||
files_search_pids(ndc_t)
|
files_search_pids(ndc_t)
|
||||||
|
|
||||||
init_use_fd(ndc_t)
|
init_use_fd(ndc_t)
|
||||||
init_use_script_pty(ndc_t)
|
init_use_script_ptys(ndc_t)
|
||||||
|
|
||||||
libs_use_ld_so(ndc_t)
|
libs_use_ld_so(ndc_t)
|
||||||
libs_use_shared_libs(ndc_t)
|
libs_use_shared_libs(ndc_t)
|
||||||
@ -276,8 +276,8 @@ ifdef(`distro_redhat',`
|
|||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
kernel_dontaudit_read_unlabeled_files(ndc_t)
|
kernel_dontaudit_read_unlabeled_files(ndc_t)
|
||||||
|
|
||||||
term_use_unallocated_tty(ndc_t)
|
term_use_unallocated_ttys(ndc_t)
|
||||||
term_use_generic_pty(ndc_t)
|
term_use_generic_ptys(ndc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
@ -285,7 +285,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(ndc_t)
|
nscd_socket_use(ndc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`ppp',`
|
optional_policy(`ppp',`
|
||||||
|
@ -108,7 +108,7 @@ fs_search_auto_mountpoints(bluetooth_t)
|
|||||||
|
|
||||||
term_dontaudit_use_console(bluetooth_t)
|
term_dontaudit_use_console(bluetooth_t)
|
||||||
#Handle bluetooth serial devices
|
#Handle bluetooth serial devices
|
||||||
term_use_unallocated_tty(bluetooth_t)
|
term_use_unallocated_ttys(bluetooth_t)
|
||||||
|
|
||||||
corecmd_exec_bin(bluetooth_t)
|
corecmd_exec_bin(bluetooth_t)
|
||||||
corecmd_exec_shell(bluetooth_t)
|
corecmd_exec_shell(bluetooth_t)
|
||||||
@ -120,7 +120,7 @@ files_read_etc_runtime_files(bluetooth_t)
|
|||||||
files_read_usr_files(bluetooth_t)
|
files_read_usr_files(bluetooth_t)
|
||||||
|
|
||||||
init_use_fd(bluetooth_t)
|
init_use_fd(bluetooth_t)
|
||||||
init_use_script_pty(bluetooth_t)
|
init_use_script_ptys(bluetooth_t)
|
||||||
|
|
||||||
libs_use_ld_so(bluetooth_t)
|
libs_use_ld_so(bluetooth_t)
|
||||||
libs_use_shared_libs(bluetooth_t)
|
libs_use_shared_libs(bluetooth_t)
|
||||||
@ -133,18 +133,18 @@ miscfiles_read_fonts(bluetooth_t)
|
|||||||
sysnet_read_config(bluetooth_t)
|
sysnet_read_config(bluetooth_t)
|
||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fd(bluetooth_t)
|
userdom_dontaudit_use_unpriv_user_fd(bluetooth_t)
|
||||||
userdom_dontaudit_use_sysadm_pty(bluetooth_t)
|
userdom_dontaudit_use_sysadm_ptys(bluetooth_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir(bluetooth_t)
|
userdom_dontaudit_search_sysadm_home_dir(bluetooth_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(bluetooth_t)
|
term_dontaudit_use_unallocated_ttys(bluetooth_t)
|
||||||
term_dontaudit_use_generic_pty(bluetooth_t)
|
term_dontaudit_use_generic_ptys(bluetooth_t)
|
||||||
files_dontaudit_read_root_files(bluetooth_t)
|
files_dontaudit_read_root_files(bluetooth_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
dbus_system_bus_client_template(bluetooth,bluetooth_t)
|
dbus_system_bus_client_template(bluetooth,bluetooth_t)
|
||||||
dbus_send_system_bus_msg(bluetooth_t)
|
dbus_send_system_bus(bluetooth_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
@ -204,7 +204,7 @@ miscfiles_read_fonts(bluetooth_helper_t)
|
|||||||
userdom_search_all_users_home(bluetooth_helper_t)
|
userdom_search_all_users_home(bluetooth_helper_t)
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(bluetooth_helper_t)
|
nscd_socket_use(bluetooth_helper_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
|
@ -73,7 +73,7 @@ files_search_tmp(canna_t)
|
|||||||
files_dontaudit_read_root_files(canna_t)
|
files_dontaudit_read_root_files(canna_t)
|
||||||
|
|
||||||
init_use_fd(canna_t)
|
init_use_fd(canna_t)
|
||||||
init_use_script_pty(canna_t)
|
init_use_script_ptys(canna_t)
|
||||||
|
|
||||||
libs_use_ld_so(canna_t)
|
libs_use_ld_so(canna_t)
|
||||||
libs_use_shared_libs(canna_t)
|
libs_use_shared_libs(canna_t)
|
||||||
@ -88,8 +88,8 @@ userdom_dontaudit_use_unpriv_user_fd(canna_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(canna_t)
|
userdom_dontaudit_search_sysadm_home_dir(canna_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(canna_t)
|
term_dontaudit_use_unallocated_ttys(canna_t)
|
||||||
term_dontaudit_use_generic_pty(canna_t)
|
term_dontaudit_use_generic_ptys(canna_t)
|
||||||
files_dontaudit_read_root_files(canna_t)
|
files_dontaudit_read_root_files(canna_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -76,7 +76,7 @@ miscfiles_read_localization(comsat_t)
|
|||||||
|
|
||||||
sysnet_read_config(comsat_t)
|
sysnet_read_config(comsat_t)
|
||||||
|
|
||||||
userdom_dontaudit_getattr_sysadm_tty(comsat_t)
|
userdom_dontaudit_getattr_sysadm_ttys(comsat_t)
|
||||||
|
|
||||||
mta_getattr_spool(comsat_t)
|
mta_getattr_spool(comsat_t)
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(comsat_t)
|
nscd_socket_use(comsat_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ domain_use_wide_inherit_fd(cpucontrol_t)
|
|||||||
files_list_usr(cpucontrol_t)
|
files_list_usr(cpucontrol_t)
|
||||||
|
|
||||||
init_use_fd(cpucontrol_t)
|
init_use_fd(cpucontrol_t)
|
||||||
init_use_script_pty(cpucontrol_t)
|
init_use_script_ptys(cpucontrol_t)
|
||||||
|
|
||||||
libs_use_ld_so(cpucontrol_t)
|
libs_use_ld_so(cpucontrol_t)
|
||||||
libs_use_shared_libs(cpucontrol_t)
|
libs_use_shared_libs(cpucontrol_t)
|
||||||
@ -56,13 +56,13 @@ logging_send_syslog_msg(cpucontrol_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(cpucontrol_t)
|
userdom_dontaudit_use_unpriv_user_fd(cpucontrol_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(cpucontrol_t)
|
term_dontaudit_use_unallocated_ttys(cpucontrol_t)
|
||||||
term_dontaudit_use_generic_pty(cpucontrol_t)
|
term_dontaudit_use_generic_ptys(cpucontrol_t)
|
||||||
files_dontaudit_read_root_files(cpucontrol_t)
|
files_dontaudit_read_root_files(cpucontrol_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(cpucontrol_t)
|
nscd_socket_use(cpucontrol_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
@ -98,7 +98,7 @@ files_read_etc_runtime_files(cpuspeed_t)
|
|||||||
files_list_usr(cpuspeed_t)
|
files_list_usr(cpuspeed_t)
|
||||||
|
|
||||||
init_use_fd(cpuspeed_t)
|
init_use_fd(cpuspeed_t)
|
||||||
init_use_script_pty(cpuspeed_t)
|
init_use_script_ptys(cpuspeed_t)
|
||||||
|
|
||||||
libs_use_ld_so(cpuspeed_t)
|
libs_use_ld_so(cpuspeed_t)
|
||||||
libs_use_shared_libs(cpuspeed_t)
|
libs_use_shared_libs(cpuspeed_t)
|
||||||
@ -110,13 +110,13 @@ miscfiles_read_localization(cpuspeed_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(cpuspeed_t)
|
userdom_dontaudit_use_unpriv_user_fd(cpuspeed_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(cpuspeed_t)
|
term_dontaudit_use_unallocated_ttys(cpuspeed_t)
|
||||||
term_dontaudit_use_generic_pty(cpuspeed_t)
|
term_dontaudit_use_generic_ptys(cpuspeed_t)
|
||||||
files_dontaudit_read_root_files(cpuspeed_t)
|
files_dontaudit_read_root_files(cpuspeed_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(cpuspeed_t)
|
nscd_socket_use(cpuspeed_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -370,7 +370,7 @@ interface(`cron_sigchld',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cron_read_pipe',`
|
interface(`cron_read_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type crond_t;
|
type crond_t;
|
||||||
')
|
')
|
||||||
@ -386,7 +386,7 @@ interface(`cron_read_pipe',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cron_dontaudit_write_pipe',`
|
interface(`cron_dontaudit_write_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type crond_t;
|
type crond_t;
|
||||||
')
|
')
|
||||||
@ -402,7 +402,7 @@ interface(`cron_dontaudit_write_pipe',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cron_rw_pipe',`
|
interface(`cron_rw_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type crond_t;
|
type crond_t;
|
||||||
')
|
')
|
||||||
@ -452,7 +452,7 @@ interface(`cron_search_spool',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cron_domtrans_anacron_system_job',`
|
interface(`cron_anacron_domtrans_system_job',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_crond_t, anacron_exec_t;
|
type system_crond_t, anacron_exec_t;
|
||||||
')
|
')
|
||||||
@ -490,7 +490,7 @@ interface(`cron_use_system_job_fd',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cron_write_system_job_pipe',`
|
interface(`cron_write_system_job_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_crond_t;
|
type system_crond_t;
|
||||||
')
|
')
|
||||||
@ -506,7 +506,7 @@ interface(`cron_write_system_job_pipe',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cron_rw_system_job_pipe',`
|
interface(`cron_rw_system_job_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_crond_t;
|
type system_crond_t;
|
||||||
')
|
')
|
||||||
|
@ -119,7 +119,7 @@ files_search_var_lib(crond_t)
|
|||||||
files_search_default(crond_t)
|
files_search_default(crond_t)
|
||||||
|
|
||||||
init_use_fd(crond_t)
|
init_use_fd(crond_t)
|
||||||
init_use_script_pty(crond_t)
|
init_use_script_ptys(crond_t)
|
||||||
init_rw_utmp(crond_t)
|
init_rw_utmp(crond_t)
|
||||||
|
|
||||||
libs_use_ld_so(crond_t)
|
libs_use_ld_so(crond_t)
|
||||||
@ -184,17 +184,17 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(crond_t)
|
nscd_socket_use(crond_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
# Commonly used from postinst scripts
|
# Commonly used from postinst scripts
|
||||||
rpm_read_pipe(crond_t)
