another slew of renaming

This commit is contained in:
Chris PeBenito 2006-02-02 21:08:12 +00:00
parent 46112fca3e
commit 1815bad1d7
180 changed files with 1056 additions and 1056 deletions

View File

@ -58,7 +58,7 @@ files_list_usr(acct_t)
files_dontaudit_search_pids(acct_t) files_dontaudit_search_pids(acct_t)
init_use_fd(acct_t) init_use_fd(acct_t)
init_use_script_pty(acct_t) init_use_script_ptys(acct_t)
init_exec_script(acct_t) init_exec_script(acct_t)
libs_use_ld_so(acct_t) libs_use_ld_so(acct_t)
@ -72,8 +72,8 @@ userdom_dontaudit_search_sysadm_home_dir(acct_t)
userdom_dontaudit_use_unpriv_user_fd(acct_t) userdom_dontaudit_use_unpriv_user_fd(acct_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(acct_t) term_dontaudit_use_unallocated_ttys(acct_t)
term_dontaudit_use_generic_pty(acct_t) term_dontaudit_use_generic_ptys(acct_t)
files_dontaudit_read_root_files(acct_t) files_dontaudit_read_root_files(acct_t)
') ')
@ -88,7 +88,7 @@ optional_policy(`cron',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(acct_t) nscd_socket_use(acct_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -33,8 +33,8 @@ allow alsa_t alsa_etc_rw_t:lnk_file create_lnk_perms;
files_read_etc_files(alsa_t) files_read_etc_files(alsa_t)
term_use_generic_pty(alsa_t) term_use_generic_ptys(alsa_t)
term_dontaudit_use_unallocated_tty(alsa_t) term_dontaudit_use_unallocated_ttys(alsa_t)
libs_use_ld_so(alsa_t) libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t) libs_use_shared_libs(alsa_t)
@ -47,5 +47,5 @@ userdom_manage_unpriv_user_semaphores(alsa_t)
userdom_manage_unpriv_user_shared_mem(alsa_t) userdom_manage_unpriv_user_shared_mem(alsa_t)
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(alsa_t) nscd_socket_use(alsa_t)
') ')

View File

@ -128,7 +128,7 @@ kernel_dontaudit_getattr_unlabeled_files(amanda_t)
kernel_dontaudit_read_proc_symlinks(amanda_t) kernel_dontaudit_read_proc_symlinks(amanda_t)
# Added for targeted policy # Added for targeted policy
term_use_unallocated_tty(amanda_t) term_use_unallocated_ttys(amanda_t)
corenet_tcp_sendrecv_all_if(amanda_t) corenet_tcp_sendrecv_all_if(amanda_t)
corenet_udp_sendrecv_all_if(amanda_t) corenet_udp_sendrecv_all_if(amanda_t)
@ -182,7 +182,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(amanda_t) nscd_socket_use(amanda_t)
') ')
######################################## ########################################

View File

@ -8,7 +8,7 @@ policy_module(anaconda,1.0.0)
type anaconda_t; type anaconda_t;
domain_type(anaconda_t) domain_type(anaconda_t)
domain_obj_id_change_exempt(anaconda_t) domain_obj_id_change_exemption(anaconda_t)
role system_r types anaconda_t; role system_r types anaconda_t;
######################################## ########################################

View File

@ -44,12 +44,12 @@ fs_search_auto_mountpoints(consoletype_t)
fs_write_nfs_files(consoletype_t) fs_write_nfs_files(consoletype_t)
term_use_console(consoletype_t) term_use_console(consoletype_t)
term_use_unallocated_tty(consoletype_t) term_use_unallocated_ttys(consoletype_t)
init_use_fd(consoletype_t) init_use_fd(consoletype_t)
init_use_script_pty(consoletype_t) init_use_script_ptys(consoletype_t)
init_use_script_fd(consoletype_t) init_use_script_fd(consoletype_t)
init_write_script_pipe(consoletype_t) init_write_script_pipes(consoletype_t)
domain_use_wide_inherit_fd(consoletype_t) domain_use_wide_inherit_fd(consoletype_t)
@ -61,7 +61,7 @@ libs_use_shared_libs(consoletype_t)
userdom_use_sysadm_terms(consoletype_t) userdom_use_sysadm_terms(consoletype_t)
userdom_use_sysadm_fd(consoletype_t) userdom_use_sysadm_fd(consoletype_t)
userdom_rw_sysadm_pipe(consoletype_t) userdom_rw_sysadm_pipes(consoletype_t)
ifdef(`distro_redhat',` ifdef(`distro_redhat',`
fs_rw_tmpfs_chr_files(consoletype_t) fs_rw_tmpfs_chr_files(consoletype_t)
@ -69,7 +69,7 @@ ifdef(`distro_redhat',`
optional_policy(`apm',` optional_policy(`apm',`
apm_use_fd(consoletype_t) apm_use_fd(consoletype_t)
apm_write_pipe(consoletype_t) apm_write_pipes(consoletype_t)
') ')
optional_policy(`authlogin', ` optional_policy(`authlogin', `
@ -77,14 +77,14 @@ optional_policy(`authlogin', `
') ')
optional_policy(`cron',` optional_policy(`cron',`
cron_read_pipe(consoletype_t) cron_read_pipes(consoletype_t)
cron_use_system_job_fd(consoletype_t) cron_use_system_job_fd(consoletype_t)
') ')
optional_policy(`firstboot',` optional_policy(`firstboot',`
files_read_etc_files(consoletype_t) files_read_etc_files(consoletype_t)
firstboot_use_fd(consoletype_t) firstboot_use_fd(consoletype_t)
firstboot_write_pipe(consoletype_t) firstboot_write_pipes(consoletype_t)
') ')
optional_policy(`logrotate',` optional_policy(`logrotate',`
@ -101,7 +101,7 @@ optional_policy(`nis',`
optional_policy(`rpm',` optional_policy(`rpm',`
# Commonly used from postinst scripts # Commonly used from postinst scripts
rpm_read_pipe(consoletype_t) rpm_read_pipes(consoletype_t)
') ')
optional_policy(`userdomain',` optional_policy(`userdomain',`

View File

@ -41,15 +41,15 @@ files_read_usr_files(ddcprobe_t)
term_use_all_user_ttys(ddcprobe_t) term_use_all_user_ttys(ddcprobe_t)
term_use_all_user_ptys(ddcprobe_t) term_use_all_user_ptys(ddcprobe_t)
libs_read_lib(ddcprobe_t) libs_read_lib_files(ddcprobe_t)
libs_use_ld_so(ddcprobe_t) libs_use_ld_so(ddcprobe_t)
libs_use_shared_libs(ddcprobe_t) libs_use_shared_libs(ddcprobe_t)
miscfiles_read_localization(ddcprobe_t) miscfiles_read_localization(ddcprobe_t)
modutils_read_mods_deps(ddcprobe_t) modutils_read_module_deps(ddcprobe_t)
userdom_use_all_user_fd(ddcprobe_t) userdom_use_all_users_fd(ddcprobe_t)
#reh why? this does not seem even necessary to function properly #reh why? this does not seem even necessary to function properly
kudzu_getattr_exec_file(ddcprobe_t) kudzu_getattr_exec_files(ddcprobe_t)

View File

@ -51,7 +51,7 @@ ifdef(`strict_policy',`
files_dontaudit_search_isid_type_dirs(dmesg_t) files_dontaudit_search_isid_type_dirs(dmesg_t)
init_use_fd(dmesg_t) init_use_fd(dmesg_t)
init_use_script_pty(dmesg_t) init_use_script_ptys(dmesg_t)
libs_use_ld_so(dmesg_t) libs_use_ld_so(dmesg_t)
libs_use_shared_libs(dmesg_t) libs_use_shared_libs(dmesg_t)

View File

@ -33,6 +33,6 @@ libs_use_shared_libs(dmidecode_t)
locallogin_use_fd(dmidecode_t) locallogin_use_fd(dmidecode_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_generic_pty(dmidecode_t) term_use_generic_ptys(dmidecode_t)
term_use_unallocated_tty(dmidecode_t) term_use_unallocated_ttys(dmidecode_t)
') ')

View File

@ -90,7 +90,7 @@ interface(`firstboot_dontaudit_use_fd',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`firstboot_write_pipe',` interface(`firstboot_write_pipes',`
gen_require(` gen_require(`
type firstboot_t; type firstboot_t;
') ')

View File

@ -13,8 +13,8 @@ gen_require(`
type firstboot_t; type firstboot_t;
type firstboot_exec_t; type firstboot_exec_t;
init_system_domain(firstboot_t,firstboot_exec_t) init_system_domain(firstboot_t,firstboot_exec_t)
domain_obj_id_change_exempt(firstboot_t) domain_obj_id_change_exemption(firstboot_t)
domain_subj_id_change_exempt(firstboot_t) domain_subj_id_change_exemption(firstboot_t)
role system_r types firstboot_t; role system_r types firstboot_t;
type firstboot_etc_t; type firstboot_etc_t;
@ -95,8 +95,8 @@ logging_send_syslog_msg(firstboot_t)
miscfiles_read_localization(firstboot_t) miscfiles_read_localization(firstboot_t)
modutils_domtrans_insmod(firstboot_t) modutils_domtrans_insmod(firstboot_t)
modutils_read_module_conf(firstboot_t) modutils_read_module_config(firstboot_t)
modutils_read_mods_deps(firstboot_t) modutils_read_module_deps(firstboot_t)
# Add/remove user home directories # Add/remove user home directories
userdom_filetrans_generic_user_home_dir(firstboot_t) userdom_filetrans_generic_user_home_dir(firstboot_t)

View File

@ -55,7 +55,7 @@ interface(`kudzu_run',`
## </param> ## </param>
# #
# cjp: added for ddcprobe # cjp: added for ddcprobe
interface(`kudzu_getattr_exec_file',` interface(`kudzu_getattr_exec_files',`
gen_require(` gen_require(`
type kudzu_exec_t; type kudzu_exec_t;
') ')

View File

@ -65,12 +65,12 @@ fs_write_ramfs_sockets(kudzu_t)
mls_file_read_up(kudzu_t) mls_file_read_up(kudzu_t)
mls_file_write_down(kudzu_t) mls_file_write_down(kudzu_t)
modutils_read_mods_deps(kudzu_t) modutils_read_module_deps(kudzu_t)
modutils_read_module_conf(kudzu_t) modutils_read_module_config(kudzu_t)
modutils_rename_module_conf(kudzu_t) modutils_rename_module_config(kudzu_t)
storage_read_scsi_generic(kudzu_t) storage_read_scsi_generic(kudzu_t)
storage_read_tape_device(kudzu_t) storage_read_tape(kudzu_t)
storage_raw_write_fixed_disk(kudzu_t) storage_raw_write_fixed_disk(kudzu_t)
storage_raw_read_fixed_disk(kudzu_t) storage_raw_read_fixed_disk(kudzu_t)
storage_raw_read_removable_device(kudzu_t) storage_raw_read_removable_device(kudzu_t)
@ -78,7 +78,7 @@ storage_raw_read_removable_device(kudzu_t)
term_search_ptys(kudzu_t) term_search_ptys(kudzu_t)
term_dontaudit_use_console(kudzu_t) term_dontaudit_use_console(kudzu_t)
# so it can write messages to the console # so it can write messages to the console
term_use_unallocated_tty(kudzu_t) term_use_unallocated_ttys(kudzu_t)
corecmd_exec_sbin(kudzu_t) corecmd_exec_sbin(kudzu_t)
corecmd_exec_bin(kudzu_t) corecmd_exec_bin(kudzu_t)
@ -101,20 +101,20 @@ files_rw_etc_runtime_files(kudzu_t)
files_dontaudit_search_isid_type_dirs(kudzu_t) files_dontaudit_search_isid_type_dirs(kudzu_t)
init_use_fd(kudzu_t) init_use_fd(kudzu_t)
init_use_script_pty(kudzu_t) init_use_script_ptys(kudzu_t)
init_unix_connect_script(kudzu_t) init_stream_connect_script(kudzu_t)
libs_use_ld_so(kudzu_t) libs_use_ld_so(kudzu_t)
libs_use_shared_libs(kudzu_t) libs_use_shared_libs(kudzu_t)
# Read /usr/lib/gconv/gconv-modules.* # Read /usr/lib/gconv/gconv-modules.*
libs_read_lib(kudzu_t) libs_read_lib_files(kudzu_t)
logging_send_syslog_msg(kudzu_t) logging_send_syslog_msg(kudzu_t)
miscfiles_read_hwdata(kudzu_t) miscfiles_read_hwdata(kudzu_t)
miscfiles_read_localization(kudzu_t) miscfiles_read_localization(kudzu_t)
modutils_read_module_conf(kudzu_t) modutils_read_module_config(kudzu_t)
modutils_domtrans_insmod(kudzu_t) modutils_domtrans_insmod(kudzu_t)
sysnet_read_config(kudzu_t) sysnet_read_config(kudzu_t)
@ -123,8 +123,8 @@ userdom_search_sysadm_home_dir(kudzu_t)
userdom_dontaudit_use_unpriv_user_fd(kudzu_t) userdom_dontaudit_use_unpriv_user_fd(kudzu_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(kudzu_t) term_dontaudit_use_unallocated_ttys(kudzu_t)
term_dontaudit_use_generic_pty(kudzu_t) term_dontaudit_use_generic_ptys(kudzu_t)
files_dontaudit_read_root_files(kudzu_t) files_dontaudit_read_root_files(kudzu_t)
# cjp: this was originally in the else block # cjp: this was originally in the else block
@ -140,7 +140,7 @@ optional_policy(`gpm',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(kudzu_t) nscd_socket_use(kudzu_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -8,8 +8,8 @@ policy_module(logrotate,1.2.0)
type logrotate_t; type logrotate_t;
domain_type(logrotate_t) domain_type(logrotate_t)
domain_obj_id_change_exempt(logrotate_t) domain_obj_id_change_exemption(logrotate_t)
domain_system_change_exempt(logrotate_t) domain_system_change_exemption(logrotate_t)
role system_r types logrotate_t; role system_r types logrotate_t;
type logrotate_exec_t; type logrotate_exec_t;
@ -171,7 +171,7 @@ optional_policy(`mailman',`
optional_policy(`mysql',` optional_policy(`mysql',`
mysql_read_config(logrotate_t) mysql_read_config(logrotate_t)
mysql_search_db_dir(logrotate_t) mysql_search_db(logrotate_t)
mysql_stream_connect(logrotate_t) mysql_stream_connect(logrotate_t)
') ')
@ -180,7 +180,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(logrotate_t) nscd_socket_use(logrotate_t)
') ')
optional_policy(`slrnpull',` optional_policy(`slrnpull',`

View File

@ -38,8 +38,8 @@ kernel_read_fs_sysctls(logwatch_t)
kernel_read_kernel_sysctls(logwatch_t) kernel_read_kernel_sysctls(logwatch_t)
kernel_read_system_state(logwatch_t) kernel_read_system_state(logwatch_t)
corecmd_read_sbin_symlink(logwatch_t) corecmd_read_sbin_symlinks(logwatch_t)
corecmd_read_sbin_file(logwatch_t) corecmd_read_sbin_files(logwatch_t)
corecmd_exec_bin(logwatch_t) corecmd_exec_bin(logwatch_t)
corecmd_exec_shell(logwatch_t) corecmd_exec_shell(logwatch_t)
@ -56,14 +56,14 @@ files_dontaudit_search_home(logwatch_t)
fs_getattr_all_fs(logwatch_t) fs_getattr_all_fs(logwatch_t)
term_dontaudit_getattr_pty_dir(logwatch_t) term_dontaudit_getattr_pty_dirs(logwatch_t)
term_dontaudit_list_ptys(logwatch_t) term_dontaudit_list_ptys(logwatch_t)
auth_dontaudit_read_shadow(logwatch_t) auth_dontaudit_read_shadow(logwatch_t)
libs_use_ld_so(logwatch_t) libs_use_ld_so(logwatch_t)
libs_use_shared_libs(logwatch_t) libs_use_shared_libs(logwatch_t)
libs_read_lib(logwatch_t) libs_read_lib_files(logwatch_t)
logging_read_all_logs(logwatch_t) logging_read_all_logs(logwatch_t)
@ -72,7 +72,7 @@ miscfiles_read_localization(logwatch_t)
selinux_dontaudit_getattr_dir(logwatch_t) selinux_dontaudit_getattr_dir(logwatch_t)
userdom_dontaudit_search_sysadm_home_dir(logwatch_t) userdom_dontaudit_search_sysadm_home_dir(logwatch_t)
userdom_dontaudit_getattr_sysadm_home_dir(logwatch_t) userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t)
mta_send_mail(logwatch_t) mta_send_mail(logwatch_t)
@ -94,7 +94,7 @@ optional_policy(`mta',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(logwatch_t) nscd_socket_use(logwatch_t)
') ')
optional_policy(`ntp',` optional_policy(`ntp',`

View File

@ -98,12 +98,12 @@ fs_getattr_xattr_fs(mrtg_t)
term_dontaudit_use_console(mrtg_t) term_dontaudit_use_console(mrtg_t)
init_use_fd(mrtg_t) init_use_fd(mrtg_t)
init_use_script_pty(mrtg_t) init_use_script_ptys(mrtg_t)
# for uptime # for uptime
init_read_utmp(mrtg_t) init_read_utmp(mrtg_t)
init_dontaudit_write_utmp(mrtg_t) init_dontaudit_write_utmp(mrtg_t)
libs_read_lib(mrtg_t) libs_read_lib_files(mrtg_t)
libs_use_ld_so(mrtg_t) libs_use_ld_so(mrtg_t)
libs_use_shared_libs(mrtg_t) libs_use_shared_libs(mrtg_t)
@ -126,8 +126,8 @@ ifdef(`distro_redhat',`
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(mrtg_t) term_dontaudit_use_unallocated_ttys(mrtg_t)
term_dontaudit_use_generic_pty(mrtg_t) term_dontaudit_use_generic_ptys(mrtg_t)
files_dontaudit_read_root_files(mrtg_t) files_dontaudit_read_root_files(mrtg_t)
') ')
@ -157,7 +157,7 @@ optional_policy(`quota',`
optional_policy(`snmp',` optional_policy(`snmp',`
snmp_udp_chat(mrtg_t) snmp_udp_chat(mrtg_t)
snmp_read_snmp_var_lib(mrtg_t) snmp_read_snmp_var_lib_files(mrtg_t)
') ')
optional_policy(`udev',` optional_policy(`udev',`

