ricci patch from dan.
This commit is contained in:
Chris PeBenito
parent
d8822462c4
commit
1847443ea3
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ricci, 1.5.2)
|
||||
policy_module(ricci, 1.5.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -133,6 +133,8 @@ corenet_tcp_connect_http_port(ricci_t)
|
||||
|
||||
dev_read_urand(ricci_t)
|
||||
|
||||
domain_read_all_domains_state(ricci_t)
|
||||
|
||||
files_read_etc_files(ricci_t)
|
||||
files_read_etc_runtime_files(ricci_t)
|
||||
files_create_boot_flag(ricci_t)
|
||||
@ -140,7 +142,7 @@ files_create_boot_flag(ricci_t)
|
||||
auth_domtrans_chk_passwd(ricci_t)
|
||||
auth_append_login_records(ricci_t)
|
||||
|
||||
init_dontaudit_stream_connect_script(ricci_t)
|
||||
init_stream_connect_script(ricci_t)
|
||||
|
||||
locallogin_dontaudit_use_fds(ricci_t)
|
||||
|
||||
@ -202,7 +204,7 @@ kernel_read_system_state(ricci_modcluster_t)
|
||||
corecmd_exec_shell(ricci_modcluster_t)
|
||||
corecmd_exec_bin(ricci_modcluster_t)
|
||||
|
||||
domain_dontaudit_read_all_domains_state(ricci_modcluster_t)
|
||||
domain_read_all_domains_state(ricci_modcluster_t)
|
||||
|
||||
files_search_locks(ricci_modcluster_t)
|
||||
files_read_etc_runtime_files(ricci_modcluster_t)
|
||||
@ -214,6 +216,8 @@ init_domtrans_script(ricci_modcluster_t)
|
||||
|
||||
logging_send_syslog_msg(ricci_modcluster_t)
|
||||
|
||||
consoletype_exec(ricci_modcluster_t)
|
||||
|
||||
miscfiles_read_localization(ricci_modcluster_t)
|
||||
|
||||
modutils_domtrans_insmod(ricci_modcluster_t)
|
||||
@ -228,10 +232,6 @@ optional_policy(`
|
||||
ccs_manage_config(ricci_modcluster_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
consoletype_exec(ricci_modcluster_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
lvm_domtrans(ricci_modcluster_t)
|
||||
')
|
||||
@ -287,14 +287,14 @@ corenet_tcp_bind_generic_node(ricci_modclusterd_t)
|
||||
corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t)
|
||||
corenet_tcp_connect_ricci_modcluster_port(ricci_modclusterd_t)
|
||||
|
||||
domain_dontaudit_read_all_domains_state(ricci_modclusterd_t)
|
||||
domain_read_all_domains_state(ricci_modclusterd_t)
|
||||
|
||||
files_read_etc_files(ricci_modclusterd_t)
|
||||
files_read_etc_runtime_files(ricci_modclusterd_t)
|
||||
|
||||
fs_getattr_xattr_fs(ricci_modclusterd_t)
|
||||
|
||||
init_dontaudit_stream_connect_script(ricci_modclusterd_t)
|
||||
init_stream_connect_script(ricci_modclusterd_t)
|
||||
|
||||
locallogin_dontaudit_use_fds(ricci_modclusterd_t)
|
||||
|
||||
@ -328,7 +328,7 @@ kernel_read_system_state(ricci_modlog_t)
|
||||
|
||||
corecmd_exec_bin(ricci_modlog_t)
|
||||
|
||||
domain_dontaudit_read_all_domains_state(ricci_modlog_t)
|
||||
domain_read_all_domains_state(ricci_modlog_t)
|
||||
|
||||
files_read_etc_files(ricci_modlog_t)
|
||||
files_search_usr(ricci_modlog_t)
|
||||
@ -432,7 +432,7 @@ dev_read_sysfs(ricci_modstorage_t)
|
||||
dev_read_urand(ricci_modstorage_t)
|
||||
dev_manage_generic_blk_files(ricci_modstorage_t)
|
||||
|
||||
domain_dontaudit_read_all_domains_state(ricci_modstorage_t)
|
||||
domain_read_all_domains_state(ricci_modstorage_t)
|
||||
|
||||
#Needed for editing /etc/fstab
|
||||
files_manage_etc_files(ricci_modstorage_t)
|
||||
@ -452,6 +452,10 @@ miscfiles_read_localization(ricci_modstorage_t)
|
||||
|
||||
modutils_read_module_deps(ricci_modstorage_t)
|
||||
|
||||
consoletype_exec(ricci_modstorage_t)
|
||||
|
||||
mount_domtrans(ricci_modstorage_t)
|
||||
|
||||
optional_policy(`
|
||||
ccs_stream_connect(ricci_modstorage_t)
|
||||
ccs_read_config(ricci_modstorage_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user