Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
This commit is contained in:
Dominick Grift
parent
e8ea772d89
commit
1976ddda24
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run gnomeclock.
|
## Execute a domain transition to run gnomeclock.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`gnomeclock_domtrans',`
|
interface(`gnomeclock_domtrans',`
|
||||||
|
|||||||
@ -70,7 +70,7 @@ interface(`hal_use_fds',`
|
|||||||
type hald_t;
|
type hald_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 hald_t:fd use;
|
allow $1 hald_t:fd use;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -88,7 +88,7 @@ interface(`hal_dontaudit_use_fds',`
|
|||||||
type hald_t;
|
type hald_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 hald_t:fd use;
|
dontaudit $1 hald_t:fd use;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -107,7 +107,7 @@ interface(`hal_rw_pipes',`
|
|||||||
type hald_t;
|
type hald_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 hald_t:fifo_file rw_fifo_file_perms;
|
allow $1 hald_t:fifo_file rw_fifo_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -126,7 +126,7 @@ interface(`hal_dontaudit_rw_pipes',`
|
|||||||
type hald_t;
|
type hald_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
|
dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -360,7 +360,7 @@ interface(`hal_read_pid_files',`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Do not audit attempts to read
|
## Do not audit attempts to read
|
||||||
## hald PID files.
|
## hald PID files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@ -451,9 +451,9 @@ interface(`hal_dontaudit_leaks',`
|
|||||||
type hald_var_run_t;
|
type hald_var_run_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 hald_t:fd use;
|
dontaudit $1 hald_t:fd use;
|
||||||
dontaudit $1 hald_log_t:file rw_inherited_file_perms;
|
dontaudit $1 hald_log_t:file rw_inherited_file_perms;
|
||||||
dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
|
dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
|
||||||
dontaudit hald_t $1:socket_class_set { read write };
|
dontaudit hald_t $1:socket_class_set { read write };
|
||||||
dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
|
dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
|
||||||
')
|
')
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run icecast.
|
## Execute a domain transition to run icecast.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`icecast_domtrans',`
|
interface(`icecast_domtrans',`
|
||||||
@ -118,9 +118,9 @@ interface(`icecast_read_log',`
|
|||||||
## icecast log files.
|
## icecast log files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`icecast_append_log',`
|
interface(`icecast_append_log',`
|
||||||
@ -183,7 +183,5 @@ interface(`icecast_admin',`
|
|||||||
allow $2 system_r;
|
allow $2 system_r;
|
||||||
|
|
||||||
icecast_manage_pid_files($1)
|
icecast_manage_pid_files($1)
|
||||||
|
|
||||||
icecast_manage_log($1)
|
icecast_manage_log($1)
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run ifplugd.
|
## Execute a domain transition to run ifplugd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`ifplugd_domtrans',`
|
interface(`ifplugd_domtrans',`
|
||||||
|
|||||||
@ -55,7 +55,6 @@ interface(`inetd_core_service_domain',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`inetd_tcp_service_domain',`
|
interface(`inetd_tcp_service_domain',`
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type inetd_t;
|
type inetd_t;
|
||||||
')
|
')
|
||||||
|
|||||||
@ -2,95 +2,95 @@
|
|||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute a domain transition to run jabberd services
|
## Execute a domain transition to run jabberd services
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`jabber_domtrans_jabberd',`
|
interface(`jabber_domtrans_jabberd',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type jabberd_t, jabberd_exec_t;
|
type jabberd_t, jabberd_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, jabberd_exec_t, jabberd_t)
|
domtrans_pattern($1, jabberd_exec_t, jabberd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute a domain transition to run jabberd router service
|
## Execute a domain transition to run jabberd router service
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`jabber_domtrans_jabberd_router',`
|
interface(`jabber_domtrans_jabberd_router',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type jabberd_router_t, jabberd_router_exec_t;
|
type jabberd_router_t, jabberd_router_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
|
domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read jabberd lib files.
|
## Read jabberd lib files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`jabberd_read_lib_files',`
|
interface(`jabberd_read_lib_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type jabberd_var_lib_t;
|
type jabberd_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Dontaudit inherited read jabberd lib files.