View File

@ -65,7 +65,7 @@ files_read_etc_files(netutils_t)
files_dontaudit_search_var(netutils_t) files_dontaudit_search_var(netutils_t)
init_use_fd(netutils_t) init_use_fd(netutils_t)
init_use_script_pty(netutils_t) init_use_script_ptys(netutils_t)
libs_use_ld_so(netutils_t) libs_use_ld_so(netutils_t)
libs_use_shared_libs(netutils_t) libs_use_shared_libs(netutils_t)
@ -76,11 +76,11 @@ miscfiles_read_localization(netutils_t)
sysnet_read_config(netutils_t) sysnet_read_config(netutils_t)
userdom_use_all_user_fd(netutils_t) userdom_use_all_users_fd(netutils_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_generic_pty(netutils_t) term_use_generic_ptys(netutils_t)
term_use_unallocated_tty(netutils_t) term_use_unallocated_ttys(netutils_t)
') ')
optional_policy(`nis',` optional_policy(`nis',`
@ -135,8 +135,8 @@ ifdef(`hide_broken_symptoms',`
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_unallocated_tty(ping_t) term_use_unallocated_ttys(ping_t)
term_use_generic_pty(ping_t) term_use_generic_ptys(ping_t)
term_use_all_user_ttys(ping_t) term_use_all_user_ttys(ping_t)
term_use_all_user_ptys(ping_t) term_use_all_user_ptys(ping_t)
',` ',`
@ -151,7 +151,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(ping_t) nscd_socket_use(ping_t)
') ')
optional_policy(`pcmcia',` optional_policy(`pcmcia',`
@ -219,8 +219,8 @@ files_read_usr_files(traceroute_t)
sysnet_read_config(traceroute_t) sysnet_read_config(traceroute_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_unallocated_tty(traceroute_t) term_use_unallocated_ttys(traceroute_t)
term_use_generic_pty(traceroute_t) term_use_generic_ptys(traceroute_t)
') ')
tunable_policy(`user_ping',` tunable_policy(`user_ping',`
@ -233,7 +233,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(traceroute_t) nscd_socket_use(traceroute_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -10,7 +10,7 @@ type portage_exec_t;
files_type(portage_exec_t) files_type(portage_exec_t)
portage_compile_domain_template(portage) portage_compile_domain_template(portage)
domain_obj_id_change_exempt(portage_t) domain_obj_id_change_exemption(portage_t)
portage_compile_domain_template(portage_sandbox) portage_compile_domain_template(portage_sandbox)
# the shell is the entrypoint if regular sandbox is disabled # the shell is the entrypoint if regular sandbox is disabled

View File

@ -70,7 +70,7 @@ libs_relabel_ld_so(prelink_t)
libs_use_shared_libs(prelink_t) libs_use_shared_libs(prelink_t)
libs_manage_shared_libs(prelink_t) libs_manage_shared_libs(prelink_t)
libs_relabel_shared_libs(prelink_t) libs_relabel_shared_libs(prelink_t)
libs_use_lib(prelink_t) libs_use_lib_files(prelink_t)
libs_manage_lib_files(prelink_t) libs_manage_lib_files(prelink_t)
libs_relabel_lib_files(prelink_t) libs_relabel_lib_files(prelink_t)

View File

@ -52,7 +52,7 @@ files_getattr_all_sockets(quota_t)
files_read_etc_runtime_files(quota_t) files_read_etc_runtime_files(quota_t)
init_use_fd(quota_t) init_use_fd(quota_t)
init_use_script_pty(quota_t) init_use_script_ptys(quota_t)
libs_use_ld_so(quota_t) libs_use_ld_so(quota_t)
libs_use_shared_libs(quota_t) libs_use_shared_libs(quota_t)
@ -62,8 +62,8 @@ logging_send_syslog_msg(quota_t)
userdom_dontaudit_use_unpriv_user_fd(quota_t) userdom_dontaudit_use_unpriv_user_fd(quota_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(quota_t) term_dontaudit_use_unallocated_ttys(quota_t)
term_dontaudit_use_generic_pty(quota_t) term_dontaudit_use_generic_ptys(quota_t)
files_dontaudit_read_root_files(quota_t) files_dontaudit_read_root_files(quota_t)
') ')

View File

@ -55,7 +55,7 @@ term_dontaudit_use_console(readahead_t)
auth_dontaudit_read_shadow(readahead_t) auth_dontaudit_read_shadow(readahead_t)
init_use_fd(readahead_t) init_use_fd(readahead_t)
init_use_script_pty(readahead_t) init_use_script_ptys(readahead_t)
init_getattr_initctl(readahead_t) init_getattr_initctl(readahead_t)
libs_use_ld_so(readahead_t) libs_use_ld_so(readahead_t)
@ -70,8 +70,8 @@ userdom_dontaudit_search_sysadm_home_dir(readahead_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
files_dontaudit_read_root_files(readahead_t) files_dontaudit_read_root_files(readahead_t)
term_dontaudit_use_unallocated_tty(readahead_t) term_dontaudit_use_unallocated_ttys(readahead_t)
term_dontaudit_use_generic_pty(readahead_t) term_dontaudit_use_generic_ptys(readahead_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -31,7 +31,7 @@ interface(`rpm_domtrans',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`rpm_script_domtrans',` interface(`rpm_domtrans_script',`
gen_require(` gen_require(`
type rpm_script_t; type rpm_script_t;
') ')
@ -67,7 +67,7 @@ interface(`rpm_run',`
rpm_domtrans($1) rpm_domtrans($1)
role $2 types rpm_t; role $2 types rpm_t;
role $2 types rpm_script_t; role $2 types rpm_script_t;
seutil_run_loadpol(rpm_script_t,$2,$3) seutil_run_loadpolicy(rpm_script_t,$2,$3)
allow rpm_t $3:chr_file rw_term_perms; allow rpm_t $3:chr_file rw_term_perms;
') ')
@ -95,7 +95,7 @@ interface(`rpm_use_fd',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`rpm_read_pipe',` interface(`rpm_read_pipes',`
gen_require(` gen_require(`
type rpm_t; type rpm_t;
') ')
@ -111,7 +111,7 @@ interface(`rpm_read_pipe',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`rpm_rw_pipe',` interface(`rpm_rw_pipes',`
gen_require(` gen_require(`
type rpm_t; type rpm_t;
') ')
@ -132,7 +132,7 @@ interface(`rpm_manage_log',`
type rpm_log_t; type rpm_log_t;
') ')
logging_rw_log_dir($1) logging_rw_generic_log_dirs($1)
allow $1 rpm_log_t:file create_file_perms; allow $1 rpm_log_t:file create_file_perms;
') ')

View File

@ -9,9 +9,9 @@ policy_module(rpm,1.2.1)
type rpm_t; type rpm_t;
type rpm_exec_t; type rpm_exec_t;
init_system_domain(rpm_t,rpm_exec_t) init_system_domain(rpm_t,rpm_exec_t)
domain_obj_id_change_exempt(rpm_t) domain_obj_id_change_exemption(rpm_t)
domain_role_change_exempt(rpm_t) domain_role_change_exemption(rpm_t)
domain_system_change_exempt(rpm_t) domain_system_change_exemption(rpm_t)
domain_wide_inherit_fd(rpm_t) domain_wide_inherit_fd(rpm_t)
role system_r types rpm_t; role system_r types rpm_t;
@ -33,8 +33,8 @@ typealias rpm_var_lib_t alias var_lib_rpm_t;
type rpm_script_t; type rpm_script_t;
type rpm_script_exec_t; type rpm_script_exec_t;
domain_obj_id_change_exempt(rpm_script_t) domain_obj_id_change_exemption(rpm_script_t)
domain_system_change_exempt(rpm_script_t) domain_system_change_exemption(rpm_script_t)
corecmd_shell_entry_type(rpm_script_t) corecmd_shell_entry_type(rpm_script_t)
domain_type(rpm_script_t) domain_type(rpm_script_t)
domain_entry_file(rpm_t,rpm_script_exec_t) domain_entry_file(rpm_t,rpm_script_exec_t)
@ -138,7 +138,7 @@ auth_dontaudit_read_shadow(rpm_t)
corecmd_exec_bin(rpm_t) corecmd_exec_bin(rpm_t)
corecmd_exec_sbin(rpm_t) corecmd_exec_sbin(rpm_t)
# transition to rpm script: # transition to rpm script:
rpm_script_domtrans(rpm_t) rpm_domtrans_script(rpm_t)
domain_exec_all_entry_files(rpm_t) domain_exec_all_entry_files(rpm_t)
domain_read_all_domains_state(rpm_t) domain_read_all_domains_state(rpm_t)
@ -166,8 +166,8 @@ libs_domtrans_ldconfig(rpm_t)
logging_send_syslog_msg(rpm_t) logging_send_syslog_msg(rpm_t)
# allow compiling and loading new policy # allow compiling and loading new policy
seutil_manage_src_pol(rpm_t) seutil_manage_src_policy(rpm_t)
seutil_manage_binary_pol(rpm_t) seutil_manage_bin_policy(rpm_t)
sysnet_read_config(rpm_t) sysnet_read_config(rpm_t)
@ -324,10 +324,10 @@ miscfiles_read_localization(rpm_script_t)
modutils_domtrans_depmod(rpm_script_t) modutils_domtrans_depmod(rpm_script_t)
modutils_domtrans_insmod(rpm_script_t) modutils_domtrans_insmod(rpm_script_t)
seutil_domtrans_loadpol(rpm_script_t) seutil_domtrans_loadpolicy(rpm_script_t)
seutil_domtrans_restorecon(rpm_script_t) seutil_domtrans_restorecon(rpm_script_t)
userdom_use_all_user_fd(rpm_script_t) userdom_use_all_users_fd(rpm_script_t)
ifdef(`distro_redhat',` ifdef(`distro_redhat',`
unconfined_domain_template(rpm_script_t) unconfined_domain_template(rpm_script_t)

View File

@ -52,7 +52,7 @@ template(`su_restricted_domain_template', `
domain_use_wide_inherit_fd($1_su_t) domain_use_wide_inherit_fd($1_su_t)
init_dontaudit_use_fd($1_su_t) init_dontaudit_use_fd($1_su_t)
init_dontaudit_use_script_pty($1_su_t) init_dontaudit_use_script_ptys($1_su_t)
# Write to utmp. # Write to utmp.
init_rw_utmp($1_su_t) init_rw_utmp($1_su_t)
@ -64,7 +64,7 @@ template(`su_restricted_domain_template', `
miscfiles_read_localization($1_su_t) miscfiles_read_localization($1_su_t)
optional_policy(`cron',` optional_policy(`cron',`
cron_read_pipe($1_su_t) cron_read_pipes($1_su_t)
') ')
optional_policy(`kerberos',` optional_policy(`kerberos',`
@ -72,7 +72,7 @@ template(`su_restricted_domain_template', `
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_su_t) nscd_socket_use($1_su_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
@ -205,7 +205,7 @@ template(`su_per_userdomain_template',`
') ')
optional_policy(`cron',` optional_policy(`cron',`
cron_read_pipe($1_su_t) cron_read_pipes($1_su_t)
') ')
optional_policy(`kerberos',` optional_policy(`kerberos',`
@ -213,7 +213,7 @@ template(`su_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_su_t) nscd_socket_use($1_su_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -90,9 +90,9 @@ template(`sudo_per_userdomain_template',`
auth_domtrans_chk_passwd($1_sudo_t) auth_domtrans_chk_passwd($1_sudo_t)
corecmd_getattr_bin_file($1_sudo_t) corecmd_getattr_bin_files($1_sudo_t)
corecmd_read_sbin_symlink($1_sudo_t) corecmd_read_sbin_symlinks($1_sudo_t)
corecmd_getattr_sbin_file($1_sudo_t) corecmd_getattr_sbin_files($1_sudo_t)
domain_use_wide_inherit_fd($1_sudo_t) domain_use_wide_inherit_fd($1_sudo_t)
domain_sigchld_wide_inherit_fd($1_sudo_t) domain_sigchld_wide_inherit_fd($1_sudo_t)
@ -128,7 +128,7 @@ template(`sudo_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_sudo_t) nscd_socket_use($1_sudo_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -67,7 +67,7 @@ files_dontaudit_search_home(updfstab_t)
files_read_etc_runtime_files(updfstab_t) files_read_etc_runtime_files(updfstab_t)
init_use_fd(updfstab_t) init_use_fd(updfstab_t)
init_use_script_pty(updfstab_t) init_use_script_ptys(updfstab_t)
libs_use_ld_so(updfstab_t) libs_use_ld_so(updfstab_t)
libs_use_shared_libs(updfstab_t) libs_use_shared_libs(updfstab_t)
@ -81,13 +81,13 @@ seutil_read_config(updfstab_t)
seutil_read_default_contexts(updfstab_t) seutil_read_default_contexts(updfstab_t)
seutil_read_file_contexts(updfstab_t) seutil_read_file_contexts(updfstab_t)
userdom_use_sysadm_tty(updfstab_t) userdom_use_sysadm_ttys(updfstab_t)
userdom_dontaudit_search_all_users_home(updfstab_t) userdom_dontaudit_search_all_users_home(updfstab_t)
userdom_dontaudit_use_unpriv_user_fd(updfstab_t) userdom_dontaudit_use_unpriv_user_fd(updfstab_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(updfstab_t) term_dontaudit_use_unallocated_ttys(updfstab_t)
term_dontaudit_use_generic_pty(updfstab_t) term_dontaudit_use_generic_ptys(updfstab_t)
files_dontaudit_read_root_files(updfstab_t) files_dontaudit_read_root_files(updfstab_t)
') ')
@ -99,7 +99,7 @@ optional_policy(`dbus',`
init_dbus_chat_script(updfstab_t) init_dbus_chat_script(updfstab_t)
dbus_system_bus_client_template(updfstab,updfstab_t) dbus_system_bus_client_template(updfstab,updfstab_t)
dbus_send_system_bus_msg(updfstab_t) dbus_send_system_bus(updfstab_t)
') ')
optional_policy(`hal',` optional_policy(`hal',`
@ -108,13 +108,13 @@ optional_policy(`hal',`
') ')
optional_policy(`modutils',` optional_policy(`modutils',`
modutils_read_module_conf(updfstab_t) modutils_read_module_config(updfstab_t)
modutils_exec_insmod(updfstab_t) modutils_exec_insmod(updfstab_t)
modutils_read_mods_deps(updfstab_t) modutils_read_module_deps(updfstab_t)
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(updfstab_t) nscd_socket_use(updfstab_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -37,7 +37,7 @@ init_use_fd(usbmodules_t)
libs_use_ld_so(usbmodules_t) libs_use_ld_so(usbmodules_t)
libs_use_shared_libs(usbmodules_t) libs_use_shared_libs(usbmodules_t)
modutils_read_mods_deps(usbmodules_t) modutils_read_module_deps(usbmodules_t)
optional_policy(`hotplug',` optional_policy(`hotplug',`
hotplug_read_config(usbmodules_t) hotplug_read_config(usbmodules_t)

View File

@ -10,7 +10,7 @@ type admin_passwd_exec_t;
files_type(admin_passwd_exec_t) files_type(admin_passwd_exec_t)
type chfn_t; type chfn_t;
domain_obj_id_change_exempt(chfn_t) domain_obj_id_change_exemption(chfn_t)
domain_type(chfn_t) domain_type(chfn_t)
role system_r types chfn_t; role system_r types chfn_t;
@ -32,12 +32,12 @@ files_tmp_file(crack_tmp_t)
type groupadd_t; type groupadd_t;
type groupadd_exec_t; type groupadd_exec_t;
domain_obj_id_change_exempt(groupadd_t) domain_obj_id_change_exemption(groupadd_t)
init_system_domain(groupadd_t,groupadd_exec_t) init_system_domain(groupadd_t,groupadd_exec_t)
role system_r types groupadd_t; role system_r types groupadd_t;
type passwd_t; type passwd_t;
domain_obj_id_change_exempt(passwd_t) domain_obj_id_change_exemption(passwd_t)
domain_type(passwd_t) domain_type(passwd_t)
role system_r types passwd_t; role system_r types passwd_t;
@ -45,7 +45,7 @@ type passwd_exec_t;
domain_entry_file(passwd_t,passwd_exec_t) domain_entry_file(passwd_t,passwd_exec_t)
type sysadm_passwd_t; type sysadm_passwd_t;
domain_obj_id_change_exempt(sysadm_passwd_t) domain_obj_id_change_exemption(sysadm_passwd_t)
domain_type(sysadm_passwd_t) domain_type(sysadm_passwd_t)
domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t) domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
role system_r types sysadm_passwd_t; role system_r types sysadm_passwd_t;
@ -55,7 +55,7 @@ files_tmp_file(sysadm_passwd_tmp_t)
type useradd_t; type useradd_t;
type useradd_exec_t; type useradd_exec_t;
domain_obj_id_change_exempt(useradd_t) domain_obj_id_change_exemption(useradd_t)
init_system_domain(useradd_t,useradd_exec_t) init_system_domain(useradd_t,useradd_exec_t)
role system_r types useradd_t; role system_r types useradd_t;
@ -137,7 +137,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(chfn_t) nscd_socket_use(chfn_t)
') ')
######################################## ########################################
@ -253,12 +253,12 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(groupadd_t) nscd_socket_use(groupadd_t)
') ')
optional_policy(`rpm',` optional_policy(`rpm',`
rpm_use_fd(groupadd_t) rpm_use_fd(groupadd_t)
rpm_rw_pipe(groupadd_t) rpm_rw_pipes(groupadd_t)
') ')
######################################## ########################################
@ -333,7 +333,7 @@ seutil_dontaudit_search_config(passwd_t)
userdom_use_unpriv_users_fd(passwd_t) userdom_use_unpriv_users_fd(passwd_t)
# make sure that getcon succeeds # make sure that getcon succeeds
userdom_getattr_all_userdomains(passwd_t) userdom_getattr_all_userdomains(passwd_t)
userdom_read_all_userdomains_state(passwd_t) userdom_read_all_users_state(passwd_t)
# user generally runs this from their home directory, so do not audit a search # user generally runs this from their home directory, so do not audit a search
# on user home dir # on user home dir
userdom_dontaudit_search_all_users_home(passwd_t) userdom_dontaudit_search_all_users_home(passwd_t)
@ -343,7 +343,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(passwd_t) nscd_socket_use(passwd_t)
') ')
######################################## ########################################
@ -513,10 +513,10 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(useradd_t) nscd_socket_use(useradd_t)
') ')
optional_policy(`rpm',` optional_policy(`rpm',`
rpm_use_fd(useradd_t) rpm_use_fd(useradd_t)
rpm_rw_pipe(useradd_t) rpm_rw_pipes(useradd_t)
') ')