|
rpm_read_pipes(crond_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`postgresql',`
|
optional_policy(`postgresql',`
|
||||||
# allow crond to find /usr/lib/postgresql/bin/do.maintenance
|
# allow crond to find /usr/lib/postgresql/bin/do.maintenance
|
||||||
postgresql_search_db_dir(crond_t)
|
postgresql_search_db(crond_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`udev',`
|
optional_policy(`udev',`
|
||||||
@ -330,7 +330,7 @@ ifdef(`targeted_policy',`
|
|||||||
|
|
||||||
init_use_fd(system_crond_t)
|
init_use_fd(system_crond_t)
|
||||||
init_use_script_fd(system_crond_t)
|
init_use_script_fd(system_crond_t)
|
||||||
init_use_script_pty(system_crond_t)
|
init_use_script_ptys(system_crond_t)
|
||||||
init_read_utmp(system_crond_t)
|
init_read_utmp(system_crond_t)
|
||||||
init_dontaudit_rw_utmp(system_crond_t)
|
init_dontaudit_rw_utmp(system_crond_t)
|
||||||
# prelink tells init to restart it self, we either need to allow or dontaudit
|
# prelink tells init to restart it self, we either need to allow or dontaudit
|
||||||
@ -398,7 +398,7 @@ ifdef(`targeted_policy',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(system_crond_t)
|
nscd_socket_use(system_crond_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`prelink',`
|
optional_policy(`prelink',`
|
||||||
|
@ -171,13 +171,13 @@ files_read_world_readable_files(cupsd_t)
|
|||||||
files_read_world_readable_symlinks(cupsd_t)
|
files_read_world_readable_symlinks(cupsd_t)
|
||||||
|
|
||||||
init_use_fd(cupsd_t)
|
init_use_fd(cupsd_t)
|
||||||
init_use_script_pty(cupsd_t)
|
init_use_script_ptys(cupsd_t)
|
||||||
init_exec_script(cupsd_t)
|
init_exec_script(cupsd_t)
|
||||||
|
|
||||||
libs_use_ld_so(cupsd_t)
|
libs_use_ld_so(cupsd_t)
|
||||||
libs_use_shared_libs(cupsd_t)
|
libs_use_shared_libs(cupsd_t)
|
||||||
# Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.*
|
# Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.*
|
||||||
libs_read_lib(cupsd_t)
|
libs_read_lib_files(cupsd_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(cupsd_t)
|
logging_send_syslog_msg(cupsd_t)
|
||||||
|
|
||||||
@ -196,8 +196,8 @@ userdom_dontaudit_search_all_users_home(cupsd_t)
|
|||||||
lpd_manage_spool(cupsd_t)
|
lpd_manage_spool(cupsd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(cupsd_t)
|
term_dontaudit_use_unallocated_ttys(cupsd_t)
|
||||||
term_dontaudit_use_generic_pty(cupsd_t)
|
term_dontaudit_use_generic_ptys(cupsd_t)
|
||||||
files_dontaudit_read_root_files(cupsd_t)
|
files_dontaudit_read_root_files(cupsd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -207,7 +207,7 @@ optional_policy(`cron',`
|
|||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
dbus_system_bus_client_template(cupsd,cupsd_t)
|
dbus_system_bus_client_template(cupsd,cupsd_t)
|
||||||
dbus_send_system_bus_msg(cupsd_t)
|
dbus_send_system_bus(cupsd_t)
|
||||||
|
|
||||||
userdom_dbus_send_all_users(cupsd_t)
|
userdom_dbus_send_all_users(cupsd_t)
|
||||||
|
|
||||||
@ -229,11 +229,11 @@ optional_policy(`mount',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(cupsd_t)
|
nscd_socket_use(cupsd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`portmap',`
|
optional_policy(`portmap',`
|
||||||
portmap_udp_sendrecv(cupsd_t)
|
portmap_udp_chat(cupsd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`samba',`
|
optional_policy(`samba',`
|
||||||
@ -333,7 +333,7 @@ files_read_etc_files(ptal_t)
|
|||||||
files_read_etc_runtime_files(ptal_t)
|
files_read_etc_runtime_files(ptal_t)
|
||||||
|
|
||||||
init_use_fd(ptal_t)
|
init_use_fd(ptal_t)
|
||||||
init_use_script_pty(ptal_t)
|
init_use_script_ptys(ptal_t)
|
||||||
|
|
||||||
libs_use_ld_so(ptal_t)
|
libs_use_ld_so(ptal_t)
|
||||||
libs_use_shared_libs(ptal_t)
|
libs_use_shared_libs(ptal_t)
|
||||||
@ -348,8 +348,8 @@ userdom_dontaudit_use_unpriv_user_fd(ptal_t)
|
|||||||
userdom_dontaudit_search_all_users_home(ptal_t)
|
userdom_dontaudit_search_all_users_home(ptal_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(ptal_t)
|
term_dontaudit_use_unallocated_ttys(ptal_t)
|
||||||
term_dontaudit_use_generic_pty(ptal_t)
|
term_dontaudit_use_generic_ptys(ptal_t)
|
||||||
files_dontaudit_read_root_files(ptal_t)
|
files_dontaudit_read_root_files(ptal_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -430,7 +430,7 @@ files_read_etc_runtime_files(hplip_t)
|
|||||||
files_read_usr_files(hplip_t)
|
files_read_usr_files(hplip_t)
|
||||||
|
|
||||||
init_use_fd(hplip_t)
|
init_use_fd(hplip_t)
|
||||||
init_use_script_pty(hplip_t)
|
init_use_script_ptys(hplip_t)
|
||||||
|
|
||||||
libs_use_ld_so(hplip_t)
|
libs_use_ld_so(hplip_t)
|
||||||
libs_use_shared_libs(hplip_t)
|
libs_use_shared_libs(hplip_t)
|
||||||
@ -447,8 +447,8 @@ userdom_dontaudit_search_sysadm_home_dir(hplip_t)
|
|||||||
lpd_read_config(cupsd_t)
|
lpd_read_config(cupsd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(hplip_t)
|
term_dontaudit_use_unallocated_ttys(hplip_t)
|
||||||
term_dontaudit_use_generic_pty(hplip_t)
|
term_dontaudit_use_generic_ptys(hplip_t)
|
||||||
files_dontaudit_read_root_files(hplip_t)
|
files_dontaudit_read_root_files(hplip_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -549,7 +549,7 @@ files_read_etc_files(cupsd_config_t)
|
|||||||
files_read_etc_runtime_files(cupsd_config_t)
|
files_read_etc_runtime_files(cupsd_config_t)
|
||||||
|
|
||||||
init_use_fd(cupsd_config_t)
|
init_use_fd(cupsd_config_t)
|
||||||
init_use_script_pty(cupsd_config_t)
|
init_use_script_ptys(cupsd_config_t)
|
||||||
|
|
||||||
libs_use_ld_so(cupsd_config_t)
|
libs_use_ld_so(cupsd_config_t)
|
||||||
libs_use_shared_libs(cupsd_config_t)
|
libs_use_shared_libs(cupsd_config_t)
|
||||||
@ -574,8 +574,8 @@ ifdef(`distro_redhat',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(cupsd_config_t)
|
term_dontaudit_use_unallocated_ttys(cupsd_config_t)
|
||||||
term_dontaudit_use_generic_pty(cupsd_config_t)
|
term_dontaudit_use_generic_ptys(cupsd_config_t)
|
||||||
files_dontaudit_read_root_files(cupsd_config_t)
|
files_dontaudit_read_root_files(cupsd_config_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -586,7 +586,7 @@ optional_policy(`cron',`
|
|||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
|
dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
|
||||||
dbus_connect_system_bus(cupsd_config_t)
|
dbus_connect_system_bus(cupsd_config_t)
|
||||||
dbus_send_system_bus_msg(cupsd_config_t)
|
dbus_send_system_bus(cupsd_config_t)
|
||||||
|
|
||||||
optional_policy(`hal',`
|
optional_policy(`hal',`
|
||||||
hal_dbus_chat(cupsd_config_t)
|
hal_dbus_chat(cupsd_config_t)
|
||||||
@ -610,7 +610,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(cupsd_config_t)
|
nscd_socket_use(cupsd_config_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpm',`
|
optional_policy(`rpm',`
|
||||||
@ -633,9 +633,9 @@ allow cupsd_config_t printconf_t:file { getattr read };
|
|||||||
allow cupsd_config_t initrc_exec_t:file getattr;
|
allow cupsd_config_t initrc_exec_t:file getattr;
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
init_unix_connect_script(cupsd_t)
|
init_stream_connect_script(cupsd_t)
|
||||||
|
|
||||||
unconfined_read_pipe(cupsd_t)
|
unconfined_read_pipes(cupsd_t)
|
||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
init_dbus_chat_script(cupsd_t)
|
init_dbus_chat_script(cupsd_t)
|
||||||
@ -647,9 +647,9 @@ ifdef(`targeted_policy', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_generic_pty(cupsd_config_t)
|
term_use_generic_ptys(cupsd_config_t)
|
||||||
|
|
||||||
unconfined_read_pipe(cupsd_config_t)
|
unconfined_read_pipes(cupsd_config_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -725,5 +725,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(cupsd_lpd_t)
|
nscd_socket_use(cupsd_lpd_t)
|
||||||
')
|
')
|
||||||
|
@ -104,5 +104,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(cvs_t)
|
nscd_socket_use(cvs_t)
|
||||||
')
|
')
|
||||||
|
@ -92,7 +92,7 @@ files_read_etc_files(cyrus_t)
|
|||||||
files_read_etc_runtime_files(cyrus_t)
|
files_read_etc_runtime_files(cyrus_t)
|
||||||
|
|
||||||
init_use_fd(cyrus_t)
|
init_use_fd(cyrus_t)
|
||||||
init_use_script_pty(cyrus_t)
|
init_use_script_ptys(cyrus_t)
|
||||||
|
|
||||||
libs_use_ld_so(cyrus_t)
|
libs_use_ld_so(cyrus_t)
|
||||||
libs_use_shared_libs(cyrus_t)
|
libs_use_shared_libs(cyrus_t)
|
||||||
@ -108,13 +108,13 @@ sysnet_read_config(cyrus_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(cyrus_t)
|
userdom_dontaudit_use_unpriv_user_fd(cyrus_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir(cyrus_t)
|
userdom_dontaudit_search_sysadm_home_dir(cyrus_t)
|
||||||
userdom_use_unpriv_users_fd(cyrus_t)
|
userdom_use_unpriv_users_fd(cyrus_t)
|
||||||
userdom_use_sysadm_pty(cyrus_t)
|
userdom_use_sysadm_ptys(cyrus_t)
|
||||||
|
|
||||||
mta_manage_spool(cyrus_t)
|
mta_manage_spool(cyrus_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(cyrus_t)
|
term_dontaudit_use_unallocated_ttys(cyrus_t)
|
||||||
term_dontaudit_use_generic_pty(cyrus_t)
|
term_dontaudit_use_generic_ptys(cyrus_t)
|
||||||
files_dontaudit_read_root_files(cyrus_t)
|
files_dontaudit_read_root_files(cyrus_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -81,5 +81,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(dbskkd_t)