|
## Dontaudit inherited read jabberd lib files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain to not audit.
|
## Domain to not audit.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`jabberd_dontaudit_read_lib_files',`
|
interface(`jabberd_dontaudit_read_lib_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type jabberd_var_lib_t;
|
type jabberd_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
|
dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create, read, write, and delete
|
## Create, read, write, and delete
|
||||||
## jabberd lib files.
|
## jabberd lib files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`jabberd_manage_lib_files',`
|
interface(`jabberd_manage_lib_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type jabberd_var_lib_t;
|
type jabberd_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -121,7 +121,7 @@ interface(`jabber_admin',`
|
|||||||
ps_process_pattern($1, jabberd_t)
|
ps_process_pattern($1, jabberd_t)
|
||||||
|
|
||||||
allow $1 jabberd_router_t:process { ptrace signal_perms };
|
allow $1 jabberd_router_t:process { ptrace signal_perms };
|
||||||
ps_process_pattern($1, jabberd_router_t)
|
ps_process_pattern($1, jabberd_router_t)
|
||||||
|
|
||||||
init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
|
init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
|
||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
|
|||||||
@ -26,9 +26,9 @@
|
|||||||
## Execute kadmind in the current domain
|
## Execute kadmind in the current domain
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`kerberos_exec_kadmind',`
|
interface(`kerberos_exec_kadmind',`
|
||||||
@ -44,9 +44,9 @@ interface(`kerberos_exec_kadmind',`
|
|||||||
## Execute a domain transition to run kpropd.
|
## Execute a domain transition to run kpropd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`kerberos_domtrans_kpropd',`
|
interface(`kerberos_domtrans_kpropd',`
|
||||||
@ -235,7 +235,7 @@ template(`kerberos_keytab_template',`
|
|||||||
type $1_keytab_t;
|
type $1_keytab_t;
|
||||||
files_type($1_keytab_t)
|
files_type($1_keytab_t)
|
||||||
|
|
||||||
allow $2 $1_keytab_t:file read_file_perms;
|
allow $2 $1_keytab_t:file read_file_perms;
|
||||||
|
|
||||||
kerberos_read_keytab($2)
|
kerberos_read_keytab($2)
|
||||||
kerberos_use($2)
|
kerberos_use($2)
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run kerneloops.
|
## Execute a domain transition to run kerneloops.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`kerneloops_domtrans',`
|
interface(`kerneloops_domtrans',`
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run ksmtuned.
|
## Execute a domain transition to run ksmtuned.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`ksmtuned_domtrans',`
|
interface(`ksmtuned_domtrans',`
|
||||||
@ -70,5 +70,4 @@ interface(`ksmtuned_admin',`
|
|||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
role_transition $2 ksmtuned_initrc_exec_t system_r;
|
role_transition $2 ksmtuned_initrc_exec_t system_r;
|
||||||
allow $2 system_r;
|
allow $2 system_r;
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|||||||
@ -2,42 +2,40 @@
|
|||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute OpenLDAP in the ldap domain.
|
## Execute OpenLDAP in the ldap domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`ldap_domtrans',`
|
interface(`ldap_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type slapd_t, slapd_exec_t;
|
type slapd_t, slapd_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, slapd_exec_t, slapd_t)
|
|
||||||
|
|
||||||
|
domtrans_pattern($1, slapd_exec_t, slapd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute OpenLDAP server in the ldap domain.
|
## Execute OpenLDAP server in the ldap domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`ldap_initrc_domtrans',`
|
interface(`ldap_initrc_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type slapd_initrc_exec_t;
|
type slapd_initrc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
init_labeled_script_domtrans($1, slapd_initrc_exec_t)
|
init_labeled_script_domtrans($1, slapd_initrc_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read the contents of the OpenLDAP
|
## Read the contents of the OpenLDAP
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run lircd.