View File

@ -99,7 +99,7 @@ sysnet_exec_ifconfig(vpnc_t)
sysnet_filetrans_config(vpnc_t) sysnet_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t) sysnet_manage_config(vpnc_t)
userdom_use_all_user_fd(vpnc_t) userdom_use_all_users_fd(vpnc_t)
userdom_dontaudit_search_all_users_home(vpnc_t) userdom_dontaudit_search_all_users_home(vpnc_t)
optional_policy(`dbus',` optional_policy(`dbus',`
@ -115,5 +115,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(vpnc_t) nscd_socket_use(vpnc_t)
') ')

View File

@ -145,7 +145,7 @@ template(`java_per_userdomain_template',`
libs_legacy_use_shared_libs($1_javaplugin_t) libs_legacy_use_shared_libs($1_javaplugin_t)
libs_legacy_use_ld_so($1_javaplugin_t) libs_legacy_use_ld_so($1_javaplugin_t)
libs_use_lib($1_javaplugin_t) libs_use_lib_files($1_javaplugin_t)
miscfiles_legacy_read_localization($1_javaplugin_t) miscfiles_legacy_read_localization($1_javaplugin_t)
') ')
@ -155,7 +155,7 @@ template(`java_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_javaplugin_t) nscd_socket_use($1_javaplugin_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -97,15 +97,15 @@ template(`screen_per_userdomain_template',`
kernel_read_kernel_sysctls($1_screen_t) kernel_read_kernel_sysctls($1_screen_t)
corecmd_list_bin($1_screen_t) corecmd_list_bin($1_screen_t)
corecmd_read_bin_file($1_screen_t) corecmd_read_bin_files($1_screen_t)
corecmd_read_bin_symlink($1_screen_t) corecmd_read_bin_symlinks($1_screen_t)
corecmd_read_bin_pipe($1_screen_t) corecmd_read_bin_pipes($1_screen_t)
corecmd_read_bin_socket($1_screen_t) corecmd_read_bin_sockets($1_screen_t)
corecmd_list_sbin($1_screen_t) corecmd_list_sbin($1_screen_t)
corecmd_read_sbin_symlink($1_screen_t) corecmd_read_sbin_symlinks($1_screen_t)
corecmd_read_sbin_file($1_screen_t) corecmd_read_sbin_files($1_screen_t)
corecmd_read_sbin_pipe($1_screen_t) corecmd_read_sbin_pipes($1_screen_t)
corecmd_read_sbin_socket($1_screen_t) corecmd_read_sbin_sockets($1_screen_t)
# Revert to the user domain when a shell is executed. # Revert to the user domain when a shell is executed.
corecmd_shell_domtrans($1_screen_t,$2) corecmd_shell_domtrans($1_screen_t,$2)
corecmd_bin_domtrans($1_screen_t,$2) corecmd_bin_domtrans($1_screen_t,$2)
@ -185,7 +185,7 @@ template(`screen_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_screen_t) nscd_socket_use($1_screen_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -38,10 +38,10 @@ template(`userhelper_per_userdomain_template',`
type $1_userhelper_t; type $1_userhelper_t;
domain_type($1_userhelper_t) domain_type($1_userhelper_t)
domain_entry_file($1_userhelper_t,userhelper_exec_t) domain_entry_file($1_userhelper_t,userhelper_exec_t)
domain_role_change_exempt($1_userhelper_t) domain_role_change_exemption($1_userhelper_t)
domain_obj_id_change_exempt($1_userhelper_t) domain_obj_id_change_exemption($1_userhelper_t)
domain_wide_inherit_fd($1_userhelper_t) domain_wide_inherit_fd($1_userhelper_t)
domain_subj_id_change_exempt($1_userhelper_t) domain_subj_id_change_exemption($1_userhelper_t)
role system_r types $1_userhelper_t; role system_r types $1_userhelper_t;
######################################## ########################################
@ -177,7 +177,7 @@ template(`userhelper_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_userhelper_t) nscd_socket_use($1_userhelper_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -93,8 +93,8 @@ apache_read_log(webalizer_t)
apache_manage_sys_content(webalizer_t) apache_manage_sys_content(webalizer_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_generic_pty(webalizer_t) term_use_generic_ptys(webalizer_t)
term_use_unallocated_tty(webalizer_t) term_use_unallocated_ttys(webalizer_t)
') ')
optional_policy(`ftp',` optional_policy(`ftp',`
@ -106,7 +106,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(webalizer_t) nscd_socket_use(webalizer_t)
') ')
optional_policy(`cron',` optional_policy(`cron',`

View File

@ -55,7 +55,7 @@ interface(`bootloader_run',`
## Domain to not audit. ## Domain to not audit.
## </param> ## </param>
# #
interface(`bootloader_getattr_boot_dir',` interface(`bootloader_getattr_boot_dirs',`
gen_require(` gen_require(`
type boot_t; type boot_t;
') ')
@ -72,7 +72,7 @@ interface(`bootloader_getattr_boot_dir',`
## Domain to not audit. ## Domain to not audit.
## </param> ## </param>
# #
interface(`bootloader_dontaudit_getattr_boot_dir',` interface(`bootloader_dontaudit_getattr_boot_dirs',`
gen_require(` gen_require(`
type boot_t; type boot_t;
') ')
@ -261,7 +261,7 @@ interface(`bootloader_rw_config',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`bootloader_rw_tmp_file',` interface(`bootloader_rw_tmp_files',`
gen_require(` gen_require(`
type bootloader_tmp_t; type bootloader_tmp_t;
') ')

View File

@ -118,7 +118,7 @@ fs_getattr_xattr_fs(bootloader_t)
fs_read_tmpfs_symlinks(bootloader_t) fs_read_tmpfs_symlinks(bootloader_t)
term_getattr_all_user_ttys(bootloader_t) term_getattr_all_user_ttys(bootloader_t)
term_dontaudit_manage_pty_dir(bootloader_t) term_dontaudit_manage_pty_dirs(bootloader_t)
corecmd_exec_bin(bootloader_t) corecmd_exec_bin(bootloader_t)
corecmd_exec_sbin(bootloader_t) corecmd_exec_sbin(bootloader_t)
@ -137,13 +137,13 @@ files_read_var_files(bootloader_t)
files_dontaudit_search_pids(bootloader_t) files_dontaudit_search_pids(bootloader_t)
init_getattr_initctl(bootloader_t) init_getattr_initctl(bootloader_t)
init_use_script_pty(bootloader_t) init_use_script_ptys(bootloader_t)
init_use_script_fd(bootloader_t) init_use_script_fd(bootloader_t)
init_rw_script_pipe(bootloader_t) init_rw_script_pipes(bootloader_t)
libs_use_ld_so(bootloader_t) libs_use_ld_so(bootloader_t)
libs_use_shared_libs(bootloader_t) libs_use_shared_libs(bootloader_t)
libs_read_lib(bootloader_t) libs_read_lib_files(bootloader_t)
libs_exec_lib_files(bootloader_t) libs_exec_lib_files(bootloader_t)
logging_send_syslog_msg(bootloader_t) logging_send_syslog_msg(bootloader_t)
@ -151,8 +151,8 @@ logging_rw_generic_logs(bootloader_t)
miscfiles_read_localization(bootloader_t) miscfiles_read_localization(bootloader_t)
seutil_read_binary_pol(bootloader_t) seutil_read_bin_policy(bootloader_t)
seutil_read_loadpol(bootloader_t) seutil_read_loadpolicy(bootloader_t)
seutil_dontaudit_search_config(bootloader_t) seutil_dontaudit_search_config(bootloader_t)
ifdef(`distro_debian',` ifdef(`distro_debian',`
@ -195,8 +195,8 @@ ifdef(`distro_redhat',`
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_unallocated_tty(bootloader_t) term_use_unallocated_ttys(bootloader_t)
term_use_generic_pty(bootloader_t) term_use_generic_ptys(bootloader_t)
') ')
optional_policy(`fstools',` optional_policy(`fstools',`
@ -212,19 +212,19 @@ optional_policy(`lvm',`
optional_policy(`modutils',` optional_policy(`modutils',`
modutils_exec_insmod(bootloader_t) modutils_exec_insmod(bootloader_t)
modutils_read_mods_deps(bootloader_t) modutils_read_module_deps(bootloader_t)
modutils_read_module_conf(bootloader_t) modutils_read_module_config(bootloader_t)
modutils_exec_insmod(bootloader_t) modutils_exec_insmod(bootloader_t)
modutils_exec_depmod(bootloader_t) modutils_exec_depmod(bootloader_t)
modutils_exec_update_mods(bootloader_t) modutils_exec_update_mods(bootloader_t)
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(bootloader_t) nscd_socket_use(bootloader_t)
') ')
optional_policy(`rpm',` optional_policy(`rpm',`
rpm_rw_pipe(bootloader_t) rpm_rw_pipes(bootloader_t)
') ')
optional_policy(`userdomain',` optional_policy(`userdomain',`

View File

@ -84,7 +84,7 @@ interface(`corecmd_list_bin',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_getattr_bin_file',` interface(`corecmd_getattr_bin_files',`
gen_require(` gen_require(`
type bin_t; type bin_t;
') ')
@ -100,7 +100,7 @@ interface(`corecmd_getattr_bin_file',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_bin_file',` interface(`corecmd_read_bin_files',`
gen_require(` gen_require(`
type bin_t; type bin_t;
') ')
@ -117,7 +117,7 @@ interface(`corecmd_read_bin_file',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_bin_symlink',` interface(`corecmd_read_bin_symlinks',`
gen_require(` gen_require(`
type bin_t; type bin_t;
') ')
@ -134,7 +134,7 @@ interface(`corecmd_read_bin_symlink',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_bin_pipe',` interface(`corecmd_read_bin_pipes',`
gen_require(` gen_require(`
type bin_t; type bin_t;
') ')
@ -151,7 +151,7 @@ interface(`corecmd_read_bin_pipe',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_bin_socket',` interface(`corecmd_read_bin_sockets',`
gen_require(` gen_require(`
type bin_t; type bin_t;
') ')
@ -351,9 +351,9 @@ interface(`corecmd_list_sbin',`
######################################## ########################################
# #
# corecmd_getattr_sbin_file(domain) # corecmd_getattr_sbin_files(domain)
# #
interface(`corecmd_getattr_sbin_file',` interface(`corecmd_getattr_sbin_files',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
') ')
@ -363,9 +363,9 @@ interface(`corecmd_getattr_sbin_file',`
######################################## ########################################
# #
# corecmd_dontaudit_getattr_sbin_file(domain) # corecmd_dontaudit_getattr_sbin_files(domain)
# #
interface(`corecmd_dontaudit_getattr_sbin_file',` interface(`corecmd_dontaudit_getattr_sbin_files',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
') ')
@ -381,7 +381,7 @@ interface(`corecmd_dontaudit_getattr_sbin_file',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_sbin_file',` interface(`corecmd_read_sbin_files',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
') ')
@ -398,7 +398,7 @@ interface(`corecmd_read_sbin_file',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_sbin_symlink',` interface(`corecmd_read_sbin_symlinks',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
') ')
@ -415,7 +415,7 @@ interface(`corecmd_read_sbin_symlink',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_sbin_pipe',` interface(`corecmd_read_sbin_pipes',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
') ')
@ -432,7 +432,7 @@ interface(`corecmd_read_sbin_pipe',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`corecmd_read_sbin_socket',` interface(`corecmd_read_sbin_sockets',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
') ')

View File

@ -89,7 +89,7 @@ interface(`domain_type',`
# these 3 seem highly questionable: # these 3 seem highly questionable:
optional_policy(`rpm',` optional_policy(`rpm',`
rpm_use_fd($1) rpm_use_fd($1)
rpm_read_pipe($1) rpm_read_pipes($1)
') ')
optional_policy(`selinux',` optional_policy(`selinux',`
@ -161,7 +161,7 @@ interface(`domain_dyntrans_type',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`domain_system_change_exempt',` interface(`domain_system_change_exemption',`
gen_require(` gen_require(`
attribute can_system_change; attribute can_system_change;
') ')
@ -178,7 +178,7 @@ interface(`domain_system_change_exempt',`
## The process type to make an exception to the constraint. ## The process type to make an exception to the constraint.
## </param> ## </param>
# #
interface(`domain_subj_id_change_exempt',` interface(`domain_subj_id_change_exemption',`
gen_require(` gen_require(`
attribute can_change_process_identity; attribute can_change_process_identity;
') ')
@ -195,7 +195,7 @@ interface(`domain_subj_id_change_exempt',`
## The process type to make an exception to the constraint. ## The process type to make an exception to the constraint.
## </param> ## </param>
# #
interface(`domain_role_change_exempt',` interface(`domain_role_change_exemption',`
gen_require(` gen_require(`
attribute can_change_process_role; attribute can_change_process_role;
') ')
@ -212,7 +212,7 @@ interface(`domain_role_change_exempt',`
## The process type to make an exception to the constraint. ## The process type to make an exception to the constraint.
## </param> ## </param>
# #
interface(`domain_obj_id_change_exempt',` interface(`domain_obj_id_change_exemption',`
gen_require(` gen_require(`
attribute can_change_object_identity; attribute can_change_object_identity;
') ')
@ -678,7 +678,7 @@ interface(`domain_dontaudit_read_all_domains_state',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`domain_dontaudit_list_all_domains_proc',` interface(`domain_dontaudit_list_all_domains_state',`
gen_require(` gen_require(`
attribute domain; attribute domain;
') ')
@ -1048,7 +1048,7 @@ interface(`domain_mmap_all_entry_files',`
## </param> ## </param>
# #
# cjp: added for userhelper # cjp: added for userhelper
interface(`domain_entry_spec_domtrans',` interface(`domain_entry_file_spec_domtrans',`
gen_require(` gen_require(`
attribute entry_type; attribute entry_type;
') ')

View File

@ -730,7 +730,7 @@ interface(`files_relabel_all_files',`
allow $1 { file_type $2 }:chr_file { getattr relabelfrom }; allow $1 { file_type $2 }:chr_file { getattr relabelfrom };
# satisfy the assertions: # satisfy the assertions:
seutil_relabelto_binary_pol($1) seutil_relabelto_bin_policy($1)
') ')
######################################## ########################################
@ -758,7 +758,7 @@ interface(`files_manage_all_files',`
allow $1 { file_type $2 }:sock_file create_file_perms; allow $1 { file_type $2 }:sock_file create_file_perms;
# satisfy the assertions: # satisfy the assertions:
seutil_create_binary_pol($1) seutil_create_bin_policy($1)
bootloader_manage_kernel_modules($1) bootloader_manage_kernel_modules($1)
') ')

View File

@ -266,7 +266,7 @@ optional_policy(`nis',`
') ')
optional_policy(`portmap',` optional_policy(`portmap',`
portmap_udp_sendto(kernel_t) portmap_udp_send(kernel_t)
') ')
optional_policy(`rpc',` optional_policy(`rpc',`
@ -293,7 +293,7 @@ optional_policy(`rpc',`
rpc_manage_nfs_ro_content(kernel_t) rpc_manage_nfs_ro_content(kernel_t)
rpc_manage_nfs_rw_content(kernel_t) rpc_manage_nfs_rw_content(kernel_t)
rpc_udp_rw_nfs_sockets(kernel_t) rpc_udp_rw_nfs_sockets(kernel_t)
rpc_udp_sendto_nfs(kernel_t) rpc_udp_send_nfs(kernel_t)
tunable_policy(`nfs_export_all_ro',` tunable_policy(`nfs_export_all_ro',`
fs_list_noxattr_fs(kernel_t) fs_list_noxattr_fs(kernel_t)
@ -316,7 +316,7 @@ optional_policy(`rpc',`
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`
seutil_read_config(kernel_t) seutil_read_config(kernel_t)
seutil_read_binary_pol(kernel_t) seutil_read_bin_policy(kernel_t)
') ')
######################################## ########################################

View File

@ -9,7 +9,7 @@
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_getattr_fixed_disk',` interface(`storage_getattr_fixed_disk_dev',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
') ')
@ -27,7 +27,7 @@ interface(`storage_getattr_fixed_disk',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`storage_dontaudit_getattr_fixed_disk',` interface(`storage_dontaudit_getattr_fixed_disk_dev',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
') ')
@ -44,7 +44,7 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_setattr_fixed_disk',` interface(`storage_setattr_fixed_disk_dev',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
') ')
@ -62,7 +62,7 @@ interface(`storage_setattr_fixed_disk',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`storage_dontaudit_setattr_fixed_disk',` interface(`storage_dontaudit_setattr_fixed_disk_dev',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
') ')
@ -295,7 +295,7 @@ interface(`storage_raw_write_lvm_volume',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_getattr_scsi_generic',` interface(`storage_getattr_scsi_generic_dev',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
') ')
@ -313,7 +313,7 @@ interface(`storage_getattr_scsi_generic',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_setattr_scsi_generic',` interface(`storage_setattr_scsi_generic_dev',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
') ')
@ -377,7 +377,7 @@ interface(`storage_write_scsi_generic',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_set_scsi_generic_attributes',` interface(`storage_setattr_scsi_generic_dev_dev',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
') ')
@ -412,7 +412,7 @@ interface(`storage_dontaudit_rw_scsi_generic',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_getattr_removable_device',` interface(`storage_getattr_removable_dev',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
') ')
@ -430,7 +430,7 @@ interface(`storage_getattr_removable_device',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`storage_dontaudit_getattr_removable_device',` interface(`storage_dontaudit_getattr_removable_dev',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
') ')
@ -465,7 +465,7 @@ interface(`storage_dontaudit_read_removable_device',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_setattr_removable_device',` interface(`storage_setattr_removable_dev',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
') ')
@ -483,7 +483,7 @@ interface(`storage_setattr_removable_device',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`storage_dontaudit_setattr_removable_device',` interface(`storage_dontaudit_setattr_removable_dev',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
') ')
@ -574,7 +574,7 @@ interface(`storage_dontaudit_raw_write_removable_device',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_read_tape_device',` interface(`storage_read_tape',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
') ')
@ -592,7 +592,7 @@ interface(`storage_read_tape_device',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_write_tape_device',` interface(`storage_write_tape',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
') ')
@ -610,7 +610,7 @@ interface(`storage_write_tape_device',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_getattr_tape_device',` interface(`storage_getattr_tape_dev',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
') ')
@ -628,7 +628,7 @@ interface(`storage_getattr_tape_device',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`storage_setattr_tape_device',` interface(`storage_setattr_tape_dev',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
') ')