|
nscd_socket_use(dbskkd_t)
|
||||||
')
|
')
|
||||||
|
@ -121,15 +121,15 @@ template(`dbus_per_userdomain_template',`
|
|||||||
selinux_compute_user_contexts($1_dbusd_t)
|
selinux_compute_user_contexts($1_dbusd_t)
|
||||||
|
|
||||||
corecmd_list_bin($1_dbusd_t)
|
corecmd_list_bin($1_dbusd_t)
|
||||||
corecmd_read_bin_symlink($1_dbusd_t)
|
corecmd_read_bin_symlinks($1_dbusd_t)
|
||||||
corecmd_read_bin_file($1_dbusd_t)
|
corecmd_read_bin_files($1_dbusd_t)
|
||||||
corecmd_read_bin_pipe($1_dbusd_t)
|
corecmd_read_bin_pipes($1_dbusd_t)
|
||||||
corecmd_read_bin_socket($1_dbusd_t)
|
corecmd_read_bin_sockets($1_dbusd_t)
|
||||||
corecmd_list_sbin($1_dbusd_t)
|
corecmd_list_sbin($1_dbusd_t)
|
||||||
corecmd_read_sbin_symlink($1_dbusd_t)
|
corecmd_read_sbin_symlinks($1_dbusd_t)
|
||||||
corecmd_read_sbin_file($1_dbusd_t)
|
corecmd_read_sbin_files($1_dbusd_t)
|
||||||
corecmd_read_sbin_pipe($1_dbusd_t)
|
corecmd_read_sbin_pipes($1_dbusd_t)
|
||||||
corecmd_read_sbin_socket($1_dbusd_t)
|
corecmd_read_sbin_sockets($1_dbusd_t)
|
||||||
|
|
||||||
files_read_etc_files($1_dbusd_t)
|
files_read_etc_files($1_dbusd_t)
|
||||||
files_list_home($1_dbusd_t)
|
files_list_home($1_dbusd_t)
|
||||||
@ -161,7 +161,7 @@ template(`dbus_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_dbusd_t)
|
nscd_socket_use($1_dbusd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
@ -246,7 +246,7 @@ interface(`dbus_connect_system_bus',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`dbus_send_system_bus_msg',`
|
interface(`dbus_send_system_bus',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_dbusd_t;
|
type system_dbusd_t;
|
||||||
class dbus send_msg;
|
class dbus send_msg;
|
||||||
|
@ -76,15 +76,15 @@ auth_use_nsswitch(system_dbusd_t)
|
|||||||
auth_read_pam_console_data(system_dbusd_t)
|
auth_read_pam_console_data(system_dbusd_t)
|
||||||
|
|
||||||
corecmd_list_bin(system_dbusd_t)
|
corecmd_list_bin(system_dbusd_t)
|
||||||
corecmd_read_bin_symlink(system_dbusd_t)
|
corecmd_read_bin_symlinks(system_dbusd_t)
|
||||||
corecmd_read_bin_file(system_dbusd_t)
|
corecmd_read_bin_files(system_dbusd_t)
|
||||||
corecmd_read_bin_pipe(system_dbusd_t)
|
corecmd_read_bin_pipes(system_dbusd_t)
|
||||||
corecmd_read_bin_socket(system_dbusd_t)
|
corecmd_read_bin_sockets(system_dbusd_t)
|
||||||
corecmd_list_sbin(system_dbusd_t)
|
corecmd_list_sbin(system_dbusd_t)
|
||||||
corecmd_read_sbin_symlink(system_dbusd_t)
|
corecmd_read_sbin_symlinks(system_dbusd_t)
|
||||||
corecmd_read_sbin_file(system_dbusd_t)
|
corecmd_read_sbin_files(system_dbusd_t)
|
||||||
corecmd_read_sbin_pipe(system_dbusd_t)
|
corecmd_read_sbin_pipes(system_dbusd_t)
|
||||||
corecmd_read_sbin_socket(system_dbusd_t)
|
corecmd_read_sbin_sockets(system_dbusd_t)
|
||||||
corecmd_exec_sbin(system_dbusd_t)
|
corecmd_exec_sbin(system_dbusd_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(system_dbusd_t)
|
domain_use_wide_inherit_fd(system_dbusd_t)
|
||||||
@ -94,7 +94,7 @@ files_list_home(system_dbusd_t)
|
|||||||
files_read_usr_files(system_dbusd_t)
|
files_read_usr_files(system_dbusd_t)
|
||||||
|
|
||||||
init_use_fd(system_dbusd_t)
|
init_use_fd(system_dbusd_t)
|
||||||
init_use_script_pty(system_dbusd_t)
|
init_use_script_ptys(system_dbusd_t)
|
||||||
|
|
||||||
libs_use_ld_so(system_dbusd_t)
|
libs_use_ld_so(system_dbusd_t)
|
||||||
libs_use_shared_libs(system_dbusd_t)
|
libs_use_shared_libs(system_dbusd_t)
|
||||||
@ -111,8 +111,8 @@ userdom_dontaudit_use_unpriv_user_fd(system_dbusd_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t)
|
userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(system_dbusd_t)
|
term_dontaudit_use_unallocated_ttys(system_dbusd_t)
|
||||||
term_dontaudit_use_generic_pty(system_dbusd_t)
|
term_dontaudit_use_generic_ptys(system_dbusd_t)
|
||||||
files_dontaudit_read_root_files(system_dbusd_t)
|
files_dontaudit_read_root_files(system_dbusd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -129,7 +129,7 @@ optional_policy(`bind',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(system_dbusd_t)
|
nscd_socket_use(system_dbusd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`sysnetwork',`
|
optional_policy(`sysnetwork',`
|
||||||
|
@ -90,7 +90,7 @@ files_read_etc_runtime_files(dhcpd_t)
|
|||||||
files_search_var_lib(dhcpd_t)
|
files_search_var_lib(dhcpd_t)
|
||||||
|
|
||||||
init_use_fd(dhcpd_t)
|
init_use_fd(dhcpd_t)
|
||||||
init_use_script_pty(dhcpd_t)
|
init_use_script_ptys(dhcpd_t)
|
||||||
|
|
||||||
libs_use_ld_so(dhcpd_t)
|
libs_use_ld_so(dhcpd_t)
|
||||||
libs_use_shared_libs(dhcpd_t)
|
libs_use_shared_libs(dhcpd_t)
|
||||||
@ -110,8 +110,8 @@ ifdef(`distro_gentoo',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(dhcpd_t)
|
term_dontaudit_use_unallocated_ttys(dhcpd_t)
|
||||||
term_dontaudit_use_generic_pty(dhcpd_t)
|
term_dontaudit_use_generic_ptys(dhcpd_t)
|
||||||
files_dontaudit_read_root_files(dhcpd_t)
|
files_dontaudit_read_root_files(dhcpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -129,7 +129,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(dhcpd_t)
|
nscd_socket_use(dhcpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`dictd_use',`
|
interface(`dictd_tcp_connect',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type dictd_t;
|
type dictd_t;
|
||||||
')
|
')
|
||||||
|
@ -68,7 +68,7 @@ files_search_var_lib(dictd_t)
|
|||||||
files_dontaudit_search_pids(dictd_t)
|
files_dontaudit_search_pids(dictd_t)
|
||||||
|
|
||||||
init_use_fd(dictd_t)
|
init_use_fd(dictd_t)
|
||||||
init_use_script_pty(dictd_t)
|
init_use_script_ptys(dictd_t)
|
||||||
|
|
||||||
libs_use_ld_so(dictd_t)
|
libs_use_ld_so(dictd_t)
|
||||||
libs_use_shared_libs(dictd_t)
|
libs_use_shared_libs(dictd_t)
|
||||||
@ -82,8 +82,8 @@ sysnet_read_config(dictd_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(dictd_t)
|
userdom_dontaudit_use_unpriv_user_fd(dictd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(dictd_t)
|
term_dontaudit_use_unallocated_ttys(dictd_t)
|
||||||
term_dontaudit_use_generic_pty(dictd_t)
|
term_dontaudit_use_generic_ptys(dictd_t)
|
||||||
files_dontaudit_read_root_files(dictd_t)
|
files_dontaudit_read_root_files(dictd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -92,7 +92,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(dictd_t)
|
nscd_socket_use(dictd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -66,7 +66,7 @@ fs_search_auto_mountpoints(distccd_t)
|
|||||||
term_dontaudit_use_console(distccd_t)
|
term_dontaudit_use_console(distccd_t)
|
||||||
|
|
||||||
corecmd_exec_bin(distccd_t)
|
corecmd_exec_bin(distccd_t)
|
||||||
corecmd_read_sbin_symlink(distccd_t)
|
corecmd_read_sbin_symlinks(distccd_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(distccd_t)
|
domain_use_wide_inherit_fd(distccd_t)
|
||||||
|
|
||||||
@ -74,7 +74,7 @@ files_read_etc_files(distccd_t)
|
|||||||
files_read_etc_runtime_files(distccd_t)
|
files_read_etc_runtime_files(distccd_t)
|
||||||
|
|
||||||
init_use_fd(distccd_t)
|
init_use_fd(distccd_t)
|
||||||
init_use_script_pty(distccd_t)
|
init_use_script_ptys(distccd_t)
|
||||||
|
|
||||||
libs_use_ld_so(distccd_t)
|
libs_use_ld_so(distccd_t)
|
||||||
libs_use_shared_libs(distccd_t)
|
libs_use_shared_libs(distccd_t)
|
||||||
@ -90,8 +90,8 @@ userdom_dontaudit_use_unpriv_user_fd(distccd_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(distccd_t)
|
userdom_dontaudit_search_sysadm_home_dir(distccd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(distccd_t)
|
term_dontaudit_use_unallocated_ttys(distccd_t)
|
||||||
term_dontaudit_use_generic_pty(distccd_t)
|
term_dontaudit_use_generic_ptys(distccd_t)
|
||||||
files_dontaudit_read_root_files(distccd_t)
|
files_dontaudit_read_root_files(distccd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -98,7 +98,7 @@ files_search_tmp(dovecot_t)
|
|||||||
files_dontaudit_list_default(dovecot_t)
|
files_dontaudit_list_default(dovecot_t)
|
||||||
|
|
||||||
init_use_fd(dovecot_t)
|
init_use_fd(dovecot_t)
|
||||||
init_use_script_pty(dovecot_t)
|
init_use_script_ptys(dovecot_t)
|
||||||
init_getattr_utmp(dovecot_t)
|
init_getattr_utmp(dovecot_t)
|
||||||
|
|
||||||
libs_use_ld_so(dovecot_t)
|
libs_use_ld_so(dovecot_t)
|
||||||
@ -119,8 +119,8 @@ userdom_priveleged_home_dir_manager(dovecot_t)
|
|||||||
mta_manage_spool(dovecot_t)
|
mta_manage_spool(dovecot_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(dovecot_t)
|
term_dontaudit_use_unallocated_ttys(dovecot_t)
|
||||||
term_dontaudit_use_generic_pty(dovecot_t)
|
term_dontaudit_use_generic_ptys(dovecot_t)
|
||||||
files_dontaudit_read_root_files(dovecot_t)
|
files_dontaudit_read_root_files(dovecot_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -193,5 +193,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(dovecot_auth_t)
|
nscd_socket_use(dovecot_auth_t)
|
||||||
')
|
')
|
||||||
|
@ -75,7 +75,7 @@ term_dontaudit_use_console(fetchmail_t)
|
|||||||
domain_use_wide_inherit_fd(fetchmail_t)
|
domain_use_wide_inherit_fd(fetchmail_t)
|
||||||
|
|
||||||
init_use_fd(fetchmail_t)
|
init_use_fd(fetchmail_t)
|
||||||
init_use_script_pty(fetchmail_t)
|
init_use_script_ptys(fetchmail_t)