|
## Execute a domain transition to run lircd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`lircd_domtrans',`
|
interface(`lircd_domtrans',`
|
||||||
@ -16,7 +16,6 @@ interface(`lircd_domtrans',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
domain_auto_trans($1, lircd_exec_t, lircd_t)
|
domain_auto_trans($1, lircd_exec_t, lircd_t)
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|
||||||
######################################
|
######################################
|
||||||
@ -44,9 +43,9 @@ interface(`lircd_stream_connect',`
|
|||||||
## Read lircd etc file
|
## Read lircd etc file
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`lircd_read_config',`
|
interface(`lircd_read_config',`
|
||||||
|
|||||||
@ -16,7 +16,7 @@
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
template(`mailman_domain_template', `
|
template(`mailman_domain_template',`
|
||||||
type mailman_$1_t;
|
type mailman_$1_t;
|
||||||
domain_type(mailman_$1_t)
|
domain_type(mailman_$1_t)
|
||||||
role system_r types mailman_$1_t;
|
role system_r types mailman_$1_t;
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run memcached.
|
## Execute a domain transition to run memcached.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`memcached_domtrans',`
|
interface(`memcached_domtrans',`
|
||||||
|
|||||||
@ -121,19 +121,19 @@ interface(`milter_manage_spamass_state',`
|
|||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Delete dkim-milter PID files.
|
## Delete dkim-milter PID files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`milter_delete_dkim_pid_files',`
|
interface(`milter_delete_dkim_pid_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type dkim_milter_data_t;
|
type dkim_milter_data_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
|
delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
## <summary>policy for mock</summary>
|
## <summary>policy for mock</summary>
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -6,9 +5,9 @@
|
|||||||
## Execute a domain transition to run mock.
|
## Execute a domain transition to run mock.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mock_domtrans',`
|
interface(`mock_domtrans',`
|
||||||
@ -19,7 +18,6 @@ interface(`mock_domtrans',`
|
|||||||
domtrans_pattern($1, mock_exec_t, mock_t)
|
domtrans_pattern($1, mock_exec_t, mock_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Search mock lib directories.
|
## Search mock lib directories.
|
||||||
@ -55,7 +53,7 @@ interface(`mock_read_lib_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -75,7 +73,7 @@ interface(`mock_manage_lib_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -94,7 +92,7 @@ interface(`mock_manage_lib_dirs',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
@ -113,7 +111,7 @@ interface(`mock_manage_lib_symlinks',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -132,7 +130,7 @@ interface(`mock_manage_lib_chr_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -177,7 +175,7 @@ interface(`mock_run',`
|
|||||||
#
|
#
|
||||||
interface(`mock_role',`
|
interface(`mock_role',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mock_t;
|
type mock_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
role $1 types mock_t;
|
role $1 types mock_t;
|
||||||
@ -226,7 +224,7 @@ interface(`mock_signal',`
|
|||||||
interface(`mock_admin',`
|
interface(`mock_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mock_t;
|
type mock_t;
|
||||||
type mock_var_lib_t;
|
type mock_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 mock_t:process { ptrace signal_perms };
|
allow $1 mock_t:process { ptrace signal_perms };
|
||||||
@ -234,5 +232,4 @@ interface(`mock_admin',`
|
|||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
admin_pattern($1, mock_var_lib_t)
|
admin_pattern($1, mock_var_lib_t)
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run modemmanager.
|
## Execute a domain transition to run modemmanager.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`modemmanager_domtrans',`
|
interface(`modemmanager_domtrans',`
|
||||||
|
|||||||
@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
## <summary>policy for daemon for playing music</summary>
|
## <summary>policy for daemon for playing music</summary>
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -6,9 +5,9 @@
|
|||||||
## Execute a domain transition to run mpd.
|
## Execute a domain transition to run mpd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mpd_domtrans',`
|
interface(`mpd_domtrans',`
|
||||||
@ -19,7 +18,6 @@ interface(`mpd_domtrans',`
|
|||||||
domtrans_pattern($1, mpd_exec_t, mpd_t)
|
domtrans_pattern($1, mpd_exec_t, mpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute mpd server in the mpd domain.
|
## Execute mpd server in the mpd domain.
|
||||||
@ -40,79 +38,79 @@ interface(`mpd_initrc_domtrans',`
|
|||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read mpd data files.
|
## Read mpd data files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mpd_read_data_files',`
|
interface(`mpd_read_data_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mpd_data_t;
|
type mpd_data_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
mpd_search_lib($1)
|
mpd_search_lib($1)
|
||||||
read_files_pattern($1, mpd_data_t, mpd_data_t)
|
read_files_pattern($1, mpd_data_t, mpd_data_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read mpd tmpfs files.