View File

@ -237,7 +237,7 @@ interface(`term_setattr_console',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`term_dontaudit_getattr_pty_dir',` interface(`term_dontaudit_getattr_pty_dirs',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
') ')
@ -324,7 +324,7 @@ interface(`term_dontaudit_list_ptys',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`term_dontaudit_manage_pty_dir',` interface(`term_dontaudit_manage_pty_dirs',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
') ')
@ -341,7 +341,7 @@ interface(`term_dontaudit_manage_pty_dir',`
## </param> ## </param>
# #
# cjp: added for ppp # cjp: added for ppp
interface(`term_ioctl_generic_pty',` interface(`term_ioctl_generic_ptys',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
') ')
@ -361,7 +361,7 @@ interface(`term_ioctl_generic_pty',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`term_use_generic_pty',` interface(`term_use_generic_ptys',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
') ')
@ -381,7 +381,7 @@ interface(`term_use_generic_pty',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`term_dontaudit_use_generic_pty',` interface(`term_dontaudit_use_generic_ptys',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
') ')
@ -703,7 +703,7 @@ interface(`term_write_unallocated_ttys',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`term_use_unallocated_tty',` interface(`term_use_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
') ')
@ -721,7 +721,7 @@ interface(`term_use_unallocated_tty',`
## The type of the process to not audit. ## The type of the process to not audit.
## </param> ## </param>
# #
interface(`term_dontaudit_use_unallocated_tty',` interface(`term_dontaudit_use_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
') ')

View File

@ -176,7 +176,7 @@ template(`apache_content_template',`
files_read_etc_runtime_files(httpd_$1_script_t) files_read_etc_runtime_files(httpd_$1_script_t)
files_read_usr_files(httpd_$1_script_t) files_read_usr_files(httpd_$1_script_t)
libs_read_lib(httpd_$1_script_t) libs_read_lib_files(httpd_$1_script_t)
miscfiles_read_localization(httpd_$1_script_t) miscfiles_read_localization(httpd_$1_script_t)
@ -226,7 +226,7 @@ template(`apache_content_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(httpd_$1_script_t) nscd_socket_use(httpd_$1_script_t)
') ')
') ')
@ -400,7 +400,7 @@ interface(`apache_use_fd',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`apache_dontaudit_rw_stream_socket',` interface(`apache_dontaudit_rw_stream_sockets',`
gen_require(` gen_require(`
type httpd_t; type httpd_t;
') ')
@ -417,7 +417,7 @@ interface(`apache_dontaudit_rw_stream_socket',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`apache_dontaudit_rw_tcp_socket',` interface(`apache_dontaudit_rw_tcp_sockets',`
gen_require(` gen_require(`
type httpd_t; type httpd_t;
') ')
@ -642,7 +642,7 @@ interface(`apache_domtrans_sys_script',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`apache_dontaudit_rw_sys_script_stream_socket',` interface(`apache_dontaudit_rw_sys_script_stream_sockets',`
gen_require(` gen_require(`
type httpd_sys_script_t; type httpd_sys_script_t;
') ')

View File

@ -263,11 +263,11 @@ files_read_etc_files(httpd_t)
files_read_var_lib_symlinks(httpd_t) files_read_var_lib_symlinks(httpd_t)
init_use_fd(httpd_t) init_use_fd(httpd_t)
init_use_script_pty(httpd_t) init_use_script_ptys(httpd_t)
libs_use_ld_so(httpd_t) libs_use_ld_so(httpd_t)
libs_use_shared_libs(httpd_t) libs_use_shared_libs(httpd_t)
libs_read_lib(httpd_t) libs_read_lib_files(httpd_t)
logging_send_syslog_msg(httpd_t) logging_send_syslog_msg(httpd_t)
@ -287,8 +287,8 @@ userdom_dontaudit_search_sysadm_home_dir(httpd_t)
mta_send_mail(httpd_t) mta_send_mail(httpd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(httpd_t) term_dontaudit_use_unallocated_ttys(httpd_t)
term_dontaudit_use_generic_pty(httpd_t) term_dontaudit_use_generic_ptys(httpd_t)
files_dontaudit_read_root_files(httpd_t) files_dontaudit_read_root_files(httpd_t)
tunable_policy(`httpd_enable_homedirs',` tunable_policy(`httpd_enable_homedirs',`
@ -413,16 +413,16 @@ optional_policy(`mailman',`
optional_policy(`mysql',` optional_policy(`mysql',`
mysql_stream_connect(httpd_t) mysql_stream_connect(httpd_t)
mysql_rw_db_socket(httpd_t) mysql_rw_db_sockets(httpd_t)
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(httpd_t) nscd_socket_use(httpd_t)
') ')
optional_policy(`postgresql',` optional_policy(`postgresql',`
# Allow httpd to work with postgresql # Allow httpd to work with postgresql
postgresql_unix_connect(httpd_t) postgresql_stream_connect(httpd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`
@ -645,7 +645,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(httpd_suexec_t) nscd_socket_use(httpd_suexec_t)
') ')
######################################## ########################################
@ -680,7 +680,7 @@ ifdef(`targeted_policy',`
optional_policy(`mysql',` optional_policy(`mysql',`
mysql_stream_connect(httpd_sys_script_t) mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_socket(httpd_sys_script_t) mysql_rw_db_sockets(httpd_sys_script_t)
') ')
######################################## ########################################
@ -695,5 +695,5 @@ optional_policy(`cron',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(httpd_unconfined_script_t) nscd_socket_use(httpd_unconfined_script_t)
') ')

View File

@ -46,7 +46,7 @@ interface(`apm_use_fd',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`apm_write_pipe',` interface(`apm_write_pipes',`
gen_require(` gen_require(`
type apmd_t; type apmd_t;
') ')
@ -62,7 +62,7 @@ interface(`apm_write_pipe',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`apm_rw_stream_socket',` interface(`apm_rw_stream_sockets',`
gen_require(` gen_require(`
type apmd_t; type apmd_t;
') ')

View File

@ -115,7 +115,7 @@ domain_read_all_domains_state(apmd_t)
domain_use_wide_inherit_fd(apmd_t) domain_use_wide_inherit_fd(apmd_t)
domain_dontaudit_getattr_all_sockets(apmd_t) domain_dontaudit_getattr_all_sockets(apmd_t)
domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive? domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive?
domain_dontaudit_list_all_domains_proc(apmd_t) # Excessive? domain_dontaudit_list_all_domains_state(apmd_t) # Excessive?
files_exec_etc_files(apmd_t) files_exec_etc_files(apmd_t)
files_read_etc_runtime_files(apmd_t) files_read_etc_runtime_files(apmd_t)
@ -126,7 +126,7 @@ files_dontaudit_getattr_all_sockets(apmd_t) # Excessive?
init_domtrans_script(apmd_t) init_domtrans_script(apmd_t)
init_use_fd(apmd_t) init_use_fd(apmd_t)
init_use_script_pty(apmd_t) init_use_script_ptys(apmd_t)
init_rw_utmp(apmd_t) init_rw_utmp(apmd_t)
init_write_initctl(apmd_t) init_write_initctl(apmd_t)
@ -141,7 +141,7 @@ miscfiles_read_localization(apmd_t)
miscfiles_read_hwdata(apmd_t) miscfiles_read_hwdata(apmd_t)
modutils_domtrans_insmod(apmd_t) modutils_domtrans_insmod(apmd_t)
modutils_read_module_conf(apmd_t) modutils_read_module_config(apmd_t)
seutil_dontaudit_read_config(apmd_t) seutil_dontaudit_read_config(apmd_t)
@ -180,8 +180,8 @@ ifdef(`distro_suse',`
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(apmd_t) term_dontaudit_use_unallocated_ttys(apmd_t)
term_dontaudit_use_generic_pty(apmd_t) term_dontaudit_use_generic_ptys(apmd_t)
files_dontaudit_read_root_files(apmd_t) files_dontaudit_read_root_files(apmd_t)
unconfined_domain_template(apmd_t) unconfined_domain_template(apmd_t)
') ')
@ -197,7 +197,7 @@ optional_policy(`clock',`
optional_policy(`cron',` optional_policy(`cron',`
cron_system_entry(apmd_t, apmd_exec_t) cron_system_entry(apmd_t, apmd_exec_t)
cron_domtrans_anacron_system_job(apmd_t) cron_anacron_domtrans_system_job(apmd_t)
') ')
optional_policy(`dbus',` optional_policy(`dbus',`
@ -217,7 +217,7 @@ optional_policy(`mta',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(apmd_t) nscd_socket_use(apmd_t)
') ')
optional_policy(`pcmcia',` optional_policy(`pcmcia',`

View File

@ -74,7 +74,7 @@ interface(`arpwatch_manage_tmp_files',`
## Domain to not audit. ## Domain to not audit.
## </param> ## </param>
# #
interface(`arpwatch_dontaudit_rw_packet_socket',` interface(`arpwatch_dontaudit_rw_packet_sockets',`
gen_require(` gen_require(`
type arpwatch_t; type arpwatch_t;
') ')

View File

@ -68,7 +68,7 @@ fs_search_auto_mountpoints(arpwatch_t)
term_dontaudit_use_console(arpwatch_t) term_dontaudit_use_console(arpwatch_t)
corecmd_read_sbin_symlink(arpwatch_t) corecmd_read_sbin_symlinks(arpwatch_t)
domain_use_wide_inherit_fd(arpwatch_t) domain_use_wide_inherit_fd(arpwatch_t)
@ -77,7 +77,7 @@ files_read_usr_files(arpwatch_t)
files_search_var_lib(arpwatch_t) files_search_var_lib(arpwatch_t)
init_use_fd(arpwatch_t) init_use_fd(arpwatch_t)
init_use_script_pty(arpwatch_t) init_use_script_ptys(arpwatch_t)
libs_use_ld_so(arpwatch_t) libs_use_ld_so(arpwatch_t)
libs_use_shared_libs(arpwatch_t) libs_use_shared_libs(arpwatch_t)
@ -94,8 +94,8 @@ userdom_dontaudit_search_sysadm_home_dir(arpwatch_t)
mta_send_mail(arpwatch_t) mta_send_mail(arpwatch_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(arpwatch_t) term_dontaudit_use_unallocated_ttys(arpwatch_t)
term_dontaudit_use_generic_pty(arpwatch_t) term_dontaudit_use_generic_ptys(arpwatch_t)
files_dontaudit_read_root_files(arpwatch_t) files_dontaudit_read_root_files(arpwatch_t)
') ')

View File

@ -63,7 +63,7 @@ kernel_read_proc_symlinks(automount_t)
kernel_read_system_state(automount_t) kernel_read_system_state(automount_t)
kernel_list_proc(automount_t) kernel_list_proc(automount_t)
bootloader_getattr_boot_dir(automount_t) bootloader_getattr_boot_dirs(automount_t)
corecmd_exec_sbin(automount_t) corecmd_exec_sbin(automount_t)
corecmd_exec_bin(automount_t) corecmd_exec_bin(automount_t)
@ -108,10 +108,10 @@ fs_search_auto_mountpoints(automount_t)
fs_manage_auto_mountpoints(automount_t) fs_manage_auto_mountpoints(automount_t)
term_dontaudit_use_console(automount_t) term_dontaudit_use_console(automount_t)
term_dontaudit_getattr_pty_dir(automount_t) term_dontaudit_getattr_pty_dirs(automount_t)
init_use_fd(automount_t) init_use_fd(automount_t)
init_use_script_pty(automount_t) init_use_script_ptys(automount_t)
libs_use_ld_so(automount_t) libs_use_ld_so(automount_t)
libs_use_shared_libs(automount_t) libs_use_shared_libs(automount_t)
@ -133,8 +133,8 @@ userdom_dontaudit_search_sysadm_home_dir(automount_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
files_dontaudit_read_root_files(automount_t) files_dontaudit_read_root_files(automount_t)
term_dontaudit_use_unallocated_tty(automount_t) term_dontaudit_use_unallocated_ttys(automount_t)
term_dontaudit_use_generic_pty(automount_t) term_dontaudit_use_generic_ptys(automount_t)
') ')
optional_policy(`apm',` optional_policy(`apm',`

View File

@ -65,7 +65,7 @@ domain_use_wide_inherit_fd(avahi_t)
files_read_etc_files(avahi_t) files_read_etc_files(avahi_t)
init_use_fd(avahi_t) init_use_fd(avahi_t)
init_use_script_pty(avahi_t) init_use_script_ptys(avahi_t)
init_signal_script(avahi_t) init_signal_script(avahi_t)
init_signull_script(avahi_t) init_signull_script(avahi_t)
@ -82,15 +82,15 @@ userdom_dontaudit_use_unpriv_user_fd(avahi_t)
userdom_dontaudit_search_sysadm_home_dir(avahi_t) userdom_dontaudit_search_sysadm_home_dir(avahi_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(avahi_t) term_dontaudit_use_unallocated_ttys(avahi_t)
term_dontaudit_use_generic_pty(avahi_t) term_dontaudit_use_generic_ptys(avahi_t)
files_dontaudit_read_root_files(avahi_t) files_dontaudit_read_root_files(avahi_t)
') ')
optional_policy(`dbus',` optional_policy(`dbus',`
dbus_system_bus_client_template(avahi,avahi_t) dbus_system_bus_client_template(avahi,avahi_t)
dbus_connect_system_bus(avahi_t) dbus_connect_system_bus(avahi_t)
dbus_send_system_bus_msg(avahi_t) dbus_send_system_bus(avahi_t)
') ')
optional_policy(`nis',` optional_policy(`nis',`

View File

@ -143,7 +143,7 @@ interface(`bind_write_config',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`bind_manage_config_dir',` interface(`bind_manage_config_dirs',`
gen_require(` gen_require(`
type named_conf_t; type named_conf_t;
') ')
@ -200,7 +200,7 @@ interface(`bind_manage_cache',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`bind_setattr_pid_dir',` interface(`bind_setattr_pid_dirs',`
gen_require(` gen_require(`
type named_var_run_t; type named_var_run_t;
') ')

View File

@ -131,7 +131,7 @@ files_read_etc_files(named_t)
files_read_etc_runtime_files(named_t) files_read_etc_runtime_files(named_t)
init_use_fd(named_t) init_use_fd(named_t)
init_use_script_pty(named_t) init_use_script_ptys(named_t)
libs_use_ld_so(named_t) libs_use_ld_so(named_t)
libs_use_shared_libs(named_t) libs_use_shared_libs(named_t)
@ -146,8 +146,8 @@ userdom_dontaudit_use_unpriv_user_fd(named_t)
userdom_dontaudit_search_sysadm_home_dir(named_t) userdom_dontaudit_search_sysadm_home_dir(named_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(named_t) term_dontaudit_use_unallocated_ttys(named_t)
term_dontaudit_use_generic_pty(named_t) term_dontaudit_use_generic_ptys(named_t)
files_dontaudit_read_root_files(named_t) files_dontaudit_read_root_files(named_t)
') ')
@ -170,7 +170,7 @@ optional_policy(`dbus',`
dbus_system_bus_client_template(named,named_t) dbus_system_bus_client_template(named,named_t)
dbus_connect_system_bus(named_t) dbus_connect_system_bus(named_t)
dbus_send_system_bus_msg(named_t) dbus_send_system_bus(named_t)
optional_policy(`networkmanager',` optional_policy(`networkmanager',`
networkmanager_dbus_chat(named_t) networkmanager_dbus_chat(named_t)
@ -185,9 +185,9 @@ optional_policy(`networkmanager',`
# this seems like fds that arent being # this seems like fds that arent being
# closed. these should probably be # closed. these should probably be
# dontaudits instead. # dontaudits instead.
networkmanager_rw_udp_socket(named_t) networkmanager_rw_udp_sockets(named_t)
networkmanager_rw_packet_socket(named_t) networkmanager_rw_packet_sockets(named_t)
networkmanager_rw_routing_socket(named_t) networkmanager_rw_routing_sockets(named_t)
') ')
optional_policy(`nis',` optional_policy(`nis',`
@ -195,7 +195,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(named_t) nscd_socket_use(named_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`
@ -256,7 +256,7 @@ files_read_etc_files(ndc_t)
files_search_pids(ndc_t) files_search_pids(ndc_t)
init_use_fd(ndc_t) init_use_fd(ndc_t)
init_use_script_pty(ndc_t) init_use_script_ptys(ndc_t)
libs_use_ld_so(ndc_t) libs_use_ld_so(ndc_t)
libs_use_shared_libs(ndc_t) libs_use_shared_libs(ndc_t)
@ -276,8 +276,8 @@ ifdef(`distro_redhat',`
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
kernel_dontaudit_read_unlabeled_files(ndc_t) kernel_dontaudit_read_unlabeled_files(ndc_t)
term_use_unallocated_tty(ndc_t) term_use_unallocated_ttys(ndc_t)
term_use_generic_pty(ndc_t) term_use_generic_ptys(ndc_t)
') ')
optional_policy(`nis',` optional_policy(`nis',`
@ -285,7 +285,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(ndc_t) nscd_socket_use(ndc_t)
') ')
optional_policy(`ppp',` optional_policy(`ppp',`