|
||||||
|
|
||||||
libs_use_ld_so(fetchmail_t)
|
libs_use_ld_so(fetchmail_t)
|
||||||
libs_use_shared_libs(fetchmail_t)
|
libs_use_shared_libs(fetchmail_t)
|
||||||
@ -91,8 +91,8 @@ userdom_dontaudit_use_unpriv_user_fd(fetchmail_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(fetchmail_t)
|
userdom_dontaudit_search_sysadm_home_dir(fetchmail_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(fetchmail_t)
|
term_dontaudit_use_unallocated_ttys(fetchmail_t)
|
||||||
term_dontaudit_use_generic_pty(fetchmail_t)
|
term_dontaudit_use_generic_ptys(fetchmail_t)
|
||||||
files_dontaudit_read_root_files(fetchmail_t)
|
files_dontaudit_read_root_files(fetchmail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -84,7 +84,7 @@ files_read_etc_runtime_files(fingerd_t)
|
|||||||
init_read_utmp(fingerd_t)
|
init_read_utmp(fingerd_t)
|
||||||
init_dontaudit_write_utmp(fingerd_t)
|
init_dontaudit_write_utmp(fingerd_t)
|
||||||
init_use_fd(fingerd_t)
|
init_use_fd(fingerd_t)
|
||||||
init_use_script_pty(fingerd_t)
|
init_use_script_ptys(fingerd_t)
|
||||||
|
|
||||||
libs_use_ld_so(fingerd_t)
|
libs_use_ld_so(fingerd_t)
|
||||||
libs_use_shared_libs(fingerd_t)
|
libs_use_shared_libs(fingerd_t)
|
||||||
@ -105,8 +105,8 @@ userdom_dontaudit_search_sysadm_home_dir(fingerd_t)
|
|||||||
userdom_dontaudit_search_user_home_dirs(fingerd_t)
|
userdom_dontaudit_search_user_home_dirs(fingerd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(fingerd_t)
|
term_dontaudit_use_unallocated_ttys(fingerd_t)
|
||||||
term_dontaudit_use_generic_pty(fingerd_t)
|
term_dontaudit_use_generic_ptys(fingerd_t)
|
||||||
files_dontaudit_read_root_files(fingerd_t)
|
files_dontaudit_read_root_files(fingerd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -123,7 +123,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(fingerd_t)
|
nscd_socket_use(fingerd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -112,7 +112,7 @@ auth_append_login_records(ftpd_t)
|
|||||||
auth_write_login_records(ftpd_t)
|
auth_write_login_records(ftpd_t)
|
||||||
|
|
||||||
init_use_fd(ftpd_t)
|
init_use_fd(ftpd_t)
|
||||||
init_use_script_pty(ftpd_t)
|
init_use_script_ptys(ftpd_t)
|
||||||
|
|
||||||
libs_use_ld_so(ftpd_t)
|
libs_use_ld_so(ftpd_t)
|
||||||
libs_use_shared_libs(ftpd_t)
|
libs_use_shared_libs(ftpd_t)
|
||||||
@ -132,8 +132,8 @@ userdom_dontaudit_use_unpriv_user_fd(ftpd_t)
|
|||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
files_dontaudit_read_root_files(ftpd_t)
|
files_dontaudit_read_root_files(ftpd_t)
|
||||||
|
|
||||||
term_dontaudit_use_generic_pty(ftpd_t)
|
term_dontaudit_use_generic_ptys(ftpd_t)
|
||||||
term_dontaudit_use_unallocated_tty(ftpd_t)
|
term_dontaudit_use_unallocated_ttys(ftpd_t)
|
||||||
|
|
||||||
optional_policy(`ftp',`
|
optional_policy(`ftp',`
|
||||||
tunable_policy(`ftpd_is_daemon',`
|
tunable_policy(`ftpd_is_daemon',`
|
||||||
@ -217,7 +217,7 @@ optional_policy(`mount',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(ftpd_t)
|
nscd_socket_use(ftpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -60,13 +60,13 @@ dev_rw_mouse(gpm_t)
|
|||||||
fs_getattr_all_fs(gpm_t)
|
fs_getattr_all_fs(gpm_t)
|
||||||
fs_search_auto_mountpoints(gpm_t)
|
fs_search_auto_mountpoints(gpm_t)
|
||||||
|
|
||||||
term_use_unallocated_tty(gpm_t)
|
term_use_unallocated_ttys(gpm_t)
|
||||||
term_dontaudit_use_console(gpm_t)
|
term_dontaudit_use_console(gpm_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(gpm_t)
|
domain_use_wide_inherit_fd(gpm_t)
|
||||||
|
|
||||||
init_use_fd(gpm_t)
|
init_use_fd(gpm_t)
|
||||||
init_use_script_pty(gpm_t)
|
init_use_script_ptys(gpm_t)
|
||||||
|
|
||||||
libs_use_ld_so(gpm_t)
|
libs_use_ld_so(gpm_t)
|
||||||
libs_use_shared_libs(gpm_t)
|
libs_use_shared_libs(gpm_t)
|
||||||
@ -79,8 +79,8 @@ userdom_dontaudit_use_unpriv_user_fd(gpm_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(gpm_t)
|
userdom_dontaudit_search_sysadm_home_dir(gpm_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(gpm_t)
|
term_dontaudit_use_unallocated_ttys(gpm_t)
|
||||||
term_dontaudit_use_generic_pty(gpm_t)
|
term_dontaudit_use_generic_ptys(gpm_t)
|
||||||
files_dontaudit_read_root_files(gpm_t)
|
files_dontaudit_read_root_files(gpm_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ kernel_read_kernel_sysctls(hald_t)
|
|||||||
kernel_read_fs_sysctls(hald_t)
|
kernel_read_fs_sysctls(hald_t)
|
||||||
kernel_write_proc_files(hald_t)
|
kernel_write_proc_files(hald_t)
|
||||||
|
|
||||||
bootloader_getattr_boot_dir(hald_t)
|
bootloader_getattr_boot_dirs(hald_t)
|
||||||
|
|
||||||
corecmd_exec_bin(hald_t)
|
corecmd_exec_bin(hald_t)
|
||||||
corecmd_exec_sbin(hald_t)
|
corecmd_exec_sbin(hald_t)
|
||||||
@ -111,10 +111,10 @@ storage_raw_write_fixed_disk(hald_t)
|
|||||||
|
|
||||||
term_dontaudit_use_console(hald_t)
|
term_dontaudit_use_console(hald_t)
|
||||||
term_dontaudit_ioctl_unallocated_ttys(hald_t)
|
term_dontaudit_ioctl_unallocated_ttys(hald_t)
|
||||||
term_dontaudit_use_unallocated_tty(hald_t)
|
term_dontaudit_use_unallocated_ttys(hald_t)
|
||||||
|
|
||||||
init_use_fd(hald_t)
|
init_use_fd(hald_t)
|
||||||
init_use_script_pty(hald_t)
|
init_use_script_ptys(hald_t)
|
||||||
init_domtrans_script(hald_t)
|
init_domtrans_script(hald_t)
|
||||||
init_write_initctl(hald_t)
|
init_write_initctl(hald_t)
|
||||||
init_read_utmp(hald_t)
|
init_read_utmp(hald_t)
|
||||||
@ -138,8 +138,8 @@ userdom_dontaudit_use_unpriv_user_fd(hald_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(hald_t)
|
userdom_dontaudit_search_sysadm_home_dir(hald_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(hald_t)
|
term_dontaudit_use_unallocated_ttys(hald_t)
|
||||||
term_dontaudit_use_generic_pty(hald_t)
|
term_dontaudit_use_generic_ptys(hald_t)
|
||||||
files_dontaudit_read_root_files(hald_t)
|
files_dontaudit_read_root_files(hald_t)
|
||||||
files_dontaudit_getattr_home_dir(hald_t)
|
files_dontaudit_getattr_home_dir(hald_t)
|
||||||
')
|
')
|
||||||
@ -165,7 +165,7 @@ optional_policy(`cups',`
|
|||||||
|
|
||||||
optional_policy(`dbus',`
|
optional_policy(`dbus',`
|
||||||
dbus_system_bus_client_template(hald,hald_t)
|
dbus_system_bus_client_template(hald,hald_t)
|
||||||
dbus_send_system_bus_msg(hald_t)
|
dbus_send_system_bus(hald_t)
|
||||||
dbus_connect_system_bus(hald_t)
|
dbus_connect_system_bus(hald_t)
|
||||||
allow hald_t self:dbus send_msg;
|
allow hald_t self:dbus send_msg;
|
||||||
|
|
||||||
@ -194,12 +194,12 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(hald_t)
|
nscd_socket_use(hald_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`pcmcia',`
|
optional_policy(`pcmcia',`
|
||||||
pcmcia_manage_pid(hald_t)
|
pcmcia_manage_pid(hald_t)
|
||||||
pcmcia_manage_runtime_chr(hald_t)
|
pcmcia_manage_pid_chr_files(hald_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`rpc',`
|
optional_policy(`rpc',`
|
||||||
|
@ -61,7 +61,7 @@ domain_use_wide_inherit_fd(howl_t)
|
|||||||
files_read_etc_files(howl_t)
|
files_read_etc_files(howl_t)
|
||||||
|
|
||||||
init_use_fd(howl_t)
|
init_use_fd(howl_t)
|
||||||
init_use_script_pty(howl_t)
|
init_use_script_ptys(howl_t)
|
||||||
init_rw_utmp(howl_t)
|
init_rw_utmp(howl_t)
|
||||||
|
|
||||||
libs_use_ld_so(howl_t)
|
libs_use_ld_so(howl_t)
|
||||||
@ -77,8 +77,8 @@ userdom_dontaudit_use_unpriv_user_fd(howl_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(howl_t)
|
userdom_dontaudit_search_sysadm_home_dir(howl_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(howl_t)
|
term_dontaudit_use_unallocated_ttys(howl_t)
|
||||||
term_dontaudit_use_generic_pty(howl_t)
|
term_dontaudit_use_generic_ptys(howl_t)
|
||||||
files_dontaudit_read_root_files(howl_t)
|
files_dontaudit_read_root_files(howl_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -70,8 +70,8 @@ files_read_etc_runtime_files(i18n_input_t)
|
|||||||
files_read_usr_files(i18n_input_t)
|
files_read_usr_files(i18n_input_t)
|
||||||
|
|
||||||
init_use_fd(i18n_input_t)
|
init_use_fd(i18n_input_t)
|
||||||
init_use_script_pty(i18n_input_t)
|
init_use_script_ptys(i18n_input_t)
|
||||||
init_unix_connect_script(i18n_input_t)
|
init_stream_connect_script(i18n_input_t)
|
||||||
|
|
||||||
libs_use_ld_so(i18n_input_t)
|
libs_use_ld_so(i18n_input_t)
|
||||||
libs_use_shared_libs(i18n_input_t)
|
libs_use_shared_libs(i18n_input_t)
|
||||||
@ -87,8 +87,8 @@ userdom_dontaudit_search_sysadm_home_dir(i18n_input_t)
|
|||||||
userdom_read_unpriv_user_home_files(i18n_input_t)
|
userdom_read_unpriv_user_home_files(i18n_input_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(i18n_input_t)
|
term_dontaudit_use_unallocated_ttys(i18n_input_t)
|
||||||
term_dontaudit_use_generic_pty(i18n_input_t)
|
term_dontaudit_use_generic_ptys(i18n_input_t)
|
||||||
files_dontaudit_read_root_files(i18n_input_t)
|
files_dontaudit_read_root_files(i18n_input_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -220,7 +220,7 @@ interface(`inetd_udp_sendto',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`inetd_rw_tcp_socket',`
|
interface(`inetd_rw_tcp_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type inetd_t;
|
type inetd_t;
|
||||||
')
|
')
|
||||||
|
@ -100,14 +100,14 @@ term_dontaudit_use_console(inetd_t)