|
## Read mpd tmpfs files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mpd_read_tmpfs_files',`
|
interface(`mpd_read_tmpfs_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mpd_tmpfs_t;
|
type mpd_tmpfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
fs_search_tmpfs($1)
|
fs_search_tmpfs($1)
|
||||||
read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
###################################
|
###################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Manage mpd tmpfs files.
|
## Manage mpd tmpfs files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mpd_manage_tmpfs_files',`
|
interface(`mpd_manage_tmpfs_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mpd_tmpfs_t;
|
type mpd_tmpfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
fs_search_tmpfs($1)
|
fs_search_tmpfs($1)
|
||||||
manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||||
manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Manage mpd data files.
|
## Manage mpd data files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mpd_manage_data_files',`
|
interface(`mpd_manage_data_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mpd_data_t;
|
type mpd_data_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
mpd_search_lib($1)
|
mpd_search_lib($1)
|
||||||
manage_files_pattern($1, mpd_data_t, mpd_data_t)
|
manage_files_pattern($1, mpd_data_t, mpd_data_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -150,7 +148,7 @@ interface(`mpd_read_lib_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -170,36 +168,36 @@ interface(`mpd_manage_lib_files',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create an object in the root directory, with a private
|
## Create an object in the root directory, with a private
|
||||||
## type using a type transition.
|
## type using a type transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
## <param name="private type">
|
## <param name="private type">
|
||||||
## <summary>
|
## <summary>
|
||||||
## The type of the object to be created.
|
## The type of the object to be created.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
## <param name="object">
|
## <param name="object">
|
||||||
## <summary>
|
## <summary>
|
||||||
## The object class of the object being created.
|
## The object class of the object being created.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mpd_var_lib_filetrans',`
|
interface(`mpd_var_lib_filetrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mpd_var_lib_t;
|
type mpd_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
filetrans_pattern($1, mpd_var_lib_t, $2, $3)
|
filetrans_pattern($1, mpd_var_lib_t, $2, $3)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -218,7 +216,7 @@ interface(`mpd_manage_lib_dirs',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -245,7 +243,7 @@ interface(`mpd_admin',`
|
|||||||
type mpd_etc_t;
|
type mpd_etc_t;
|
||||||
type mpd_data_t;
|
type mpd_data_t;
|
||||||
type mpd_log_t;
|
type mpd_log_t;
|
||||||
type mpd_var_lib_t;
|
type mpd_var_lib_t;
|
||||||
type mpd_tmpfs_t;
|
type mpd_tmpfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -258,11 +256,11 @@ interface(`mpd_admin',`
|
|||||||
allow $2 system_r;
|
allow $2 system_r;
|
||||||
|
|
||||||
admin_pattern($1, mpd_etc_t)
|
admin_pattern($1, mpd_etc_t)
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
admin_pattern($1, mpd_var_lib_t)
|
admin_pattern($1, mpd_var_lib_t)
|
||||||
|
|
||||||
mpd_search_lib($1)
|
mpd_search_lib($1)
|
||||||
admin_pattern($1, mpd_data_t)
|
admin_pattern($1, mpd_data_t)
|
||||||
|
|
||||||
|
|||||||
@ -39,7 +39,6 @@ interface(`mta_stub',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
template(`mta_base_mail_template',`
|
template(`mta_base_mail_template',`
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute user_mail_domain;
|
attribute user_mail_domain;
|
||||||
type sendmail_exec_t;
|
type sendmail_exec_t;
|
||||||
@ -225,18 +224,18 @@ interface(`mta_agent_executable',`
|
|||||||
## Dontaudit read and write an leaked file descriptors
|
## Dontaudit read and write an leaked file descriptors
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mta_dontaudit_leaks_system_mail',`
|
interface(`mta_dontaudit_leaks_system_mail',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_mail_t;
|
type system_mail_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 system_mail_t:fifo_file write;
|
dontaudit $1 system_mail_t:fifo_file write;
|
||||||
dontaudit $1 system_mail_t:tcp_socket { read write };