View File

@ -108,7 +108,7 @@ fs_search_auto_mountpoints(bluetooth_t)
term_dontaudit_use_console(bluetooth_t) term_dontaudit_use_console(bluetooth_t)
#Handle bluetooth serial devices #Handle bluetooth serial devices
term_use_unallocated_tty(bluetooth_t) term_use_unallocated_ttys(bluetooth_t)
corecmd_exec_bin(bluetooth_t) corecmd_exec_bin(bluetooth_t)
corecmd_exec_shell(bluetooth_t) corecmd_exec_shell(bluetooth_t)
@ -120,7 +120,7 @@ files_read_etc_runtime_files(bluetooth_t)
files_read_usr_files(bluetooth_t) files_read_usr_files(bluetooth_t)
init_use_fd(bluetooth_t) init_use_fd(bluetooth_t)
init_use_script_pty(bluetooth_t) init_use_script_ptys(bluetooth_t)
libs_use_ld_so(bluetooth_t) libs_use_ld_so(bluetooth_t)
libs_use_shared_libs(bluetooth_t) libs_use_shared_libs(bluetooth_t)
@ -133,18 +133,18 @@ miscfiles_read_fonts(bluetooth_t)
sysnet_read_config(bluetooth_t) sysnet_read_config(bluetooth_t)
userdom_dontaudit_use_unpriv_user_fd(bluetooth_t) userdom_dontaudit_use_unpriv_user_fd(bluetooth_t)
userdom_dontaudit_use_sysadm_pty(bluetooth_t) userdom_dontaudit_use_sysadm_ptys(bluetooth_t)
userdom_dontaudit_search_sysadm_home_dir(bluetooth_t) userdom_dontaudit_search_sysadm_home_dir(bluetooth_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(bluetooth_t) term_dontaudit_use_unallocated_ttys(bluetooth_t)
term_dontaudit_use_generic_pty(bluetooth_t) term_dontaudit_use_generic_ptys(bluetooth_t)
files_dontaudit_read_root_files(bluetooth_t) files_dontaudit_read_root_files(bluetooth_t)
') ')
optional_policy(`dbus',` optional_policy(`dbus',`
dbus_system_bus_client_template(bluetooth,bluetooth_t) dbus_system_bus_client_template(bluetooth,bluetooth_t)
dbus_send_system_bus_msg(bluetooth_t) dbus_send_system_bus(bluetooth_t)
') ')
optional_policy(`nis',` optional_policy(`nis',`
@ -204,7 +204,7 @@ miscfiles_read_fonts(bluetooth_helper_t)
userdom_search_all_users_home(bluetooth_helper_t) userdom_search_all_users_home(bluetooth_helper_t)
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(bluetooth_helper_t) nscd_socket_use(bluetooth_helper_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`

View File

@ -73,7 +73,7 @@ files_search_tmp(canna_t)
files_dontaudit_read_root_files(canna_t) files_dontaudit_read_root_files(canna_t)
init_use_fd(canna_t) init_use_fd(canna_t)
init_use_script_pty(canna_t) init_use_script_ptys(canna_t)
libs_use_ld_so(canna_t) libs_use_ld_so(canna_t)
libs_use_shared_libs(canna_t) libs_use_shared_libs(canna_t)
@ -88,8 +88,8 @@ userdom_dontaudit_use_unpriv_user_fd(canna_t)
userdom_dontaudit_search_sysadm_home_dir(canna_t) userdom_dontaudit_search_sysadm_home_dir(canna_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(canna_t) term_dontaudit_use_unallocated_ttys(canna_t)
term_dontaudit_use_generic_pty(canna_t) term_dontaudit_use_generic_ptys(canna_t)
files_dontaudit_read_root_files(canna_t) files_dontaudit_read_root_files(canna_t)
') ')

View File

@ -76,7 +76,7 @@ miscfiles_read_localization(comsat_t)
sysnet_read_config(comsat_t) sysnet_read_config(comsat_t)
userdom_dontaudit_getattr_sysadm_tty(comsat_t) userdom_dontaudit_getattr_sysadm_ttys(comsat_t)
mta_getattr_spool(comsat_t) mta_getattr_spool(comsat_t)
@ -89,7 +89,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(comsat_t) nscd_socket_use(comsat_t)
') ')

View File

@ -46,7 +46,7 @@ domain_use_wide_inherit_fd(cpucontrol_t)
files_list_usr(cpucontrol_t) files_list_usr(cpucontrol_t)
init_use_fd(cpucontrol_t) init_use_fd(cpucontrol_t)
init_use_script_pty(cpucontrol_t) init_use_script_ptys(cpucontrol_t)
libs_use_ld_so(cpucontrol_t) libs_use_ld_so(cpucontrol_t)
libs_use_shared_libs(cpucontrol_t) libs_use_shared_libs(cpucontrol_t)
@ -56,13 +56,13 @@ logging_send_syslog_msg(cpucontrol_t)
userdom_dontaudit_use_unpriv_user_fd(cpucontrol_t) userdom_dontaudit_use_unpriv_user_fd(cpucontrol_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cpucontrol_t) term_dontaudit_use_unallocated_ttys(cpucontrol_t)
term_dontaudit_use_generic_pty(cpucontrol_t) term_dontaudit_use_generic_ptys(cpucontrol_t)
files_dontaudit_read_root_files(cpucontrol_t) files_dontaudit_read_root_files(cpucontrol_t)
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(cpucontrol_t) nscd_socket_use(cpucontrol_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`
@ -98,7 +98,7 @@ files_read_etc_runtime_files(cpuspeed_t)
files_list_usr(cpuspeed_t) files_list_usr(cpuspeed_t)
init_use_fd(cpuspeed_t) init_use_fd(cpuspeed_t)
init_use_script_pty(cpuspeed_t) init_use_script_ptys(cpuspeed_t)
libs_use_ld_so(cpuspeed_t) libs_use_ld_so(cpuspeed_t)
libs_use_shared_libs(cpuspeed_t) libs_use_shared_libs(cpuspeed_t)
@ -110,13 +110,13 @@ miscfiles_read_localization(cpuspeed_t)
userdom_dontaudit_use_unpriv_user_fd(cpuspeed_t) userdom_dontaudit_use_unpriv_user_fd(cpuspeed_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cpuspeed_t) term_dontaudit_use_unallocated_ttys(cpuspeed_t)
term_dontaudit_use_generic_pty(cpuspeed_t) term_dontaudit_use_generic_ptys(cpuspeed_t)
files_dontaudit_read_root_files(cpuspeed_t) files_dontaudit_read_root_files(cpuspeed_t)
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(cpuspeed_t) nscd_socket_use(cpuspeed_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -370,7 +370,7 @@ interface(`cron_sigchld',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`cron_read_pipe',` interface(`cron_read_pipes',`
gen_require(` gen_require(`
type crond_t; type crond_t;
') ')
@ -386,7 +386,7 @@ interface(`cron_read_pipe',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`cron_dontaudit_write_pipe',` interface(`cron_dontaudit_write_pipes',`
gen_require(` gen_require(`
type crond_t; type crond_t;
') ')
@ -402,7 +402,7 @@ interface(`cron_dontaudit_write_pipe',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`cron_rw_pipe',` interface(`cron_rw_pipes',`
gen_require(` gen_require(`
type crond_t; type crond_t;
') ')
@ -452,7 +452,7 @@ interface(`cron_search_spool',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`cron_domtrans_anacron_system_job',` interface(`cron_anacron_domtrans_system_job',`
gen_require(` gen_require(`
type system_crond_t, anacron_exec_t; type system_crond_t, anacron_exec_t;
') ')
@ -490,7 +490,7 @@ interface(`cron_use_system_job_fd',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`cron_write_system_job_pipe',` interface(`cron_write_system_job_pipes',`
gen_require(` gen_require(`
type system_crond_t; type system_crond_t;
') ')
@ -506,7 +506,7 @@ interface(`cron_write_system_job_pipe',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`cron_rw_system_job_pipe',` interface(`cron_rw_system_job_pipes',`
gen_require(` gen_require(`
type system_crond_t; type system_crond_t;
') ')

View File

@ -119,7 +119,7 @@ files_search_var_lib(crond_t)
files_search_default(crond_t) files_search_default(crond_t)
init_use_fd(crond_t) init_use_fd(crond_t)
init_use_script_pty(crond_t) init_use_script_ptys(crond_t)
init_rw_utmp(crond_t) init_rw_utmp(crond_t)
libs_use_ld_so(crond_t) libs_use_ld_so(crond_t)
@ -184,17 +184,17 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(crond_t) nscd_socket_use(crond_t)
') ')
optional_policy(`rpm',` optional_policy(`rpm',`
# Commonly used from postinst scripts # Commonly used from postinst scripts
rpm_read_pipe(crond_t) rpm_read_pipes(crond_t)
') ')
optional_policy(`postgresql',` optional_policy(`postgresql',`
# allow crond to find /usr/lib/postgresql/bin/do.maintenance # allow crond to find /usr/lib/postgresql/bin/do.maintenance
postgresql_search_db_dir(crond_t) postgresql_search_db(crond_t)
') ')
optional_policy(`udev',` optional_policy(`udev',`
@ -330,7 +330,7 @@ ifdef(`targeted_policy',`
init_use_fd(system_crond_t) init_use_fd(system_crond_t)
init_use_script_fd(system_crond_t) init_use_script_fd(system_crond_t)
init_use_script_pty(system_crond_t) init_use_script_ptys(system_crond_t)
init_read_utmp(system_crond_t) init_read_utmp(system_crond_t)
init_dontaudit_rw_utmp(system_crond_t) init_dontaudit_rw_utmp(system_crond_t)
# prelink tells init to restart it self, we either need to allow or dontaudit # prelink tells init to restart it self, we either need to allow or dontaudit
@ -398,7 +398,7 @@ ifdef(`targeted_policy',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(system_crond_t) nscd_socket_use(system_crond_t)
') ')
optional_policy(`prelink',` optional_policy(`prelink',`

View File

@ -171,13 +171,13 @@ files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t) files_read_world_readable_symlinks(cupsd_t)
init_use_fd(cupsd_t) init_use_fd(cupsd_t)
init_use_script_pty(cupsd_t) init_use_script_ptys(cupsd_t)
init_exec_script(cupsd_t) init_exec_script(cupsd_t)
libs_use_ld_so(cupsd_t) libs_use_ld_so(cupsd_t)
libs_use_shared_libs(cupsd_t) libs_use_shared_libs(cupsd_t)
# Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.* # Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.*
libs_read_lib(cupsd_t) libs_read_lib_files(cupsd_t)
logging_send_syslog_msg(cupsd_t) logging_send_syslog_msg(cupsd_t)
@ -196,8 +196,8 @@ userdom_dontaudit_search_all_users_home(cupsd_t)
lpd_manage_spool(cupsd_t) lpd_manage_spool(cupsd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cupsd_t) term_dontaudit_use_unallocated_ttys(cupsd_t)
term_dontaudit_use_generic_pty(cupsd_t) term_dontaudit_use_generic_ptys(cupsd_t)
files_dontaudit_read_root_files(cupsd_t) files_dontaudit_read_root_files(cupsd_t)
') ')
@ -207,7 +207,7 @@ optional_policy(`cron',`
optional_policy(`dbus',` optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd,cupsd_t) dbus_system_bus_client_template(cupsd,cupsd_t)
dbus_send_system_bus_msg(cupsd_t) dbus_send_system_bus(cupsd_t)
userdom_dbus_send_all_users(cupsd_t) userdom_dbus_send_all_users(cupsd_t)
@ -229,11 +229,11 @@ optional_policy(`mount',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(cupsd_t) nscd_socket_use(cupsd_t)
') ')
optional_policy(`portmap',` optional_policy(`portmap',`
portmap_udp_sendrecv(cupsd_t) portmap_udp_chat(cupsd_t)
') ')
optional_policy(`samba',` optional_policy(`samba',`
@ -333,7 +333,7 @@ files_read_etc_files(ptal_t)
files_read_etc_runtime_files(ptal_t) files_read_etc_runtime_files(ptal_t)
init_use_fd(ptal_t) init_use_fd(ptal_t)
init_use_script_pty(ptal_t) init_use_script_ptys(ptal_t)
libs_use_ld_so(ptal_t) libs_use_ld_so(ptal_t)
libs_use_shared_libs(ptal_t) libs_use_shared_libs(ptal_t)
@ -348,8 +348,8 @@ userdom_dontaudit_use_unpriv_user_fd(ptal_t)
userdom_dontaudit_search_all_users_home(ptal_t) userdom_dontaudit_search_all_users_home(ptal_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ptal_t) term_dontaudit_use_unallocated_ttys(ptal_t)
term_dontaudit_use_generic_pty(ptal_t) term_dontaudit_use_generic_ptys(ptal_t)
files_dontaudit_read_root_files(ptal_t) files_dontaudit_read_root_files(ptal_t)
') ')
@ -430,7 +430,7 @@ files_read_etc_runtime_files(hplip_t)
files_read_usr_files(hplip_t) files_read_usr_files(hplip_t)
init_use_fd(hplip_t) init_use_fd(hplip_t)
init_use_script_pty(hplip_t) init_use_script_ptys(hplip_t)
libs_use_ld_so(hplip_t) libs_use_ld_so(hplip_t)
libs_use_shared_libs(hplip_t) libs_use_shared_libs(hplip_t)
@ -447,8 +447,8 @@ userdom_dontaudit_search_sysadm_home_dir(hplip_t)
lpd_read_config(cupsd_t) lpd_read_config(cupsd_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(hplip_t) term_dontaudit_use_unallocated_ttys(hplip_t)
term_dontaudit_use_generic_pty(hplip_t) term_dontaudit_use_generic_ptys(hplip_t)
files_dontaudit_read_root_files(hplip_t) files_dontaudit_read_root_files(hplip_t)
') ')
@ -549,7 +549,7 @@ files_read_etc_files(cupsd_config_t)
files_read_etc_runtime_files(cupsd_config_t) files_read_etc_runtime_files(cupsd_config_t)
init_use_fd(cupsd_config_t) init_use_fd(cupsd_config_t)
init_use_script_pty(cupsd_config_t) init_use_script_ptys(cupsd_config_t)
libs_use_ld_so(cupsd_config_t) libs_use_ld_so(cupsd_config_t)
libs_use_shared_libs(cupsd_config_t) libs_use_shared_libs(cupsd_config_t)
@ -574,8 +574,8 @@ ifdef(`distro_redhat',`
') ')
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(cupsd_config_t) term_dontaudit_use_unallocated_ttys(cupsd_config_t)
term_dontaudit_use_generic_pty(cupsd_config_t) term_dontaudit_use_generic_ptys(cupsd_config_t)
files_dontaudit_read_root_files(cupsd_config_t) files_dontaudit_read_root_files(cupsd_config_t)
') ')
@ -586,7 +586,7 @@ optional_policy(`cron',`
optional_policy(`dbus',` optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd_config,cupsd_config_t) dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
dbus_connect_system_bus(cupsd_config_t) dbus_connect_system_bus(cupsd_config_t)
dbus_send_system_bus_msg(cupsd_config_t) dbus_send_system_bus(cupsd_config_t)
optional_policy(`hal',` optional_policy(`hal',`
hal_dbus_chat(cupsd_config_t) hal_dbus_chat(cupsd_config_t)
@ -610,7 +610,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(cupsd_config_t) nscd_socket_use(cupsd_config_t)
') ')
optional_policy(`rpm',` optional_policy(`rpm',`
@ -633,9 +633,9 @@ allow cupsd_config_t printconf_t:file { getattr read };
allow cupsd_config_t initrc_exec_t:file getattr; allow cupsd_config_t initrc_exec_t:file getattr;
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
init_unix_connect_script(cupsd_t) init_stream_connect_script(cupsd_t)
unconfined_read_pipe(cupsd_t) unconfined_read_pipes(cupsd_t)
optional_policy(`dbus',` optional_policy(`dbus',`
init_dbus_chat_script(cupsd_t) init_dbus_chat_script(cupsd_t)
@ -647,9 +647,9 @@ ifdef(`targeted_policy', `
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_generic_pty(cupsd_config_t) term_use_generic_ptys(cupsd_config_t)
unconfined_read_pipe(cupsd_config_t) unconfined_read_pipes(cupsd_config_t)
') ')
######################################## ########################################
@ -725,5 +725,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(cupsd_lpd_t) nscd_socket_use(cupsd_lpd_t)
') ')

View File

@ -104,5 +104,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(cvs_t) nscd_socket_use(cvs_t)
') ')

View File

@ -92,7 +92,7 @@ files_read_etc_files(cyrus_t)
files_read_etc_runtime_files(cyrus_t) files_read_etc_runtime_files(cyrus_t)
init_use_fd(cyrus_t) init_use_fd(cyrus_t)
init_use_script_pty(cyrus_t) init_use_script_ptys(cyrus_t)
libs_use_ld_so(cyrus_t) libs_use_ld_so(cyrus_t)
libs_use_shared_libs(cyrus_t) libs_use_shared_libs(cyrus_t)
@ -108,13 +108,13 @@ sysnet_read_config(cyrus_t)
userdom_dontaudit_use_unpriv_user_fd(cyrus_t) userdom_dontaudit_use_unpriv_user_fd(cyrus_t)
userdom_dontaudit_search_sysadm_home_dir(cyrus_t) userdom_dontaudit_search_sysadm_home_dir(cyrus_t)
userdom_use_unpriv_users_fd(cyrus_t) userdom_use_unpriv_users_fd(cyrus_t)
userdom_use_sysadm_pty(cyrus_t) userdom_use_sysadm_ptys(cyrus_t)
mta_manage_spool(cyrus_t) mta_manage_spool(cyrus_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cyrus_t) term_dontaudit_use_unallocated_ttys(cyrus_t)
term_dontaudit_use_generic_pty(cyrus_t) term_dontaudit_use_generic_ptys(cyrus_t)
files_dontaudit_read_root_files(cyrus_t) files_dontaudit_read_root_files(cyrus_t)
') ')