|
|||||||
|
|
||||||
# Run other daemons in the inetd_child_t domain.
|
# Run other daemons in the inetd_child_t domain.
|
||||||
corecmd_search_bin(inetd_t)
|
corecmd_search_bin(inetd_t)
|
||||||
corecmd_read_sbin_symlink(inetd_t)
|
corecmd_read_sbin_symlinks(inetd_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(inetd_t)
|
domain_use_wide_inherit_fd(inetd_t)
|
||||||
|
|
||||||
files_read_etc_files(inetd_t)
|
files_read_etc_files(inetd_t)
|
||||||
|
|
||||||
init_use_fd(inetd_t)
|
init_use_fd(inetd_t)
|
||||||
init_use_script_pty(inetd_t)
|
init_use_script_ptys(inetd_t)
|
||||||
|
|
||||||
libs_use_ld_so(inetd_t)
|
libs_use_ld_so(inetd_t)
|
||||||
libs_use_shared_libs(inetd_t)
|
libs_use_shared_libs(inetd_t)
|
||||||
@ -122,8 +122,8 @@ userdom_dontaudit_use_unpriv_user_fd(inetd_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(inetd_t)
|
userdom_dontaudit_search_sysadm_home_dir(inetd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(inetd_t)
|
term_dontaudit_use_unallocated_ttys(inetd_t)
|
||||||
term_dontaudit_use_generic_pty(inetd_t)
|
term_dontaudit_use_generic_ptys(inetd_t)
|
||||||
files_dontaudit_read_root_files(inetd_t)
|
files_dontaudit_read_root_files(inetd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -137,7 +137,7 @@ optional_policy(`mount',`
|
|||||||
|
|
||||||
# Communicate with the portmapper.
|
# Communicate with the portmapper.
|
||||||
optional_policy(`portmap',`
|
optional_policy(`portmap',`
|
||||||
portmap_udp_sendto(inetd_t)
|
portmap_udp_send(inetd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
@ -232,5 +232,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(inetd_child_t)
|
nscd_socket_use(inetd_child_t)
|
||||||
')
|
')
|
||||||
|
@ -47,7 +47,7 @@ interface(`inn_manage_log',`
|
|||||||
type innd_log_t;
|
type innd_log_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
logging_rw_log_dir($1)
|
logging_rw_generic_log_dirs($1)
|
||||||
allow $1 innd_log_t:dir search;
|
allow $1 innd_log_t:dir search;
|
||||||
allow $1 innd_log_t:file create_file_perms;
|
allow $1 innd_log_t:file create_file_perms;
|
||||||
')
|
')
|
||||||
@ -133,7 +133,7 @@ interface(`inn_read_news_spool',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`inn_sendto_unix_dgram_socket',`
|
interface(`inn_dgram_send',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type innd_t;
|
type innd_t;
|
||||||
')
|
')
|
||||||
|
@ -88,7 +88,7 @@ term_dontaudit_use_console(innd_t)
|
|||||||
corecmd_exec_bin(innd_t)
|
corecmd_exec_bin(innd_t)
|
||||||
corecmd_exec_shell(innd_t)
|
corecmd_exec_shell(innd_t)
|
||||||
corecmd_search_sbin(innd_t)
|
corecmd_search_sbin(innd_t)
|
||||||
corecmd_read_sbin_symlink(innd_t)
|
corecmd_read_sbin_symlinks(innd_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(innd_t)
|
domain_use_wide_inherit_fd(innd_t)
|
||||||
|
|
||||||
@ -98,7 +98,7 @@ files_read_etc_runtime_files(innd_t)
|
|||||||
files_read_usr_files(innd_t)
|
files_read_usr_files(innd_t)
|
||||||
|
|
||||||
init_use_fd(innd_t)
|
init_use_fd(innd_t)
|
||||||
init_use_script_pty(innd_t)
|
init_use_script_ptys(innd_t)
|
||||||
|
|
||||||
libs_use_ld_so(innd_t)
|
libs_use_ld_so(innd_t)
|
||||||
libs_use_shared_libs(innd_t)
|
libs_use_shared_libs(innd_t)
|
||||||
@ -117,8 +117,8 @@ userdom_dontaudit_search_sysadm_home_dir(innd_t)
|
|||||||
mta_send_mail(innd_t)
|
mta_send_mail(innd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(innd_t)
|
term_dontaudit_use_unallocated_ttys(innd_t)
|
||||||
term_dontaudit_use_generic_pty(innd_t)
|
term_dontaudit_use_generic_ptys(innd_t)
|
||||||
files_dontaudit_read_root_files(innd_t)
|
files_dontaudit_read_root_files(innd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ term_dontaudit_use_console(irqbalance_t)
|
|||||||
domain_use_wide_inherit_fd(irqbalance_t)
|
domain_use_wide_inherit_fd(irqbalance_t)
|
||||||
|
|
||||||
init_use_fd(irqbalance_t)
|
init_use_fd(irqbalance_t)
|
||||||
init_use_script_pty(irqbalance_t)
|
init_use_script_ptys(irqbalance_t)
|
||||||
|
|
||||||
libs_use_ld_so(irqbalance_t)
|
libs_use_ld_so(irqbalance_t)
|
||||||
libs_use_shared_libs(irqbalance_t)
|
libs_use_shared_libs(irqbalance_t)
|
||||||
@ -52,8 +52,8 @@ userdom_dontaudit_use_unpriv_user_fd(irqbalance_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(irqbalance_t)
|
userdom_dontaudit_search_sysadm_home_dir(irqbalance_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(irqbalance_t)
|
term_dontaudit_use_unallocated_ttys(irqbalance_t)
|
||||||
term_dontaudit_use_generic_pty(irqbalance_t)
|
term_dontaudit_use_generic_ptys(irqbalance_t)
|
||||||
files_dontaudit_read_root_files(irqbalance_t)
|
files_dontaudit_read_root_files(irqbalance_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -117,7 +117,7 @@ domain_use_wide_inherit_fd(kadmind_t)
|
|||||||
files_read_etc_files(kadmind_t)
|
files_read_etc_files(kadmind_t)
|
||||||
|
|
||||||
init_use_fd(kadmind_t)
|
init_use_fd(kadmind_t)
|
||||||
init_use_script_pty(kadmind_t)
|
init_use_script_ptys(kadmind_t)
|
||||||
|
|
||||||
libs_use_ld_so(kadmind_t)
|
libs_use_ld_so(kadmind_t)
|
||||||
libs_use_shared_libs(kadmind_t)
|
libs_use_shared_libs(kadmind_t)
|
||||||
@ -132,8 +132,8 @@ userdom_dontaudit_use_unpriv_user_fd(kadmind_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(kadmind_t)
|
userdom_dontaudit_search_sysadm_home_dir(kadmind_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(kadmind_t)
|
term_dontaudit_use_unallocated_ttys(kadmind_t)
|
||||||
term_dontaudit_use_generic_pty(kadmind_t)
|
term_dontaudit_use_generic_ptys(kadmind_t)
|
||||||
files_dontaudit_read_root_files(kadmind_t)
|
files_dontaudit_read_root_files(kadmind_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -217,7 +217,7 @@ domain_use_wide_inherit_fd(krb5kdc_t)
|
|||||||
files_read_etc_files(krb5kdc_t)
|
files_read_etc_files(krb5kdc_t)
|
||||||
|
|
||||||
init_use_fd(krb5kdc_t)
|
init_use_fd(krb5kdc_t)
|
||||||
init_use_script_pty(krb5kdc_t)
|
init_use_script_ptys(krb5kdc_t)
|
||||||
|
|
||||||
libs_use_ld_so(krb5kdc_t)
|
libs_use_ld_so(krb5kdc_t)
|
||||||
libs_use_shared_libs(krb5kdc_t)
|
libs_use_shared_libs(krb5kdc_t)
|
||||||
@ -232,8 +232,8 @@ userdom_dontaudit_use_unpriv_user_fd(krb5kdc_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t)
|
userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(krb5kdc_t)
|
term_dontaudit_use_unallocated_ttys(krb5kdc_t)
|
||||||
term_dontaudit_use_generic_pty(krb5kdc_t)
|
term_dontaudit_use_generic_ptys(krb5kdc_t)
|
||||||
files_dontaudit_read_root_files(krb5kdc_t)
|
files_dontaudit_read_root_files(krb5kdc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -81,5 +81,5 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(ktalkd_t)
|
nscd_socket_use(ktalkd_t)
|
||||||
')
|
')
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`ldap_list_db_dir',`
|
interface(`ldap_list_db',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type slapd_db_t;
|
type slapd_db_t;
|
||||||
')
|
')
|
||||||
|
@ -108,7 +108,7 @@ files_read_usr_files(slapd_t)
|
|||||||
files_list_var_lib(slapd_t)
|
files_list_var_lib(slapd_t)
|
||||||
|
|
||||||
init_use_fd(slapd_t)
|
init_use_fd(slapd_t)
|
||||||
init_use_script_pty(slapd_t)
|
init_use_script_ptys(slapd_t)
|
||||||
|
|
||||||
libs_use_ld_so(slapd_t)
|
libs_use_ld_so(slapd_t)
|
||||||
libs_use_shared_libs(slapd_t)
|
libs_use_shared_libs(slapd_t)
|
||||||
@ -125,16 +125,16 @@ userdom_dontaudit_search_sysadm_home_dir(slapd_t)
|
|||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
#reh slapcat will want to talk to the terminal
|
#reh slapcat will want to talk to the terminal
|
||||||
term_use_generic_pty(slapd_t)
|
term_use_generic_ptys(slapd_t)
|
||||||
term_use_unallocated_tty(slapd_t)
|
term_use_unallocated_ttys(slapd_t)
|
||||||
|
|
||||||
userdom_search_generic_user_home_dir(slapd_t)
|
userdom_search_generic_user_home_dir(slapd_t)
|
||||||
#need to be able to read ldif files created by root
|
#need to be able to read ldif files created by root
|
||||||
# cjp: fix to not use templated interface:
|
# cjp: fix to not use templated interface:
|
||||||
userdom_read_user_home_files(user,slapd_t)
|
userdom_read_user_home_files(user,slapd_t)
|
||||||
|
|
||||||
term_dontaudit_use_unallocated_tty(slapd_t)
|
term_dontaudit_use_unallocated_ttys(slapd_t)
|
||||||
term_dontaudit_use_generic_pty(slapd_t)
|
term_dontaudit_use_generic_ptys(slapd_t)
|
||||||
files_dontaudit_read_root_files(slapd_t)
|
files_dontaudit_read_root_files(slapd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -134,7 +134,7 @@ template(`lpd_per_userdomain_template',`
