ricci patch from dan.

This commit is contained in:
Chris PeBenito 2009-07-21 10:10:00 -04:00
parent d8822462c4
commit 1847443ea3

View File

@ -1,5 +1,5 @@
policy_module(ricci, 1.5.2)
policy_module(ricci, 1.5.3)
########################################
#
@ -133,6 +133,8 @@ corenet_tcp_connect_http_port(ricci_t)
dev_read_urand(ricci_t)
domain_read_all_domains_state(ricci_t)
files_read_etc_files(ricci_t)
files_read_etc_runtime_files(ricci_t)
files_create_boot_flag(ricci_t)
@ -140,7 +142,7 @@ files_create_boot_flag(ricci_t)
auth_domtrans_chk_passwd(ricci_t)
auth_append_login_records(ricci_t)
init_dontaudit_stream_connect_script(ricci_t)
init_stream_connect_script(ricci_t)
locallogin_dontaudit_use_fds(ricci_t)
@ -202,7 +204,7 @@ kernel_read_system_state(ricci_modcluster_t)
corecmd_exec_shell(ricci_modcluster_t)
corecmd_exec_bin(ricci_modcluster_t)
domain_dontaudit_read_all_domains_state(ricci_modcluster_t)
domain_read_all_domains_state(ricci_modcluster_t)
files_search_locks(ricci_modcluster_t)
files_read_etc_runtime_files(ricci_modcluster_t)
@ -214,6 +216,8 @@ init_domtrans_script(ricci_modcluster_t)
logging_send_syslog_msg(ricci_modcluster_t)
consoletype_exec(ricci_modcluster_t)
miscfiles_read_localization(ricci_modcluster_t)
modutils_domtrans_insmod(ricci_modcluster_t)
@ -228,10 +232,6 @@ optional_policy(`
ccs_manage_config(ricci_modcluster_t)
')
optional_policy(`
consoletype_exec(ricci_modcluster_t)
')
optional_policy(`
lvm_domtrans(ricci_modcluster_t)
')
@ -287,14 +287,14 @@ corenet_tcp_bind_generic_node(ricci_modclusterd_t)
corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t)
corenet_tcp_connect_ricci_modcluster_port(ricci_modclusterd_t)
domain_dontaudit_read_all_domains_state(ricci_modclusterd_t)
domain_read_all_domains_state(ricci_modclusterd_t)
files_read_etc_files(ricci_modclusterd_t)
files_read_etc_runtime_files(ricci_modclusterd_t)
fs_getattr_xattr_fs(ricci_modclusterd_t)
init_dontaudit_stream_connect_script(ricci_modclusterd_t)
init_stream_connect_script(ricci_modclusterd_t)
locallogin_dontaudit_use_fds(ricci_modclusterd_t)
@ -328,7 +328,7 @@ kernel_read_system_state(ricci_modlog_t)
corecmd_exec_bin(ricci_modlog_t)
domain_dontaudit_read_all_domains_state(ricci_modlog_t)
domain_read_all_domains_state(ricci_modlog_t)
files_read_etc_files(ricci_modlog_t)
files_search_usr(ricci_modlog_t)
@ -432,7 +432,7 @@ dev_read_sysfs(ricci_modstorage_t)
dev_read_urand(ricci_modstorage_t)
dev_manage_generic_blk_files(ricci_modstorage_t)
domain_dontaudit_read_all_domains_state(ricci_modstorage_t)
domain_read_all_domains_state(ricci_modstorage_t)
#Needed for editing /etc/fstab
files_manage_etc_files(ricci_modstorage_t)
@ -452,6 +452,10 @@ miscfiles_read_localization(ricci_modstorage_t)
modutils_read_module_deps(ricci_modstorage_t)
consoletype_exec(ricci_modstorage_t)
mount_domtrans(ricci_modstorage_t)
optional_policy(`
ccs_stream_connect(ricci_modstorage_t)
ccs_read_config(ricci_modstorage_t)