View File

@ -81,5 +81,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(dbskkd_t) nscd_socket_use(dbskkd_t)
') ')

View File

@ -121,15 +121,15 @@ template(`dbus_per_userdomain_template',`
selinux_compute_user_contexts($1_dbusd_t) selinux_compute_user_contexts($1_dbusd_t)
corecmd_list_bin($1_dbusd_t) corecmd_list_bin($1_dbusd_t)
corecmd_read_bin_symlink($1_dbusd_t) corecmd_read_bin_symlinks($1_dbusd_t)
corecmd_read_bin_file($1_dbusd_t) corecmd_read_bin_files($1_dbusd_t)
corecmd_read_bin_pipe($1_dbusd_t) corecmd_read_bin_pipes($1_dbusd_t)
corecmd_read_bin_socket($1_dbusd_t) corecmd_read_bin_sockets($1_dbusd_t)
corecmd_list_sbin($1_dbusd_t) corecmd_list_sbin($1_dbusd_t)
corecmd_read_sbin_symlink($1_dbusd_t) corecmd_read_sbin_symlinks($1_dbusd_t)
corecmd_read_sbin_file($1_dbusd_t) corecmd_read_sbin_files($1_dbusd_t)
corecmd_read_sbin_pipe($1_dbusd_t) corecmd_read_sbin_pipes($1_dbusd_t)
corecmd_read_sbin_socket($1_dbusd_t) corecmd_read_sbin_sockets($1_dbusd_t)
files_read_etc_files($1_dbusd_t) files_read_etc_files($1_dbusd_t)
files_list_home($1_dbusd_t) files_list_home($1_dbusd_t)
@ -161,7 +161,7 @@ template(`dbus_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_dbusd_t) nscd_socket_use($1_dbusd_t)
') ')
ifdef(`TODO',` ifdef(`TODO',`
@ -246,7 +246,7 @@ interface(`dbus_connect_system_bus',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`dbus_send_system_bus_msg',` interface(`dbus_send_system_bus',`
gen_require(` gen_require(`
type system_dbusd_t; type system_dbusd_t;
class dbus send_msg; class dbus send_msg;

View File

@ -76,15 +76,15 @@ auth_use_nsswitch(system_dbusd_t)
auth_read_pam_console_data(system_dbusd_t) auth_read_pam_console_data(system_dbusd_t)
corecmd_list_bin(system_dbusd_t) corecmd_list_bin(system_dbusd_t)
corecmd_read_bin_symlink(system_dbusd_t) corecmd_read_bin_symlinks(system_dbusd_t)
corecmd_read_bin_file(system_dbusd_t) corecmd_read_bin_files(system_dbusd_t)
corecmd_read_bin_pipe(system_dbusd_t) corecmd_read_bin_pipes(system_dbusd_t)
corecmd_read_bin_socket(system_dbusd_t) corecmd_read_bin_sockets(system_dbusd_t)
corecmd_list_sbin(system_dbusd_t) corecmd_list_sbin(system_dbusd_t)
corecmd_read_sbin_symlink(system_dbusd_t) corecmd_read_sbin_symlinks(system_dbusd_t)
corecmd_read_sbin_file(system_dbusd_t) corecmd_read_sbin_files(system_dbusd_t)
corecmd_read_sbin_pipe(system_dbusd_t) corecmd_read_sbin_pipes(system_dbusd_t)
corecmd_read_sbin_socket(system_dbusd_t) corecmd_read_sbin_sockets(system_dbusd_t)
corecmd_exec_sbin(system_dbusd_t) corecmd_exec_sbin(system_dbusd_t)
domain_use_wide_inherit_fd(system_dbusd_t) domain_use_wide_inherit_fd(system_dbusd_t)
@ -94,7 +94,7 @@ files_list_home(system_dbusd_t)
files_read_usr_files(system_dbusd_t) files_read_usr_files(system_dbusd_t)
init_use_fd(system_dbusd_t) init_use_fd(system_dbusd_t)
init_use_script_pty(system_dbusd_t) init_use_script_ptys(system_dbusd_t)
libs_use_ld_so(system_dbusd_t) libs_use_ld_so(system_dbusd_t)
libs_use_shared_libs(system_dbusd_t) libs_use_shared_libs(system_dbusd_t)
@ -111,8 +111,8 @@ userdom_dontaudit_use_unpriv_user_fd(system_dbusd_t)
userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t) userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(system_dbusd_t) term_dontaudit_use_unallocated_ttys(system_dbusd_t)
term_dontaudit_use_generic_pty(system_dbusd_t) term_dontaudit_use_generic_ptys(system_dbusd_t)
files_dontaudit_read_root_files(system_dbusd_t) files_dontaudit_read_root_files(system_dbusd_t)
') ')
@ -129,7 +129,7 @@ optional_policy(`bind',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(system_dbusd_t) nscd_socket_use(system_dbusd_t)
') ')
optional_policy(`sysnetwork',` optional_policy(`sysnetwork',`

View File

@ -90,7 +90,7 @@ files_read_etc_runtime_files(dhcpd_t)
files_search_var_lib(dhcpd_t) files_search_var_lib(dhcpd_t)
init_use_fd(dhcpd_t) init_use_fd(dhcpd_t)
init_use_script_pty(dhcpd_t) init_use_script_ptys(dhcpd_t)
libs_use_ld_so(dhcpd_t) libs_use_ld_so(dhcpd_t)
libs_use_shared_libs(dhcpd_t) libs_use_shared_libs(dhcpd_t)
@ -110,8 +110,8 @@ ifdef(`distro_gentoo',`
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(dhcpd_t) term_dontaudit_use_unallocated_ttys(dhcpd_t)
term_dontaudit_use_generic_pty(dhcpd_t) term_dontaudit_use_generic_ptys(dhcpd_t)
files_dontaudit_read_root_files(dhcpd_t) files_dontaudit_read_root_files(dhcpd_t)
') ')
@ -129,7 +129,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(dhcpd_t) nscd_socket_use(dhcpd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -9,7 +9,7 @@
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`dictd_use',` interface(`dictd_tcp_connect',`
gen_require(` gen_require(`
type dictd_t; type dictd_t;
') ')

View File

@ -68,7 +68,7 @@ files_search_var_lib(dictd_t)
files_dontaudit_search_pids(dictd_t) files_dontaudit_search_pids(dictd_t)
init_use_fd(dictd_t) init_use_fd(dictd_t)
init_use_script_pty(dictd_t) init_use_script_ptys(dictd_t)
libs_use_ld_so(dictd_t) libs_use_ld_so(dictd_t)
libs_use_shared_libs(dictd_t) libs_use_shared_libs(dictd_t)
@ -82,8 +82,8 @@ sysnet_read_config(dictd_t)
userdom_dontaudit_use_unpriv_user_fd(dictd_t) userdom_dontaudit_use_unpriv_user_fd(dictd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(dictd_t) term_dontaudit_use_unallocated_ttys(dictd_t)
term_dontaudit_use_generic_pty(dictd_t) term_dontaudit_use_generic_ptys(dictd_t)
files_dontaudit_read_root_files(dictd_t) files_dontaudit_read_root_files(dictd_t)
') ')
@ -92,7 +92,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(dictd_t) nscd_socket_use(dictd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -66,7 +66,7 @@ fs_search_auto_mountpoints(distccd_t)
term_dontaudit_use_console(distccd_t) term_dontaudit_use_console(distccd_t)
corecmd_exec_bin(distccd_t) corecmd_exec_bin(distccd_t)
corecmd_read_sbin_symlink(distccd_t) corecmd_read_sbin_symlinks(distccd_t)
domain_use_wide_inherit_fd(distccd_t) domain_use_wide_inherit_fd(distccd_t)
@ -74,7 +74,7 @@ files_read_etc_files(distccd_t)
files_read_etc_runtime_files(distccd_t) files_read_etc_runtime_files(distccd_t)
init_use_fd(distccd_t) init_use_fd(distccd_t)
init_use_script_pty(distccd_t) init_use_script_ptys(distccd_t)
libs_use_ld_so(distccd_t) libs_use_ld_so(distccd_t)
libs_use_shared_libs(distccd_t) libs_use_shared_libs(distccd_t)
@ -90,8 +90,8 @@ userdom_dontaudit_use_unpriv_user_fd(distccd_t)
userdom_dontaudit_search_sysadm_home_dir(distccd_t) userdom_dontaudit_search_sysadm_home_dir(distccd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(distccd_t) term_dontaudit_use_unallocated_ttys(distccd_t)
term_dontaudit_use_generic_pty(distccd_t) term_dontaudit_use_generic_ptys(distccd_t)
files_dontaudit_read_root_files(distccd_t) files_dontaudit_read_root_files(distccd_t)
') ')

View File

@ -98,7 +98,7 @@ files_search_tmp(dovecot_t)
files_dontaudit_list_default(dovecot_t) files_dontaudit_list_default(dovecot_t)
init_use_fd(dovecot_t) init_use_fd(dovecot_t)
init_use_script_pty(dovecot_t) init_use_script_ptys(dovecot_t)
init_getattr_utmp(dovecot_t) init_getattr_utmp(dovecot_t)
libs_use_ld_so(dovecot_t) libs_use_ld_so(dovecot_t)
@ -119,8 +119,8 @@ userdom_priveleged_home_dir_manager(dovecot_t)
mta_manage_spool(dovecot_t) mta_manage_spool(dovecot_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(dovecot_t) term_dontaudit_use_unallocated_ttys(dovecot_t)
term_dontaudit_use_generic_pty(dovecot_t) term_dontaudit_use_generic_ptys(dovecot_t)
files_dontaudit_read_root_files(dovecot_t) files_dontaudit_read_root_files(dovecot_t)
') ')
@ -193,5 +193,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(dovecot_auth_t) nscd_socket_use(dovecot_auth_t)
') ')

View File

@ -75,7 +75,7 @@ term_dontaudit_use_console(fetchmail_t)
domain_use_wide_inherit_fd(fetchmail_t) domain_use_wide_inherit_fd(fetchmail_t)
init_use_fd(fetchmail_t) init_use_fd(fetchmail_t)
init_use_script_pty(fetchmail_t) init_use_script_ptys(fetchmail_t)
libs_use_ld_so(fetchmail_t) libs_use_ld_so(fetchmail_t)
libs_use_shared_libs(fetchmail_t) libs_use_shared_libs(fetchmail_t)
@ -91,8 +91,8 @@ userdom_dontaudit_use_unpriv_user_fd(fetchmail_t)
userdom_dontaudit_search_sysadm_home_dir(fetchmail_t) userdom_dontaudit_search_sysadm_home_dir(fetchmail_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(fetchmail_t) term_dontaudit_use_unallocated_ttys(fetchmail_t)
term_dontaudit_use_generic_pty(fetchmail_t) term_dontaudit_use_generic_ptys(fetchmail_t)
files_dontaudit_read_root_files(fetchmail_t) files_dontaudit_read_root_files(fetchmail_t)
') ')

View File

@ -84,7 +84,7 @@ files_read_etc_runtime_files(fingerd_t)
init_read_utmp(fingerd_t) init_read_utmp(fingerd_t)
init_dontaudit_write_utmp(fingerd_t) init_dontaudit_write_utmp(fingerd_t)
init_use_fd(fingerd_t) init_use_fd(fingerd_t)
init_use_script_pty(fingerd_t) init_use_script_ptys(fingerd_t)
libs_use_ld_so(fingerd_t) libs_use_ld_so(fingerd_t)
libs_use_shared_libs(fingerd_t) libs_use_shared_libs(fingerd_t)
@ -105,8 +105,8 @@ userdom_dontaudit_search_sysadm_home_dir(fingerd_t)
userdom_dontaudit_search_user_home_dirs(fingerd_t) userdom_dontaudit_search_user_home_dirs(fingerd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(fingerd_t) term_dontaudit_use_unallocated_ttys(fingerd_t)
term_dontaudit_use_generic_pty(fingerd_t) term_dontaudit_use_generic_ptys(fingerd_t)
files_dontaudit_read_root_files(fingerd_t) files_dontaudit_read_root_files(fingerd_t)
') ')
@ -123,7 +123,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(fingerd_t) nscd_socket_use(fingerd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -112,7 +112,7 @@ auth_append_login_records(ftpd_t)
auth_write_login_records(ftpd_t) auth_write_login_records(ftpd_t)
init_use_fd(ftpd_t) init_use_fd(ftpd_t)
init_use_script_pty(ftpd_t) init_use_script_ptys(ftpd_t)
libs_use_ld_so(ftpd_t) libs_use_ld_so(ftpd_t)
libs_use_shared_libs(ftpd_t) libs_use_shared_libs(ftpd_t)
@ -132,8 +132,8 @@ userdom_dontaudit_use_unpriv_user_fd(ftpd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
files_dontaudit_read_root_files(ftpd_t) files_dontaudit_read_root_files(ftpd_t)
term_dontaudit_use_generic_pty(ftpd_t) term_dontaudit_use_generic_ptys(ftpd_t)
term_dontaudit_use_unallocated_tty(ftpd_t) term_dontaudit_use_unallocated_ttys(ftpd_t)
optional_policy(`ftp',` optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',` tunable_policy(`ftpd_is_daemon',`
@ -217,7 +217,7 @@ optional_policy(`mount',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(ftpd_t) nscd_socket_use(ftpd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -60,13 +60,13 @@ dev_rw_mouse(gpm_t)
fs_getattr_all_fs(gpm_t) fs_getattr_all_fs(gpm_t)
fs_search_auto_mountpoints(gpm_t) fs_search_auto_mountpoints(gpm_t)
term_use_unallocated_tty(gpm_t) term_use_unallocated_ttys(gpm_t)
term_dontaudit_use_console(gpm_t) term_dontaudit_use_console(gpm_t)
domain_use_wide_inherit_fd(gpm_t) domain_use_wide_inherit_fd(gpm_t)
init_use_fd(gpm_t) init_use_fd(gpm_t)
init_use_script_pty(gpm_t) init_use_script_ptys(gpm_t)
libs_use_ld_so(gpm_t) libs_use_ld_so(gpm_t)
libs_use_shared_libs(gpm_t) libs_use_shared_libs(gpm_t)
@ -79,8 +79,8 @@ userdom_dontaudit_use_unpriv_user_fd(gpm_t)
userdom_dontaudit_search_sysadm_home_dir(gpm_t) userdom_dontaudit_search_sysadm_home_dir(gpm_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(gpm_t) term_dontaudit_use_unallocated_ttys(gpm_t)
term_dontaudit_use_generic_pty(gpm_t) term_dontaudit_use_generic_ptys(gpm_t)
files_dontaudit_read_root_files(gpm_t) files_dontaudit_read_root_files(gpm_t)
') ')

View File

@ -50,7 +50,7 @@ kernel_read_kernel_sysctls(hald_t)
kernel_read_fs_sysctls(hald_t) kernel_read_fs_sysctls(hald_t)
kernel_write_proc_files(hald_t) kernel_write_proc_files(hald_t)
bootloader_getattr_boot_dir(hald_t) bootloader_getattr_boot_dirs(hald_t)
corecmd_exec_bin(hald_t) corecmd_exec_bin(hald_t)
corecmd_exec_sbin(hald_t) corecmd_exec_sbin(hald_t)
@ -111,10 +111,10 @@ storage_raw_write_fixed_disk(hald_t)
term_dontaudit_use_console(hald_t) term_dontaudit_use_console(hald_t)
term_dontaudit_ioctl_unallocated_ttys(hald_t) term_dontaudit_ioctl_unallocated_ttys(hald_t)
term_dontaudit_use_unallocated_tty(hald_t) term_dontaudit_use_unallocated_ttys(hald_t)
init_use_fd(hald_t) init_use_fd(hald_t)
init_use_script_pty(hald_t) init_use_script_ptys(hald_t)
init_domtrans_script(hald_t) init_domtrans_script(hald_t)
init_write_initctl(hald_t) init_write_initctl(hald_t)
init_read_utmp(hald_t) init_read_utmp(hald_t)
@ -138,8 +138,8 @@ userdom_dontaudit_use_unpriv_user_fd(hald_t)
userdom_dontaudit_search_sysadm_home_dir(hald_t) userdom_dontaudit_search_sysadm_home_dir(hald_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(hald_t) term_dontaudit_use_unallocated_ttys(hald_t)
term_dontaudit_use_generic_pty(hald_t) term_dontaudit_use_generic_ptys(hald_t)
files_dontaudit_read_root_files(hald_t) files_dontaudit_read_root_files(hald_t)
files_dontaudit_getattr_home_dir(hald_t) files_dontaudit_getattr_home_dir(hald_t)
') ')
@ -165,7 +165,7 @@ optional_policy(`cups',`
optional_policy(`dbus',` optional_policy(`dbus',`
dbus_system_bus_client_template(hald,hald_t) dbus_system_bus_client_template(hald,hald_t)
dbus_send_system_bus_msg(hald_t) dbus_send_system_bus(hald_t)
dbus_connect_system_bus(hald_t) dbus_connect_system_bus(hald_t)
allow hald_t self:dbus send_msg; allow hald_t self:dbus send_msg;
@ -194,12 +194,12 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(hald_t) nscd_socket_use(hald_t)
') ')
optional_policy(`pcmcia',` optional_policy(`pcmcia',`
pcmcia_manage_pid(hald_t) pcmcia_manage_pid(hald_t)
pcmcia_manage_runtime_chr(hald_t) pcmcia_manage_pid_chr_files(hald_t)
') ')
optional_policy(`rpc',` optional_policy(`rpc',`

View File

@ -61,7 +61,7 @@ domain_use_wide_inherit_fd(howl_t)
files_read_etc_files(howl_t) files_read_etc_files(howl_t)
init_use_fd(howl_t) init_use_fd(howl_t)
init_use_script_pty(howl_t) init_use_script_ptys(howl_t)
init_rw_utmp(howl_t) init_rw_utmp(howl_t)
libs_use_ld_so(howl_t) libs_use_ld_so(howl_t)
@ -77,8 +77,8 @@ userdom_dontaudit_use_unpriv_user_fd(howl_t)
userdom_dontaudit_search_sysadm_home_dir(howl_t) userdom_dontaudit_search_sysadm_home_dir(howl_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(howl_t) term_dontaudit_use_unallocated_ttys(howl_t)
term_dontaudit_use_generic_pty(howl_t) term_dontaudit_use_generic_ptys(howl_t)
files_dontaudit_read_root_files(howl_t) files_dontaudit_read_root_files(howl_t)
') ')