|
|||||||
|
|
||||||
# Access the terminal.
|
# Access the terminal.
|
||||||
term_use_controlling_term($1_lpr_t)
|
term_use_controlling_term($1_lpr_t)
|
||||||
term_use_generic_pty($1_lpr_t)
|
term_use_generic_ptys($1_lpr_t)
|
||||||
|
|
||||||
libs_use_ld_so($1_lpr_t)
|
libs_use_ld_so($1_lpr_t)
|
||||||
libs_use_shared_libs($1_lpr_t)
|
libs_use_shared_libs($1_lpr_t)
|
||||||
@ -190,7 +190,7 @@ template(`lpd_per_userdomain_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_lpr_t)
|
nscd_socket_use($1_lpr_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nis',`
|
optional_policy(`nis',`
|
||||||
|
@ -90,7 +90,7 @@ domain_use_wide_inherit_fd(checkpc_t)
|
|||||||
files_read_etc_files(checkpc_t)
|
files_read_etc_files(checkpc_t)
|
||||||
files_read_etc_runtime_files(checkpc_t)
|
files_read_etc_runtime_files(checkpc_t)
|
||||||
|
|
||||||
init_use_script_pty(checkpc_t)
|
init_use_script_ptys(checkpc_t)
|
||||||
# Allow access to /dev/console through the fd:
|
# Allow access to /dev/console through the fd:
|
||||||
init_use_fd(checkpc_t)
|
init_use_fd(checkpc_t)
|
||||||
|
|
||||||
@ -100,8 +100,8 @@ libs_use_shared_libs(checkpc_t)
|
|||||||
sysnet_read_config(checkpc_t)
|
sysnet_read_config(checkpc_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_generic_pty(checkpc_t)
|
term_use_generic_ptys(checkpc_t)
|
||||||
term_use_unallocated_tty(checkpc_t)
|
term_use_unallocated_ttys(checkpc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
@ -202,7 +202,7 @@ files_read_var_lib_symlinks(lpd_t)
|
|||||||
files_read_etc_files(lpd_t)
|
files_read_etc_files(lpd_t)
|
||||||
|
|
||||||
init_use_fd(lpd_t)
|
init_use_fd(lpd_t)
|
||||||
init_use_script_pty(lpd_t)
|
init_use_script_ptys(lpd_t)
|
||||||
|
|
||||||
libs_use_ld_so(lpd_t)
|
libs_use_ld_so(lpd_t)
|
||||||
libs_use_shared_libs(lpd_t)
|
libs_use_shared_libs(lpd_t)
|
||||||
@ -218,8 +218,8 @@ userdom_dontaudit_use_unpriv_user_fd(lpd_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(lpd_t)
|
userdom_dontaudit_search_sysadm_home_dir(lpd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(lpd_t)
|
term_dontaudit_use_unallocated_ttys(lpd_t)
|
||||||
term_dontaudit_use_generic_pty(lpd_t)
|
term_dontaudit_use_generic_ptys(lpd_t)
|
||||||
files_dontaudit_read_root_files(lpd_t)
|
files_dontaudit_read_root_files(lpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -229,7 +229,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`portmap',`
|
optional_policy(`portmap',`
|
||||||
portmap_udp_sendto(lpd_t)
|
portmap_udp_send(lpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -61,7 +61,7 @@ optional_policy(`apache',`
|
|||||||
|
|
||||||
allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
|
allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
|
||||||
|
|
||||||
mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t)
|
mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
optional_policy(`qmail',`
|
optional_policy(`qmail',`
|
||||||
@ -110,5 +110,5 @@ optional_policy(`cron',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(mailman_queue_t)
|
nscd_socket_use(mailman_queue_t)
|
||||||
')
|
')
|
||||||
|
@ -101,7 +101,7 @@ template(`mta_base_mail_template',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket($1_mail_t)
|
nscd_socket_use($1_mail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`postfix',`
|
optional_policy(`postfix',`
|
||||||
@ -422,8 +422,8 @@ interface(`mta_mailserver_user_agent',`
|
|||||||
|
|
||||||
optional_policy(`apache',`
|
optional_policy(`apache',`
|
||||||
# apache should set close-on-exec
|
# apache should set close-on-exec
|
||||||
apache_dontaudit_rw_stream_socket($1)
|
apache_dontaudit_rw_stream_sockets($1)
|
||||||
apache_dontaudit_rw_sys_script_stream_socket($1)
|
apache_dontaudit_rw_sys_script_stream_sockets($1)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -507,7 +507,7 @@ interface(`mta_read_aliases',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mta_filetrans_etc_aliases',`
|
interface(`mta_filetrans_aliases',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type etc_aliases_t;
|
type etc_aliases_t;
|
||||||
')
|
')
|
||||||
@ -537,7 +537,7 @@ interface(`mta_rw_aliases',`
|
|||||||
## Mail server domain.
|
## Mail server domain.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mta_dontaudit_rw_delivery_tcp_socket',`
|
interface(`mta_dontaudit_rw_delivery_tcp_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute mailserver_delivery;
|
attribute mailserver_delivery;
|
||||||
')
|
')
|
||||||
@ -572,7 +572,7 @@ interface(`mta_tcp_connect_all_mailservers',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mta_dontaudit_read_spool_symlink',`
|
interface(`mta_dontaudit_read_spool_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mail_spool_t;
|
type mail_spool_t;
|
||||||
')
|
')
|
||||||
@ -595,7 +595,7 @@ interface(`mta_getattr_spool',`
|
|||||||
allow $1 mail_spool_t:file getattr;
|
allow $1 mail_spool_t:file getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
interface(`mta_dontaudit_getattr_spool',`
|
interface(`mta_dontaudit_getattr_spool_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mail_spool_t;
|
type mail_spool_t;
|
||||||
')
|
')
|
||||||
@ -761,7 +761,7 @@ interface(`mta_read_sendmail_bin',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mta_rw_user_mail_stream_socket',`
|
interface(`mta_rw_user_mail_stream_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute user_mail_domain;
|
attribute user_mail_domain;
|
||||||
')
|
')
|
||||||
|
@ -55,7 +55,7 @@ dev_read_urand(system_mail_t)
|
|||||||
|
|
||||||
fs_read_eventpollfs(system_mail_t)
|
fs_read_eventpollfs(system_mail_t)
|
||||||
|
|
||||||
init_use_script_pty(system_mail_t)
|
init_use_script_ptys(system_mail_t)
|
||||||
|
|
||||||
userdom_use_sysadm_terms(system_mail_t)
|
userdom_use_sysadm_terms(system_mail_t)
|
||||||
|
|
||||||
@ -101,22 +101,22 @@ optional_policy(`apache',`
|
|||||||
|
|
||||||
# apache should set close-on-exec
|
# apache should set close-on-exec
|
||||||
apache_dontaudit_append_log(system_mail_t)
|
apache_dontaudit_append_log(system_mail_t)
|
||||||
apache_dontaudit_rw_stream_socket(system_mail_t)
|
apache_dontaudit_rw_stream_sockets(system_mail_t)
|
||||||
apache_dontaudit_rw_tcp_socket(system_mail_t)
|
apache_dontaudit_rw_tcp_sockets(system_mail_t)
|
||||||
apache_dontaudit_rw_sys_script_stream_socket(system_mail_t)
|
apache_dontaudit_rw_sys_script_stream_sockets(system_mail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`arpwatch',`
|
optional_policy(`arpwatch',`
|
||||||
arpwatch_manage_tmp_files(system_mail_t)
|
arpwatch_manage_tmp_files(system_mail_t)
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms', `
|
ifdef(`hide_broken_symptoms', `
|
||||||
arpwatch_dontaudit_rw_packet_socket(system_mail_t)
|
arpwatch_dontaudit_rw_packet_sockets(system_mail_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_read_system_job_tmp_files(system_mail_t)
|
cron_read_system_job_tmp_files(system_mail_t)
|
||||||
cron_dontaudit_write_pipe(system_mail_t)
|
cron_dontaudit_write_pipes(system_mail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`cvs',`
|
optional_policy(`cvs',`
|
||||||
@ -157,7 +157,7 @@ optional_policy(`postfix',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`sendmail',`
|
optional_policy(`sendmail',`
|
||||||
userdom_dontaudit_use_unpriv_user_pty(system_mail_t)
|
userdom_dontaudit_use_unpriv_users_ptys(system_mail_t)
|
||||||
|
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_dontaudit_append_system_job_tmp_files(system_mail_t)
|
cron_dontaudit_append_system_job_tmp_files(system_mail_t)
|
||||||
@ -165,7 +165,7 @@ optional_policy(`sendmail',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`smartmon',`
|
optional_policy(`smartmon',`
|
||||||
smartmon_read_tmp(system_mail_t)
|
smartmon_read_tmp_files(system_mail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
# should break this up among sections:
|
# should break this up among sections:
|
||||||
@ -175,7 +175,7 @@ optional_policy(`arpwatch',`
|
|||||||
arpwatch_search_data(mailserver_delivery)
|
arpwatch_search_data(mailserver_delivery)
|
||||||
arpwatch_manage_tmp_files(mta_user_agent)
|
arpwatch_manage_tmp_files(mta_user_agent)
|
||||||
ifdef(`hide_broken_symptoms', `
|
ifdef(`hide_broken_symptoms', `
|
||||||
arpwatch_dontaudit_rw_packet_socket(mta_user_agent)
|
arpwatch_dontaudit_rw_packet_sockets(mta_user_agent)
|
||||||
')
|
')
|
||||||
optional_policy(`cron',`
|
optional_policy(`cron',`
|
||||||
cron_read_system_job_tmp_files(mta_user_agent)
|
cron_read_system_job_tmp_files(mta_user_agent)