|
dontaudit $1 system_mail_t:tcp_socket { read write };
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -376,7 +375,7 @@ interface(`mta_send_mail',`
|
|||||||
allow mta_user_agent $1:process sigchld;
|
allow mta_user_agent $1:process sigchld;
|
||||||
allow mta_user_agent $1:fifo_file rw_fifo_file_perms;
|
allow mta_user_agent $1:fifo_file rw_fifo_file_perms;
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms', `
|
ifdef(`hide_broken_symptoms',`
|
||||||
dontaudit system_mail_t $1:socket_class_set { read write };
|
dontaudit system_mail_t $1:socket_class_set { read write };
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
@ -962,20 +961,20 @@ interface(`mta_filetrans_aliases',`
|
|||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## ALlow domain to read mail content in the homedir
|
## ALlow domain to read mail content in the homedir
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`mta_read_home',`
|
interface(`mta_read_home',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mail_home_t;
|
type mail_home_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
userdom_search_user_home_dirs($1)
|
userdom_search_user_home_dirs($1)
|
||||||
userdom_search_admin_dir($1)
|
userdom_search_admin_dir($1)
|
||||||
read_files_pattern($1, mail_home_t, mail_home_t)
|
read_files_pattern($1, mail_home_t, mail_home_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -37,8 +37,7 @@ template(`munin_plugin_template',`
|
|||||||
# automatic transition rules from munin domain
|
# automatic transition rules from munin domain
|
||||||
# to specific munin plugin domain
|
# to specific munin plugin domain
|
||||||
domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t)
|
domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t)
|
||||||
allow munin_t $1_munin_plugin_t:process signal;
|
allow munin_t $1_munin_plugin_t:process signal;
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -85,20 +84,20 @@ interface(`munin_read_config',`
|
|||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## dontaudit read and write an leaked file descriptors
|
## dontaudit read and write an leaked file descriptors
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`munin_dontaudit_leaks',`
|
interface(`munin_dontaudit_leaks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type munin_t;
|
type munin_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 munin_t:tcp_socket { read write };
|
dontaudit $1 munin_t:tcp_socket { read write };
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
|
|||||||
@ -12,7 +12,6 @@
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
template(`nagios_plugin_template',`
|
template(`nagios_plugin_template',`
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type nagios_t, nrpe_t;
|
type nagios_t, nrpe_t;
|
||||||
type nagios_log_t;
|
type nagios_log_t;
|
||||||
|
|||||||
@ -43,9 +43,9 @@ interface(`networkmanager_rw_packet_sockets',`
|
|||||||
## Allow caller to relabel tun_socket
|
## Allow caller to relabel tun_socket
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`networkmanager_attach_tun_iface',`
|
interface(`networkmanager_attach_tun_iface',`
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run nslcd.
|
## Execute a domain transition to run nslcd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`nslcd_domtrans',`
|
interface(`nslcd_domtrans',`
|
||||||
|
|||||||
@ -9,9 +9,9 @@
|
|||||||
## Execute a domain transition to run oddjob.
|
## Execute a domain transition to run oddjob.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`oddjob_domtrans',`
|
interface(`oddjob_domtrans',`
|
||||||
@ -24,21 +24,21 @@ interface(`oddjob_domtrans',`
|
|||||||
|
|
||||||
#####################################
|
#####################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Do not audit attempts to read and write
|
## Do not audit attempts to read and write
|
||||||
## oddjob fifo file.
|
## oddjob fifo file.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain to not audit.
|
## Domain to not audit.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`oddjob_dontaudit_rw_fifo_file',`
|
interface(`oddjob_dontaudit_rw_fifo_file',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type shutdown_t;
|
type shutdown_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
|
dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -89,20 +89,20 @@ interface(`oddjob_dbus_chat',`
|
|||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Send a SIGCHLD signal to oddjob.