View File

@ -70,8 +70,8 @@ files_read_etc_runtime_files(i18n_input_t)
files_read_usr_files(i18n_input_t) files_read_usr_files(i18n_input_t)
init_use_fd(i18n_input_t) init_use_fd(i18n_input_t)
init_use_script_pty(i18n_input_t) init_use_script_ptys(i18n_input_t)
init_unix_connect_script(i18n_input_t) init_stream_connect_script(i18n_input_t)
libs_use_ld_so(i18n_input_t) libs_use_ld_so(i18n_input_t)
libs_use_shared_libs(i18n_input_t) libs_use_shared_libs(i18n_input_t)
@ -87,8 +87,8 @@ userdom_dontaudit_search_sysadm_home_dir(i18n_input_t)
userdom_read_unpriv_user_home_files(i18n_input_t) userdom_read_unpriv_user_home_files(i18n_input_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(i18n_input_t) term_dontaudit_use_unallocated_ttys(i18n_input_t)
term_dontaudit_use_generic_pty(i18n_input_t) term_dontaudit_use_generic_ptys(i18n_input_t)
files_dontaudit_read_root_files(i18n_input_t) files_dontaudit_read_root_files(i18n_input_t)
') ')

View File

@ -220,7 +220,7 @@ interface(`inetd_udp_sendto',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`inetd_rw_tcp_socket',` interface(`inetd_rw_tcp_sockets',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
') ')

View File

@ -100,14 +100,14 @@ term_dontaudit_use_console(inetd_t)
# Run other daemons in the inetd_child_t domain. # Run other daemons in the inetd_child_t domain.
corecmd_search_bin(inetd_t) corecmd_search_bin(inetd_t)
corecmd_read_sbin_symlink(inetd_t) corecmd_read_sbin_symlinks(inetd_t)
domain_use_wide_inherit_fd(inetd_t) domain_use_wide_inherit_fd(inetd_t)
files_read_etc_files(inetd_t) files_read_etc_files(inetd_t)
init_use_fd(inetd_t) init_use_fd(inetd_t)
init_use_script_pty(inetd_t) init_use_script_ptys(inetd_t)
libs_use_ld_so(inetd_t) libs_use_ld_so(inetd_t)
libs_use_shared_libs(inetd_t) libs_use_shared_libs(inetd_t)
@ -122,8 +122,8 @@ userdom_dontaudit_use_unpriv_user_fd(inetd_t)
userdom_dontaudit_search_sysadm_home_dir(inetd_t) userdom_dontaudit_search_sysadm_home_dir(inetd_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(inetd_t) term_dontaudit_use_unallocated_ttys(inetd_t)
term_dontaudit_use_generic_pty(inetd_t) term_dontaudit_use_generic_ptys(inetd_t)
files_dontaudit_read_root_files(inetd_t) files_dontaudit_read_root_files(inetd_t)
') ')
@ -137,7 +137,7 @@ optional_policy(`mount',`
# Communicate with the portmapper. # Communicate with the portmapper.
optional_policy(`portmap',` optional_policy(`portmap',`
portmap_udp_sendto(inetd_t) portmap_udp_send(inetd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`
@ -232,5 +232,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(inetd_child_t) nscd_socket_use(inetd_child_t)
') ')

View File

@ -47,7 +47,7 @@ interface(`inn_manage_log',`
type innd_log_t; type innd_log_t;
') ')
logging_rw_log_dir($1) logging_rw_generic_log_dirs($1)
allow $1 innd_log_t:dir search; allow $1 innd_log_t:dir search;
allow $1 innd_log_t:file create_file_perms; allow $1 innd_log_t:file create_file_perms;
') ')
@ -133,7 +133,7 @@ interface(`inn_read_news_spool',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`inn_sendto_unix_dgram_socket',` interface(`inn_dgram_send',`
gen_require(` gen_require(`
type innd_t; type innd_t;
') ')

View File

@ -88,7 +88,7 @@ term_dontaudit_use_console(innd_t)
corecmd_exec_bin(innd_t) corecmd_exec_bin(innd_t)
corecmd_exec_shell(innd_t) corecmd_exec_shell(innd_t)
corecmd_search_sbin(innd_t) corecmd_search_sbin(innd_t)
corecmd_read_sbin_symlink(innd_t) corecmd_read_sbin_symlinks(innd_t)
domain_use_wide_inherit_fd(innd_t) domain_use_wide_inherit_fd(innd_t)
@ -98,7 +98,7 @@ files_read_etc_runtime_files(innd_t)
files_read_usr_files(innd_t) files_read_usr_files(innd_t)
init_use_fd(innd_t) init_use_fd(innd_t)
init_use_script_pty(innd_t) init_use_script_ptys(innd_t)
libs_use_ld_so(innd_t) libs_use_ld_so(innd_t)
libs_use_shared_libs(innd_t) libs_use_shared_libs(innd_t)
@ -117,8 +117,8 @@ userdom_dontaudit_search_sysadm_home_dir(innd_t)
mta_send_mail(innd_t) mta_send_mail(innd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(innd_t) term_dontaudit_use_unallocated_ttys(innd_t)
term_dontaudit_use_generic_pty(innd_t) term_dontaudit_use_generic_ptys(innd_t)
files_dontaudit_read_root_files(innd_t) files_dontaudit_read_root_files(innd_t)
') ')

View File

@ -39,7 +39,7 @@ term_dontaudit_use_console(irqbalance_t)
domain_use_wide_inherit_fd(irqbalance_t) domain_use_wide_inherit_fd(irqbalance_t)
init_use_fd(irqbalance_t) init_use_fd(irqbalance_t)
init_use_script_pty(irqbalance_t) init_use_script_ptys(irqbalance_t)
libs_use_ld_so(irqbalance_t) libs_use_ld_so(irqbalance_t)
libs_use_shared_libs(irqbalance_t) libs_use_shared_libs(irqbalance_t)
@ -52,8 +52,8 @@ userdom_dontaudit_use_unpriv_user_fd(irqbalance_t)
userdom_dontaudit_search_sysadm_home_dir(irqbalance_t) userdom_dontaudit_search_sysadm_home_dir(irqbalance_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(irqbalance_t) term_dontaudit_use_unallocated_ttys(irqbalance_t)
term_dontaudit_use_generic_pty(irqbalance_t) term_dontaudit_use_generic_ptys(irqbalance_t)
files_dontaudit_read_root_files(irqbalance_t) files_dontaudit_read_root_files(irqbalance_t)
') ')

View File

@ -117,7 +117,7 @@ domain_use_wide_inherit_fd(kadmind_t)
files_read_etc_files(kadmind_t) files_read_etc_files(kadmind_t)
init_use_fd(kadmind_t) init_use_fd(kadmind_t)
init_use_script_pty(kadmind_t) init_use_script_ptys(kadmind_t)
libs_use_ld_so(kadmind_t) libs_use_ld_so(kadmind_t)
libs_use_shared_libs(kadmind_t) libs_use_shared_libs(kadmind_t)
@ -132,8 +132,8 @@ userdom_dontaudit_use_unpriv_user_fd(kadmind_t)
userdom_dontaudit_search_sysadm_home_dir(kadmind_t) userdom_dontaudit_search_sysadm_home_dir(kadmind_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(kadmind_t) term_dontaudit_use_unallocated_ttys(kadmind_t)
term_dontaudit_use_generic_pty(kadmind_t) term_dontaudit_use_generic_ptys(kadmind_t)
files_dontaudit_read_root_files(kadmind_t) files_dontaudit_read_root_files(kadmind_t)
') ')
@ -217,7 +217,7 @@ domain_use_wide_inherit_fd(krb5kdc_t)
files_read_etc_files(krb5kdc_t) files_read_etc_files(krb5kdc_t)
init_use_fd(krb5kdc_t) init_use_fd(krb5kdc_t)
init_use_script_pty(krb5kdc_t) init_use_script_ptys(krb5kdc_t)
libs_use_ld_so(krb5kdc_t) libs_use_ld_so(krb5kdc_t)
libs_use_shared_libs(krb5kdc_t) libs_use_shared_libs(krb5kdc_t)
@ -232,8 +232,8 @@ userdom_dontaudit_use_unpriv_user_fd(krb5kdc_t)
userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t) userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(krb5kdc_t) term_dontaudit_use_unallocated_ttys(krb5kdc_t)
term_dontaudit_use_generic_pty(krb5kdc_t) term_dontaudit_use_generic_ptys(krb5kdc_t)
files_dontaudit_read_root_files(krb5kdc_t) files_dontaudit_read_root_files(krb5kdc_t)
') ')

View File

@ -81,5 +81,5 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(ktalkd_t) nscd_socket_use(ktalkd_t)
') ')

View File

@ -9,7 +9,7 @@
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`ldap_list_db_dir',` interface(`ldap_list_db',`
gen_require(` gen_require(`
type slapd_db_t; type slapd_db_t;
') ')

View File

@ -108,7 +108,7 @@ files_read_usr_files(slapd_t)
files_list_var_lib(slapd_t) files_list_var_lib(slapd_t)
init_use_fd(slapd_t) init_use_fd(slapd_t)
init_use_script_pty(slapd_t) init_use_script_ptys(slapd_t)
libs_use_ld_so(slapd_t) libs_use_ld_so(slapd_t)
libs_use_shared_libs(slapd_t) libs_use_shared_libs(slapd_t)
@ -125,16 +125,16 @@ userdom_dontaudit_search_sysadm_home_dir(slapd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
#reh slapcat will want to talk to the terminal #reh slapcat will want to talk to the terminal
term_use_generic_pty(slapd_t) term_use_generic_ptys(slapd_t)
term_use_unallocated_tty(slapd_t) term_use_unallocated_ttys(slapd_t)
userdom_search_generic_user_home_dir(slapd_t) userdom_search_generic_user_home_dir(slapd_t)
#need to be able to read ldif files created by root #need to be able to read ldif files created by root
# cjp: fix to not use templated interface: # cjp: fix to not use templated interface:
userdom_read_user_home_files(user,slapd_t) userdom_read_user_home_files(user,slapd_t)
term_dontaudit_use_unallocated_tty(slapd_t) term_dontaudit_use_unallocated_ttys(slapd_t)
term_dontaudit_use_generic_pty(slapd_t) term_dontaudit_use_generic_ptys(slapd_t)
files_dontaudit_read_root_files(slapd_t) files_dontaudit_read_root_files(slapd_t)
') ')

View File

@ -134,7 +134,7 @@ template(`lpd_per_userdomain_template',`
# Access the terminal. # Access the terminal.
term_use_controlling_term($1_lpr_t) term_use_controlling_term($1_lpr_t)
term_use_generic_pty($1_lpr_t) term_use_generic_ptys($1_lpr_t)
libs_use_ld_so($1_lpr_t) libs_use_ld_so($1_lpr_t)
libs_use_shared_libs($1_lpr_t) libs_use_shared_libs($1_lpr_t)
@ -190,7 +190,7 @@ template(`lpd_per_userdomain_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_lpr_t) nscd_socket_use($1_lpr_t)
') ')
optional_policy(`nis',` optional_policy(`nis',`

View File

@ -90,7 +90,7 @@ domain_use_wide_inherit_fd(checkpc_t)
files_read_etc_files(checkpc_t) files_read_etc_files(checkpc_t)
files_read_etc_runtime_files(checkpc_t) files_read_etc_runtime_files(checkpc_t)
init_use_script_pty(checkpc_t) init_use_script_ptys(checkpc_t)
# Allow access to /dev/console through the fd: # Allow access to /dev/console through the fd:
init_use_fd(checkpc_t) init_use_fd(checkpc_t)
@ -100,8 +100,8 @@ libs_use_shared_libs(checkpc_t)
sysnet_read_config(checkpc_t) sysnet_read_config(checkpc_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_generic_pty(checkpc_t) term_use_generic_ptys(checkpc_t)
term_use_unallocated_tty(checkpc_t) term_use_unallocated_ttys(checkpc_t)
') ')
optional_policy(`cron',` optional_policy(`cron',`
@ -202,7 +202,7 @@ files_read_var_lib_symlinks(lpd_t)
files_read_etc_files(lpd_t) files_read_etc_files(lpd_t)
init_use_fd(lpd_t) init_use_fd(lpd_t)
init_use_script_pty(lpd_t) init_use_script_ptys(lpd_t)
libs_use_ld_so(lpd_t) libs_use_ld_so(lpd_t)
libs_use_shared_libs(lpd_t) libs_use_shared_libs(lpd_t)
@ -218,8 +218,8 @@ userdom_dontaudit_use_unpriv_user_fd(lpd_t)
userdom_dontaudit_search_sysadm_home_dir(lpd_t) userdom_dontaudit_search_sysadm_home_dir(lpd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(lpd_t) term_dontaudit_use_unallocated_ttys(lpd_t)
term_dontaudit_use_generic_pty(lpd_t) term_dontaudit_use_generic_ptys(lpd_t)
files_dontaudit_read_root_files(lpd_t) files_dontaudit_read_root_files(lpd_t)
') ')
@ -229,7 +229,7 @@ optional_policy(`nis',`
') ')
optional_policy(`portmap',` optional_policy(`portmap',`
portmap_udp_sendto(lpd_t) portmap_udp_send(lpd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -61,7 +61,7 @@ optional_policy(`apache',`
allow mailman_mail_t self:unix_dgram_socket create_socket_perms; allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t) mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`qmail',` optional_policy(`qmail',`
@ -110,5 +110,5 @@ optional_policy(`cron',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(mailman_queue_t) nscd_socket_use(mailman_queue_t)
') ')

View File

@ -101,7 +101,7 @@ template(`mta_base_mail_template',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket($1_mail_t) nscd_socket_use($1_mail_t)
') ')
optional_policy(`postfix',` optional_policy(`postfix',`
@ -422,8 +422,8 @@ interface(`mta_mailserver_user_agent',`
optional_policy(`apache',` optional_policy(`apache',`
# apache should set close-on-exec # apache should set close-on-exec
apache_dontaudit_rw_stream_socket($1) apache_dontaudit_rw_stream_sockets($1)
apache_dontaudit_rw_sys_script_stream_socket($1) apache_dontaudit_rw_sys_script_stream_sockets($1)
') ')
') ')
@ -507,7 +507,7 @@ interface(`mta_read_aliases',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`mta_filetrans_etc_aliases',` interface(`mta_filetrans_aliases',`
gen_require(` gen_require(`
type etc_aliases_t; type etc_aliases_t;
') ')
@ -537,7 +537,7 @@ interface(`mta_rw_aliases',`
## Mail server domain. ## Mail server domain.
## </param> ## </param>
# #
interface(`mta_dontaudit_rw_delivery_tcp_socket',` interface(`mta_dontaudit_rw_delivery_tcp_sockets',`
gen_require(` gen_require(`
attribute mailserver_delivery; attribute mailserver_delivery;
') ')
@ -572,7 +572,7 @@ interface(`mta_tcp_connect_all_mailservers',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`mta_dontaudit_read_spool_symlink',` interface(`mta_dontaudit_read_spool_symlinks',`
gen_require(` gen_require(`
type mail_spool_t; type mail_spool_t;
') ')
@ -595,7 +595,7 @@ interface(`mta_getattr_spool',`
allow $1 mail_spool_t:file getattr; allow $1 mail_spool_t:file getattr;
') ')
interface(`mta_dontaudit_getattr_spool',` interface(`mta_dontaudit_getattr_spool_files',`
gen_require(` gen_require(`
type mail_spool_t; type mail_spool_t;
') ')
@ -761,7 +761,7 @@ interface(`mta_read_sendmail_bin',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`mta_rw_user_mail_stream_socket',` interface(`mta_rw_user_mail_stream_sockets',`
gen_require(` gen_require(`
attribute user_mail_domain; attribute user_mail_domain;
') ')

View File

@ -55,7 +55,7 @@ dev_read_urand(system_mail_t)
fs_read_eventpollfs(system_mail_t) fs_read_eventpollfs(system_mail_t)
init_use_script_pty(system_mail_t) init_use_script_ptys(system_mail_t)
userdom_use_sysadm_terms(system_mail_t) userdom_use_sysadm_terms(system_mail_t)
@ -101,22 +101,22 @@ optional_policy(`apache',`
# apache should set close-on-exec # apache should set close-on-exec
apache_dontaudit_append_log(system_mail_t) apache_dontaudit_append_log(system_mail_t)
apache_dontaudit_rw_stream_socket(system_mail_t) apache_dontaudit_rw_stream_sockets(system_mail_t)
apache_dontaudit_rw_tcp_socket(system_mail_t) apache_dontaudit_rw_tcp_sockets(system_mail_t)
apache_dontaudit_rw_sys_script_stream_socket(system_mail_t) apache_dontaudit_rw_sys_script_stream_sockets(system_mail_t)
') ')
optional_policy(`arpwatch',` optional_policy(`arpwatch',`
arpwatch_manage_tmp_files(system_mail_t) arpwatch_manage_tmp_files(system_mail_t)
ifdef(`hide_broken_symptoms', ` ifdef(`hide_broken_symptoms', `
arpwatch_dontaudit_rw_packet_socket(system_mail_t) arpwatch_dontaudit_rw_packet_sockets(system_mail_t)
') ')
') ')
optional_policy(`cron',` optional_policy(`cron',`
cron_read_system_job_tmp_files(system_mail_t) cron_read_system_job_tmp_files(system_mail_t)
cron_dontaudit_write_pipe(system_mail_t) cron_dontaudit_write_pipes(system_mail_t)
') ')
optional_policy(`cvs',` optional_policy(`cvs',`
@ -157,7 +157,7 @@ optional_policy(`postfix',`
') ')
optional_policy(`sendmail',` optional_policy(`sendmail',`
userdom_dontaudit_use_unpriv_user_pty(system_mail_t) userdom_dontaudit_use_unpriv_users_ptys(system_mail_t)
optional_policy(`cron',` optional_policy(`cron',`
cron_dontaudit_append_system_job_tmp_files(system_mail_t) cron_dontaudit_append_system_job_tmp_files(system_mail_t)
@ -165,7 +165,7 @@ optional_policy(`sendmail',`
') ')
optional_policy(`smartmon',` optional_policy(`smartmon',`
smartmon_read_tmp(system_mail_t) smartmon_read_tmp_files(system_mail_t)
') ')
# should break this up among sections: # should break this up among sections:
@ -175,7 +175,7 @@ optional_policy(`arpwatch',`
arpwatch_search_data(mailserver_delivery) arpwatch_search_data(mailserver_delivery)
arpwatch_manage_tmp_files(mta_user_agent) arpwatch_manage_tmp_files(mta_user_agent)
ifdef(`hide_broken_symptoms', ` ifdef(`hide_broken_symptoms', `
arpwatch_dontaudit_rw_packet_socket(mta_user_agent) arpwatch_dontaudit_rw_packet_sockets(mta_user_agent)
') ')
optional_policy(`cron',` optional_policy(`cron',`
cron_read_system_job_tmp_files(mta_user_agent) cron_read_system_job_tmp_files(mta_user_agent)