|
||||||
|
@ -63,7 +63,7 @@ interface(`mysql_read_config',`
|
|||||||
#
|
#
|
||||||
# cjp: "_dir" in the name is added to clarify that this
|
# cjp: "_dir" in the name is added to clarify that this
|
||||||
# is not searching the database itself.
|
# is not searching the database itself.
|
||||||
interface(`mysql_search_db_dir',`
|
interface(`mysql_search_db',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_db_t;
|
type mysqld_db_t;
|
||||||
')
|
')
|
||||||
@ -80,7 +80,7 @@ interface(`mysql_search_db_dir',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mysql_rw_db_dir',`
|
interface(`mysql_rw_db_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_db_t;
|
type mysqld_db_t;
|
||||||
')
|
')
|
||||||
@ -97,7 +97,7 @@ interface(`mysql_rw_db_dir',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mysql_manage_db_dir',`
|
interface(`mysql_manage_db_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_db_t;
|
type mysqld_db_t;
|
||||||
')
|
')
|
||||||
@ -115,7 +115,7 @@ interface(`mysql_manage_db_dir',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mysql_rw_db_socket',`
|
interface(`mysql_rw_db_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_db_t;
|
type mysqld_db_t;
|
||||||
')
|
')
|
||||||
|
@ -95,7 +95,7 @@ files_read_usr_files(mysqld_t)
|
|||||||
files_search_var_lib(mysqld_t)
|
files_search_var_lib(mysqld_t)
|
||||||
|
|
||||||
init_use_fd(mysqld_t)
|
init_use_fd(mysqld_t)
|
||||||
init_use_script_pty(mysqld_t)
|
init_use_script_ptys(mysqld_t)
|
||||||
|
|
||||||
libs_use_ld_so(mysqld_t)
|
libs_use_ld_so(mysqld_t)
|
||||||
libs_use_shared_libs(mysqld_t)
|
libs_use_shared_libs(mysqld_t)
|
||||||
@ -116,8 +116,8 @@ ifdef(`distro_redhat',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(mysqld_t)
|
term_dontaudit_use_unallocated_ttys(mysqld_t)
|
||||||
term_dontaudit_use_generic_pty(mysqld_t)
|
term_dontaudit_use_generic_ptys(mysqld_t)
|
||||||
files_dontaudit_read_root_files(mysqld_t)
|
files_dontaudit_read_root_files(mysqld_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -134,7 +134,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(mysqld_t)
|
nscd_socket_use(mysqld_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
# cjp: added for named.
|
# cjp: added for named.
|
||||||
interface(`networkmanager_rw_udp_socket',`
|
interface(`networkmanager_rw_udp_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type NetworkManager_t;
|
type NetworkManager_t;
|
||||||
')
|
')
|
||||||
@ -26,7 +26,7 @@ interface(`networkmanager_rw_udp_socket',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
# cjp: added for named.
|
# cjp: added for named.
|
||||||
interface(`networkmanager_rw_packet_socket',`
|
interface(`networkmanager_rw_packet_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type NetworkManager_t;
|
type NetworkManager_t;
|
||||||
')
|
')
|
||||||
@ -44,7 +44,7 @@ interface(`networkmanager_rw_packet_socket',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
# cjp: added for named.
|
# cjp: added for named.
|
||||||
interface(`networkmanager_rw_routing_socket',`
|
interface(`networkmanager_rw_routing_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type NetworkManager_t;
|
type NetworkManager_t;
|
||||||
')
|
')
|
||||||
|
@ -79,7 +79,7 @@ files_read_etc_runtime_files(NetworkManager_t)
|
|||||||
files_read_usr_files(NetworkManager_t)
|
files_read_usr_files(NetworkManager_t)
|
||||||
|
|
||||||
init_use_fd(NetworkManager_t)
|
init_use_fd(NetworkManager_t)
|
||||||
init_use_script_pty(NetworkManager_t)
|
init_use_script_ptys(NetworkManager_t)
|
||||||
init_read_utmp(NetworkManager_t)
|
init_read_utmp(NetworkManager_t)
|
||||||
init_domtrans_script(NetworkManager_t)
|
init_domtrans_script(NetworkManager_t)
|
||||||
|
|
||||||
@ -106,11 +106,11 @@ sysnet_filetrans_config(NetworkManager_t)
|
|||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fd(NetworkManager_t)
|
userdom_dontaudit_use_unpriv_user_fd(NetworkManager_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t)
|
userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t)
|
||||||
userdom_dontaudit_use_unpriv_user_tty(NetworkManager_t)
|
userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(NetworkManager_t)
|
term_dontaudit_use_unallocated_ttys(NetworkManager_t)
|
||||||
term_dontaudit_use_generic_pty(NetworkManager_t)
|
term_dontaudit_use_generic_ptys(NetworkManager_t)
|
||||||
files_dontaudit_read_root_files(NetworkManager_t)
|
files_dontaudit_read_root_files(NetworkManager_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -137,7 +137,7 @@ optional_policy(`dbus',`
|
|||||||
|
|
||||||
dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
|
dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
|
||||||
dbus_connect_system_bus(NetworkManager_t)
|
dbus_connect_system_bus(NetworkManager_t)
|
||||||
dbus_send_system_bus_msg(NetworkManager_t)
|
dbus_send_system_bus(NetworkManager_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`howl',`
|
optional_policy(`howl',`
|
||||||
@ -153,7 +153,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(NetworkManager_t)
|
nscd_socket_use(NetworkManager_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -180,7 +180,7 @@ interface(`nis_list_var_yp',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`nis_udp_sendto_ypbind',`
|
interface(`nis_udp_send_ypbind',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type ypbind_t;
|
type ypbind_t;
|
||||||
')
|
')
|
||||||
|
@ -22,7 +22,7 @@ files_pid_file(ypbind_var_run_t)
|
|||||||
type yppasswdd_t;
|
type yppasswdd_t;
|
||||||
type yppasswdd_exec_t;
|
type yppasswdd_exec_t;
|
||||||
init_daemon_domain(yppasswdd_t,yppasswdd_exec_t)
|
init_daemon_domain(yppasswdd_t,yppasswdd_exec_t)
|
||||||
domain_obj_id_change_exempt(yppasswdd_t)
|
domain_obj_id_change_exemption(yppasswdd_t)
|
||||||
|
|
||||||
type yppasswdd_var_run_t;
|
type yppasswdd_var_run_t;
|
||||||
files_pid_file(yppasswdd_var_run_t)
|
files_pid_file(yppasswdd_var_run_t)
|
||||||
@ -100,8 +100,8 @@ files_read_etc_files(ypbind_t)
|
|||||||
files_list_var(ypbind_t)
|
files_list_var(ypbind_t)
|
||||||
|
|
||||||
init_use_fd(ypbind_t)
|
init_use_fd(ypbind_t)
|
||||||
init_use_script_pty(ypbind_t)
|
init_use_script_ptys(ypbind_t)
|
||||||
init_udp_sendto_script(ypbind_t)
|
init_udp_send_script(ypbind_t)
|
||||||
|
|
||||||
libs_use_ld_so(ypbind_t)
|
libs_use_ld_so(ypbind_t)
|
||||||
libs_use_shared_libs(ypbind_t)
|
libs_use_shared_libs(ypbind_t)
|
||||||
@ -115,11 +115,11 @@ sysnet_read_config(ypbind_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(ypbind_t)
|
userdom_dontaudit_use_unpriv_user_fd(ypbind_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir(ypbind_t)
|
userdom_dontaudit_search_sysadm_home_dir(ypbind_t)
|
||||||
|
|
||||||
portmap_udp_sendto(ypbind_t)
|
portmap_udp_send(ypbind_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(ypbind_t)
|
term_dontaudit_use_unallocated_ttys(ypbind_t)
|
||||||
term_dontaudit_use_generic_pty(ypbind_t)
|
term_dontaudit_use_generic_ptys(ypbind_t)
|
||||||
files_dontaudit_read_root_files(ypbind_t)
|
files_dontaudit_read_root_files(ypbind_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -201,8 +201,8 @@ files_read_etc_runtime_files(yppasswdd_t)
|
|||||||
files_relabel_etc_files(yppasswdd_t)
|
files_relabel_etc_files(yppasswdd_t)
|
||||||
|
|
||||||
init_use_fd(yppasswdd_t)
|
init_use_fd(yppasswdd_t)
|
||||||
init_use_script_pty(yppasswdd_t)
|
init_use_script_ptys(yppasswdd_t)
|
||||||
init_udp_sendto_script(yppasswdd_t)
|
init_udp_send_script(yppasswdd_t)
|
||||||
|
|
||||||
libs_use_ld_so(yppasswdd_t)
|
libs_use_ld_so(yppasswdd_t)
|
||||||
libs_use_shared_libs(yppasswdd_t)
|
libs_use_shared_libs(yppasswdd_t)
|
||||||
@ -216,11 +216,11 @@ sysnet_read_config(yppasswdd_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(yppasswdd_t)
|
userdom_dontaudit_use_unpriv_user_fd(yppasswdd_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir(yppasswdd_t)
|
userdom_dontaudit_search_sysadm_home_dir(yppasswdd_t)
|
||||||
|
|
||||||
portmap_udp_sendto(yppasswdd_t)
|
portmap_udp_send(yppasswdd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(yppasswdd_t)
|
term_dontaudit_use_unallocated_ttys(yppasswdd_t)
|
||||||
term_dontaudit_use_generic_pty(yppasswdd_t)
|
term_dontaudit_use_generic_ptys(yppasswdd_t)
|
||||||
files_dontaudit_read_root_files(yppasswdd_t)
|
files_dontaudit_read_root_files(yppasswdd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -296,8 +296,8 @@ domain_use_wide_inherit_fd(ypserv_t)
|
|||||||
files_read_var_files(ypserv_t)
|
files_read_var_files(ypserv_t)
|
||||||
|
|
||||||
init_use_fd(ypserv_t)
|
init_use_fd(ypserv_t)
|
||||||
init_use_script_pty(ypserv_t)
|
init_use_script_ptys(ypserv_t)
|
||||||
init_udp_sendto_script(ypserv_t)
|
init_udp_send_script(ypserv_t)
|
||||||
|
|
||||||
libs_use_ld_so(ypserv_t)
|
libs_use_ld_so(ypserv_t)
|
||||||
libs_use_shared_libs(ypserv_t)
|
libs_use_shared_libs(ypserv_t)
|
||||||
@ -311,11 +311,11 @@ sysnet_read_config(ypserv_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fd(ypserv_t)
|
userdom_dontaudit_use_unpriv_user_fd(ypserv_t)
|
||||||
userdom_dontaudit_search_sysadm_home_dir(ypserv_t)
|
userdom_dontaudit_search_sysadm_home_dir(ypserv_t)
|
||||||
|
|
||||||
portmap_udp_sendto(ypserv_t)
|
portmap_udp_send(ypserv_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(ypserv_t)
|
term_dontaudit_use_unallocated_ttys(ypserv_t)
|
||||||
term_dontaudit_use_generic_pty(ypserv_t)
|
term_dontaudit_use_generic_ptys(ypserv_t)
|
||||||
files_dontaudit_read_root_files(ypserv_t)
|
files_dontaudit_read_root_files(ypserv_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ interface(`nscd_domtrans',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`nscd_use_socket',`
|
interface(`nscd_socket_use',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type nscd_t, nscd_var_run_t;
|
type nscd_t, nscd_var_run_t;
|
||||||
class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
|
class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
|
||||||
@ -59,7 +59,7 @@ interface(`nscd_use_socket',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`nscd_use_shared_mem',`
|
interface(`nscd_shm_use',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type nscd_t, nscd_var_run_t;
|
type nscd_t, nscd_var_run_t;
|
||||||
class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
|
class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
|
||||||
|
@ -94,7 +94,7 @@ files_read_etc_files(nscd_t)
|
|||||||
files_read_generic_tmp_symlinks(nscd_t)
|
files_read_generic_tmp_symlinks(nscd_t)
|
||||||
|
|
||||||
init_use_fd(nscd_t)
|
init_use_fd(nscd_t)
|
||||||
init_use_script_pty(nscd_t)
|
init_use_script_ptys(nscd_t)
|
||||||
|
|
||||||
libs_use_ld_so(nscd_t)
|
libs_use_ld_so(nscd_t)
|
||||||
libs_use_shared_libs(nscd_t)
|
libs_use_shared_libs(nscd_t)
|
||||||
@ -114,11 +114,11 @@ userdom_dontaudit_use_unpriv_user_fd(nscd_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(nscd_t)
|
userdom_dontaudit_search_sysadm_home_dir(nscd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_use_unallocated_tty(nscd_t)
|
term_use_unallocated_ttys(nscd_t)
|
||||||
term_use_generic_pty(nscd_t)
|
term_use_generic_ptys(nscd_t)
|
||||||
|
|
||||||
term_dontaudit_use_unallocated_tty(nscd_t)
|
term_dontaudit_use_unallocated_ttys(nscd_t)
|
||||||
term_dontaudit_use_generic_pty(nscd_t)
|
term_dontaudit_use_generic_ptys(nscd_t)
|
||||||
files_dontaudit_read_root_files(nscd_t)
|
files_dontaudit_read_root_files(nscd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -127,7 +127,7 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`samba',`
|
optional_policy(`samba',`
|
||||||
samba_connect_winbind(nscd_t)
|
samba_stream_connect_winbind(nscd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`udev',`
|
optional_policy(`udev',`
|
||||||
|
@ -92,7 +92,7 @@ corecmd_exec_ls(ntpd_t)
|
|||||||
corecmd_exec_shell(ntpd_t)
|
corecmd_exec_shell(ntpd_t)
|
||||||
|
|
||||||
domain_use_wide_inherit_fd(ntpd_t)
|
domain_use_wide_inherit_fd(ntpd_t)
|
||||||
domain_dontaudit_list_all_domains_proc(ntpd_t)
|
domain_dontaudit_list_all_domains_state(ntpd_t)
|
||||||
|
|
||||||
files_read_etc_files(ntpd_t)
|
files_read_etc_files(ntpd_t)
|
||||||
files_read_etc_runtime_files(ntpd_t)
|
files_read_etc_runtime_files(ntpd_t)
|
||||||
@ -101,7 +101,7 @@ files_list_var_lib(ntpd_t)
|
|||||||
|
|
||||||
init_exec_script(ntpd_t)
|
init_exec_script(ntpd_t)
|
||||||
init_use_fd(ntpd_t)
|
init_use_fd(ntpd_t)
|
||||||
init_use_script_pty(ntpd_t)
|
init_use_script_ptys(ntpd_t)
|
||||||
|
|
||||||
libs_use_ld_so(ntpd_t)
|
libs_use_ld_so(ntpd_t)
|
||||||
libs_use_shared_libs(ntpd_t)
|
libs_use_shared_libs(ntpd_t)
|
||||||
@ -117,8 +117,8 @@ userdom_list_sysadm_home_dir(ntpd_t)
|
|||||||
userdom_dontaudit_list_sysadm_home_dir(ntpd_t)
|
userdom_dontaudit_list_sysadm_home_dir(ntpd_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(ntpd_t)
|
term_dontaudit_use_unallocated_ttys(ntpd_t)
|
||||||
term_dontaudit_use_generic_pty(ntpd_t)
|
term_dontaudit_use_generic_ptys(ntpd_t)
|
||||||
files_dontaudit_read_root_files(ntpd_t)
|
files_dontaudit_read_root_files(ntpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -144,11 +144,11 @@ optional_policy(`nis',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(ntpd_t)
|
nscd_socket_use(ntpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`samba',`
|
optional_policy(`samba',`
|
||||||
samba_connect_winbind(ntpd_t)
|
samba_stream_connect_winbind(ntpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -44,7 +44,7 @@ fs_search_auto_mountpoints(openct_t)
|
|||||||
term_dontaudit_use_console(openct_t)
|
term_dontaudit_use_console(openct_t)
|
||||||
|
|
||||||
init_use_fd(openct_t)
|
init_use_fd(openct_t)
|
||||||
init_use_script_pty(openct_t)
|
init_use_script_ptys(openct_t)
|
||||||
|
|
||||||
libs_use_ld_so(openct_t)
|
libs_use_ld_so(openct_t)
|
||||||
libs_use_shared_libs(openct_t)
|
libs_use_shared_libs(openct_t)
|
||||||
@ -57,8 +57,8 @@ userdom_dontaudit_use_unpriv_user_fd(openct_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(openct_t)
|
userdom_dontaudit_search_sysadm_home_dir(openct_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
term_dontaudit_use_unallocated_tty(openct_t)
|
term_dontaudit_use_unallocated_ttys(openct_t)
|
||||||
term_dontaudit_use_generic_pty(openct_t)
|
term_dontaudit_use_generic_ptys(openct_t)
|
||||||
files_dontaudit_read_root_files(openct_t)
|
files_dontaudit_read_root_files(openct_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -98,7 +98,7 @@ files_read_var_lib_files(pegasus_t)
|
|||||||
files_read_var_lib_symlinks(pegasus_t)
|
files_read_var_lib_symlinks(pegasus_t)
|
||||||
|
|
||||||
init_use_fd(pegasus_t)
|
init_use_fd(pegasus_t)
|
||||||
init_use_script_pty(pegasus_t)
|
init_use_script_ptys(pegasus_t)
|
||||||
init_rw_utmp(pegasus_t)
|
init_rw_utmp(pegasus_t)
|
||||||
|
|
||||||
libs_use_ld_so(pegasus_t)
|
libs_use_ld_so(pegasus_t)
|
||||||
@ -112,8 +112,8 @@ userdom_dontaudit_use_unpriv_user_fd(pegasus_t)
|
|||||||
userdom_dontaudit_search_sysadm_home_dir(pegasus_t)
|
userdom_dontaudit_search_sysadm_home_dir(pegasus_t)
|
||||||
|
|
||||||
ifdef(`targeted_policy', `
|
ifdef(`targeted_policy', `
|
||||||
term_dontaudit_use_unallocated_tty(pegasus_t)
|
term_dontaudit_use_unallocated_ttys(pegasus_t)
|
||||||
term_dontaudit_use_generic_pty(pegasus_t)
|
term_dontaudit_use_generic_ptys(pegasus_t)
|
||||||
files_dontaudit_read_root_files(pegasus_t)
|
files_dontaudit_read_root_files(pegasus_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -122,7 +122,7 @@ optional_policy(`logging',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`nscd',`
|
optional_policy(`nscd',`
|
||||||
nscd_use_socket(pegasus_t)
|
nscd_socket_use(pegasus_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil',`
|
optional_policy(`selinuxutil',`
|
||||||
|
@ -64,7 +64,7 @@ interface(`portmap_run_helper',`
|
|||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`portmap_udp_sendto',`
|
interface(`portmap_udp_send',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type portmap_t;
|
type portmap_t;
|
||||||
')
|
')
|
||||||
@ -81,7 +81,7 @@ interface(`portmap_udp_sendto',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`portmap_udp_sendrecv',`
|
interface(`portmap_udp_chat',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type portmap_t;
|
type portmap_t;
|
||||||
')
|
')
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user