View File

@ -63,7 +63,7 @@ interface(`mysql_read_config',`
# #
# cjp: "_dir" in the name is added to clarify that this # cjp: "_dir" in the name is added to clarify that this
# is not searching the database itself. # is not searching the database itself.
interface(`mysql_search_db_dir',` interface(`mysql_search_db',`
gen_require(` gen_require(`
type mysqld_db_t; type mysqld_db_t;
') ')
@ -80,7 +80,7 @@ interface(`mysql_search_db_dir',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`mysql_rw_db_dir',` interface(`mysql_rw_db_dirs',`
gen_require(` gen_require(`
type mysqld_db_t; type mysqld_db_t;
') ')
@ -97,7 +97,7 @@ interface(`mysql_rw_db_dir',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`mysql_manage_db_dir',` interface(`mysql_manage_db_dirs',`
gen_require(` gen_require(`
type mysqld_db_t; type mysqld_db_t;
') ')
@ -115,7 +115,7 @@ interface(`mysql_manage_db_dir',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`mysql_rw_db_socket',` interface(`mysql_rw_db_sockets',`
gen_require(` gen_require(`
type mysqld_db_t; type mysqld_db_t;
') ')

View File

@ -95,7 +95,7 @@ files_read_usr_files(mysqld_t)
files_search_var_lib(mysqld_t) files_search_var_lib(mysqld_t)
init_use_fd(mysqld_t) init_use_fd(mysqld_t)
init_use_script_pty(mysqld_t) init_use_script_ptys(mysqld_t)
libs_use_ld_so(mysqld_t) libs_use_ld_so(mysqld_t)
libs_use_shared_libs(mysqld_t) libs_use_shared_libs(mysqld_t)
@ -116,8 +116,8 @@ ifdef(`distro_redhat',`
') ')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(mysqld_t) term_dontaudit_use_unallocated_ttys(mysqld_t)
term_dontaudit_use_generic_pty(mysqld_t) term_dontaudit_use_generic_ptys(mysqld_t)
files_dontaudit_read_root_files(mysqld_t) files_dontaudit_read_root_files(mysqld_t)
') ')
@ -134,7 +134,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(mysqld_t) nscd_socket_use(mysqld_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -9,7 +9,7 @@
## </param> ## </param>
# #
# cjp: added for named. # cjp: added for named.
interface(`networkmanager_rw_udp_socket',` interface(`networkmanager_rw_udp_sockets',`
gen_require(` gen_require(`
type NetworkManager_t; type NetworkManager_t;
') ')
@ -26,7 +26,7 @@ interface(`networkmanager_rw_udp_socket',`
## </param> ## </param>
# #
# cjp: added for named. # cjp: added for named.
interface(`networkmanager_rw_packet_socket',` interface(`networkmanager_rw_packet_sockets',`
gen_require(` gen_require(`
type NetworkManager_t; type NetworkManager_t;
') ')
@ -44,7 +44,7 @@ interface(`networkmanager_rw_packet_socket',`
## </param> ## </param>
# #
# cjp: added for named. # cjp: added for named.
interface(`networkmanager_rw_routing_socket',` interface(`networkmanager_rw_routing_sockets',`
gen_require(` gen_require(`
type NetworkManager_t; type NetworkManager_t;
') ')

View File

@ -79,7 +79,7 @@ files_read_etc_runtime_files(NetworkManager_t)
files_read_usr_files(NetworkManager_t) files_read_usr_files(NetworkManager_t)
init_use_fd(NetworkManager_t) init_use_fd(NetworkManager_t)
init_use_script_pty(NetworkManager_t) init_use_script_ptys(NetworkManager_t)
init_read_utmp(NetworkManager_t) init_read_utmp(NetworkManager_t)
init_domtrans_script(NetworkManager_t) init_domtrans_script(NetworkManager_t)
@ -106,11 +106,11 @@ sysnet_filetrans_config(NetworkManager_t)
userdom_dontaudit_use_unpriv_user_fd(NetworkManager_t) userdom_dontaudit_use_unpriv_user_fd(NetworkManager_t)
userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t) userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t)
userdom_dontaudit_use_unpriv_user_tty(NetworkManager_t) userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(NetworkManager_t) term_dontaudit_use_unallocated_ttys(NetworkManager_t)
term_dontaudit_use_generic_pty(NetworkManager_t) term_dontaudit_use_generic_ptys(NetworkManager_t)
files_dontaudit_read_root_files(NetworkManager_t) files_dontaudit_read_root_files(NetworkManager_t)
') ')
@ -137,7 +137,7 @@ optional_policy(`dbus',`
dbus_system_bus_client_template(NetworkManager,NetworkManager_t) dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
dbus_connect_system_bus(NetworkManager_t) dbus_connect_system_bus(NetworkManager_t)
dbus_send_system_bus_msg(NetworkManager_t) dbus_send_system_bus(NetworkManager_t)
') ')
optional_policy(`howl',` optional_policy(`howl',`
@ -153,7 +153,7 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(NetworkManager_t) nscd_socket_use(NetworkManager_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -180,7 +180,7 @@ interface(`nis_list_var_yp',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`nis_udp_sendto_ypbind',` interface(`nis_udp_send_ypbind',`
gen_require(` gen_require(`
type ypbind_t; type ypbind_t;
') ')

View File

@ -22,7 +22,7 @@ files_pid_file(ypbind_var_run_t)
type yppasswdd_t; type yppasswdd_t;
type yppasswdd_exec_t; type yppasswdd_exec_t;
init_daemon_domain(yppasswdd_t,yppasswdd_exec_t) init_daemon_domain(yppasswdd_t,yppasswdd_exec_t)
domain_obj_id_change_exempt(yppasswdd_t) domain_obj_id_change_exemption(yppasswdd_t)
type yppasswdd_var_run_t; type yppasswdd_var_run_t;
files_pid_file(yppasswdd_var_run_t) files_pid_file(yppasswdd_var_run_t)
@ -100,8 +100,8 @@ files_read_etc_files(ypbind_t)
files_list_var(ypbind_t) files_list_var(ypbind_t)
init_use_fd(ypbind_t) init_use_fd(ypbind_t)
init_use_script_pty(ypbind_t) init_use_script_ptys(ypbind_t)
init_udp_sendto_script(ypbind_t) init_udp_send_script(ypbind_t)
libs_use_ld_so(ypbind_t) libs_use_ld_so(ypbind_t)
libs_use_shared_libs(ypbind_t) libs_use_shared_libs(ypbind_t)
@ -115,11 +115,11 @@ sysnet_read_config(ypbind_t)
userdom_dontaudit_use_unpriv_user_fd(ypbind_t) userdom_dontaudit_use_unpriv_user_fd(ypbind_t)
userdom_dontaudit_search_sysadm_home_dir(ypbind_t) userdom_dontaudit_search_sysadm_home_dir(ypbind_t)
portmap_udp_sendto(ypbind_t) portmap_udp_send(ypbind_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ypbind_t) term_dontaudit_use_unallocated_ttys(ypbind_t)
term_dontaudit_use_generic_pty(ypbind_t) term_dontaudit_use_generic_ptys(ypbind_t)
files_dontaudit_read_root_files(ypbind_t) files_dontaudit_read_root_files(ypbind_t)
') ')
@ -201,8 +201,8 @@ files_read_etc_runtime_files(yppasswdd_t)
files_relabel_etc_files(yppasswdd_t) files_relabel_etc_files(yppasswdd_t)
init_use_fd(yppasswdd_t) init_use_fd(yppasswdd_t)
init_use_script_pty(yppasswdd_t) init_use_script_ptys(yppasswdd_t)
init_udp_sendto_script(yppasswdd_t) init_udp_send_script(yppasswdd_t)
libs_use_ld_so(yppasswdd_t) libs_use_ld_so(yppasswdd_t)
libs_use_shared_libs(yppasswdd_t) libs_use_shared_libs(yppasswdd_t)
@ -216,11 +216,11 @@ sysnet_read_config(yppasswdd_t)
userdom_dontaudit_use_unpriv_user_fd(yppasswdd_t) userdom_dontaudit_use_unpriv_user_fd(yppasswdd_t)
userdom_dontaudit_search_sysadm_home_dir(yppasswdd_t) userdom_dontaudit_search_sysadm_home_dir(yppasswdd_t)
portmap_udp_sendto(yppasswdd_t) portmap_udp_send(yppasswdd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(yppasswdd_t) term_dontaudit_use_unallocated_ttys(yppasswdd_t)
term_dontaudit_use_generic_pty(yppasswdd_t) term_dontaudit_use_generic_ptys(yppasswdd_t)
files_dontaudit_read_root_files(yppasswdd_t) files_dontaudit_read_root_files(yppasswdd_t)
') ')
@ -296,8 +296,8 @@ domain_use_wide_inherit_fd(ypserv_t)
files_read_var_files(ypserv_t) files_read_var_files(ypserv_t)
init_use_fd(ypserv_t) init_use_fd(ypserv_t)
init_use_script_pty(ypserv_t) init_use_script_ptys(ypserv_t)
init_udp_sendto_script(ypserv_t) init_udp_send_script(ypserv_t)
libs_use_ld_so(ypserv_t) libs_use_ld_so(ypserv_t)
libs_use_shared_libs(ypserv_t) libs_use_shared_libs(ypserv_t)
@ -311,11 +311,11 @@ sysnet_read_config(ypserv_t)
userdom_dontaudit_use_unpriv_user_fd(ypserv_t) userdom_dontaudit_use_unpriv_user_fd(ypserv_t)
userdom_dontaudit_search_sysadm_home_dir(ypserv_t) userdom_dontaudit_search_sysadm_home_dir(ypserv_t)
portmap_udp_sendto(ypserv_t) portmap_udp_send(ypserv_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(ypserv_t) term_dontaudit_use_unallocated_ttys(ypserv_t)
term_dontaudit_use_generic_pty(ypserv_t) term_dontaudit_use_generic_ptys(ypserv_t)
files_dontaudit_read_root_files(ypserv_t) files_dontaudit_read_root_files(ypserv_t)
') ')

View File

@ -31,7 +31,7 @@ interface(`nscd_domtrans',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`nscd_use_socket',` interface(`nscd_socket_use',`
gen_require(` gen_require(`
type nscd_t, nscd_var_run_t; type nscd_t, nscd_var_run_t;
class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost }; class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
@ -59,7 +59,7 @@ interface(`nscd_use_socket',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`nscd_use_shared_mem',` interface(`nscd_shm_use',`
gen_require(` gen_require(`
type nscd_t, nscd_var_run_t; type nscd_t, nscd_var_run_t;
class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost }; class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };

View File

@ -94,7 +94,7 @@ files_read_etc_files(nscd_t)
files_read_generic_tmp_symlinks(nscd_t) files_read_generic_tmp_symlinks(nscd_t)
init_use_fd(nscd_t) init_use_fd(nscd_t)
init_use_script_pty(nscd_t) init_use_script_ptys(nscd_t)
libs_use_ld_so(nscd_t) libs_use_ld_so(nscd_t)
libs_use_shared_libs(nscd_t) libs_use_shared_libs(nscd_t)
@ -114,11 +114,11 @@ userdom_dontaudit_use_unpriv_user_fd(nscd_t)
userdom_dontaudit_search_sysadm_home_dir(nscd_t) userdom_dontaudit_search_sysadm_home_dir(nscd_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_use_unallocated_tty(nscd_t) term_use_unallocated_ttys(nscd_t)
term_use_generic_pty(nscd_t) term_use_generic_ptys(nscd_t)
term_dontaudit_use_unallocated_tty(nscd_t) term_dontaudit_use_unallocated_ttys(nscd_t)
term_dontaudit_use_generic_pty(nscd_t) term_dontaudit_use_generic_ptys(nscd_t)
files_dontaudit_read_root_files(nscd_t) files_dontaudit_read_root_files(nscd_t)
') ')
@ -127,7 +127,7 @@ optional_policy(`nis',`
') ')
optional_policy(`samba',` optional_policy(`samba',`
samba_connect_winbind(nscd_t) samba_stream_connect_winbind(nscd_t)
') ')
optional_policy(`udev',` optional_policy(`udev',`

View File

@ -92,7 +92,7 @@ corecmd_exec_ls(ntpd_t)
corecmd_exec_shell(ntpd_t) corecmd_exec_shell(ntpd_t)
domain_use_wide_inherit_fd(ntpd_t) domain_use_wide_inherit_fd(ntpd_t)
domain_dontaudit_list_all_domains_proc(ntpd_t) domain_dontaudit_list_all_domains_state(ntpd_t)
files_read_etc_files(ntpd_t) files_read_etc_files(ntpd_t)
files_read_etc_runtime_files(ntpd_t) files_read_etc_runtime_files(ntpd_t)
@ -101,7 +101,7 @@ files_list_var_lib(ntpd_t)
init_exec_script(ntpd_t) init_exec_script(ntpd_t)
init_use_fd(ntpd_t) init_use_fd(ntpd_t)
init_use_script_pty(ntpd_t) init_use_script_ptys(ntpd_t)
libs_use_ld_so(ntpd_t) libs_use_ld_so(ntpd_t)
libs_use_shared_libs(ntpd_t) libs_use_shared_libs(ntpd_t)
@ -117,8 +117,8 @@ userdom_list_sysadm_home_dir(ntpd_t)
userdom_dontaudit_list_sysadm_home_dir(ntpd_t) userdom_dontaudit_list_sysadm_home_dir(ntpd_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ntpd_t) term_dontaudit_use_unallocated_ttys(ntpd_t)
term_dontaudit_use_generic_pty(ntpd_t) term_dontaudit_use_generic_ptys(ntpd_t)
files_dontaudit_read_root_files(ntpd_t) files_dontaudit_read_root_files(ntpd_t)
') ')
@ -144,11 +144,11 @@ optional_policy(`nis',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(ntpd_t) nscd_socket_use(ntpd_t)
') ')
optional_policy(`samba',` optional_policy(`samba',`
samba_connect_winbind(ntpd_t) samba_stream_connect_winbind(ntpd_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -44,7 +44,7 @@ fs_search_auto_mountpoints(openct_t)
term_dontaudit_use_console(openct_t) term_dontaudit_use_console(openct_t)
init_use_fd(openct_t) init_use_fd(openct_t)
init_use_script_pty(openct_t) init_use_script_ptys(openct_t)
libs_use_ld_so(openct_t) libs_use_ld_so(openct_t)
libs_use_shared_libs(openct_t) libs_use_shared_libs(openct_t)
@ -57,8 +57,8 @@ userdom_dontaudit_use_unpriv_user_fd(openct_t)
userdom_dontaudit_search_sysadm_home_dir(openct_t) userdom_dontaudit_search_sysadm_home_dir(openct_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(openct_t) term_dontaudit_use_unallocated_ttys(openct_t)
term_dontaudit_use_generic_pty(openct_t) term_dontaudit_use_generic_ptys(openct_t)
files_dontaudit_read_root_files(openct_t) files_dontaudit_read_root_files(openct_t)
') ')

View File

@ -98,7 +98,7 @@ files_read_var_lib_files(pegasus_t)
files_read_var_lib_symlinks(pegasus_t) files_read_var_lib_symlinks(pegasus_t)
init_use_fd(pegasus_t) init_use_fd(pegasus_t)
init_use_script_pty(pegasus_t) init_use_script_ptys(pegasus_t)
init_rw_utmp(pegasus_t) init_rw_utmp(pegasus_t)
libs_use_ld_so(pegasus_t) libs_use_ld_so(pegasus_t)
@ -112,8 +112,8 @@ userdom_dontaudit_use_unpriv_user_fd(pegasus_t)
userdom_dontaudit_search_sysadm_home_dir(pegasus_t) userdom_dontaudit_search_sysadm_home_dir(pegasus_t)
ifdef(`targeted_policy', ` ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(pegasus_t) term_dontaudit_use_unallocated_ttys(pegasus_t)
term_dontaudit_use_generic_pty(pegasus_t) term_dontaudit_use_generic_ptys(pegasus_t)
files_dontaudit_read_root_files(pegasus_t) files_dontaudit_read_root_files(pegasus_t)
') ')
@ -122,7 +122,7 @@ optional_policy(`logging',`
') ')
optional_policy(`nscd',` optional_policy(`nscd',`
nscd_use_socket(pegasus_t) nscd_socket_use(pegasus_t)
') ')
optional_policy(`selinuxutil',` optional_policy(`selinuxutil',`

View File

@ -64,7 +64,7 @@ interface(`portmap_run_helper',`
## The type of the process performing this action. ## The type of the process performing this action.
## </param> ## </param>
# #
interface(`portmap_udp_sendto',` interface(`portmap_udp_send',`
gen_require(` gen_require(`
type portmap_t; type portmap_t;
') ')
@ -81,7 +81,7 @@ interface(`portmap_udp_sendto',`
## Domain allowed access. ## Domain allowed access.
## </param> ## </param>
# #
interface(`portmap_udp_sendrecv',` interface(`portmap_udp_chat',`
gen_require(` gen_require(`
type portmap_t; type portmap_t;
') ')

Some files were not shown because too many files have changed in this diff Show More