|
## Send a SIGCHLD signal to oddjob.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`oddjob_sigchld',`
|
interface(`oddjob_sigchld',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type oddjob_t;
|
type oddjob_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 oddjob_t:process sigchld;
|
allow $1 oddjob_t:process sigchld;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|||||||
@ -18,7 +18,7 @@
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`oident_read_user_content', `
|
interface(`oident_read_user_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type oidentd_home_t;
|
type oidentd_home_t;
|
||||||
')
|
')
|
||||||
@ -38,7 +38,7 @@ interface(`oident_read_user_content', `
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`oident_manage_user_content', `
|
interface(`oident_manage_user_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type oidentd_home_t;
|
type oidentd_home_t;
|
||||||
')
|
')
|
||||||
@ -58,7 +58,7 @@ interface(`oident_manage_user_content', `
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`oident_relabel_user_content', `
|
interface(`oident_relabel_user_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type oidentd_home_t;
|
type oidentd_home_t;
|
||||||
')
|
')
|
||||||
|
|||||||
@ -23,9 +23,9 @@ interface(`openct_signull',`
|
|||||||
## Execute openct in the caller domain.
|
## Execute openct in the caller domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`openct_exec',`
|
interface(`openct_exec',`
|
||||||
@ -42,9 +42,9 @@ interface(`openct_exec',`
|
|||||||
## Execute a domain transition to run openct.
|
## Execute a domain transition to run openct.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`openct_domtrans',`
|
interface(`openct_domtrans',`
|
||||||
|
|||||||
@ -25,7 +25,7 @@
|
|||||||
## </param>
|
## </param>
|
||||||
## <rolecap/>
|
## <rolecap/>
|
||||||
#
|
#
|
||||||
interface(`pads_admin', `
|
interface(`pads_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type pads_t, pads_config_t;
|
type pads_t, pads_config_t;
|
||||||
type pads_var_run_t, pads_initrc_exec_t;
|
type pads_var_run_t, pads_initrc_exec_t;
|
||||||
|
|||||||
@ -2,19 +2,19 @@
|
|||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute passenger in the passenger domain.
|
## Execute passenger in the passenger domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## The type of the process performing this action.
|
## The type of the process performing this action.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`passenger_domtrans',`
|
interface(`passenger_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type passenger_t;
|
type passenger_t;
|
||||||
type passenger_exec_t;
|
type passenger_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 self:capability { fowner fsetid };
|
allow $1 self:capability { fowner fsetid };
|
||||||
|
|
||||||
@ -27,43 +27,42 @@ interface(`passenger_domtrans',`
|
|||||||
|
|
||||||
######################################
|
######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Manage passenger var_run content.
|
## Manage passenger var_run content.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`passenger_manage_pid_content',`
|
interface(`passenger_manage_pid_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type passenger_var_run_t;
|
type passenger_var_run_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||||
manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||||
manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||||
manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read passenger lib files
|
## Read passenger lib files
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain to not audit.
|
## Domain to not audit.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`passenger_read_lib_files',`
|
interface(`passenger_read_lib_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type passenger_var_lib_t;
|
type passenger_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
||||||
read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run pcscd.
|
## Execute a domain transition to run pcscd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`pcscd_domtrans',`
|
interface(`pcscd_domtrans',`
|
||||||
|
|||||||
@ -5,9 +5,9 @@
|
|||||||
## Execute a domain transition to run pingd.
|
## Execute a domain transition to run pingd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`pingd_domtrans',`
|
interface(`pingd_domtrans',`
|
||||||
@ -55,7 +55,6 @@ interface(`pingd_manage_config',`
|
|||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
|
manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
|
||||||
manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
|
manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
|
||||||
|
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
|
|||||||
@ -1,44 +1,42 @@
|
|||||||
|
|
||||||
## <summary>policy for piranha</summary>
|
## <summary>policy for piranha</summary>
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Creates types and rules for a basic
|
## Creates types and rules for a basic
|
||||||
## cluster init daemon domain.
|
## cluster init daemon domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="prefix">
|
## <param name="prefix">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Prefix for the domain.
|
## Prefix for the domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
template(`piranha_domain_template',`
|
template(`piranha_domain_template',`
|
||||||
|
gen_require(`
|
||||||
gen_require(`
|
attribute piranha_domain;
|
||||||
attribute piranha_domain;
|
')
|
||||||
')
|
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
# piranha_$1_t declarations
|
# piranha_$1_t declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
type piranha_$1_t, piranha_domain;
|
type piranha_$1_t, piranha_domain;
|
||||||
type piranha_$1_exec_t;
|
type piranha_$1_exec_t;
|
||||||
init_daemon_domain(piranha_$1_t, piranha_$1_exec_t)
|
init_daemon_domain(piranha_$1_t, piranha_$1_exec_t)
|
||||||
|
|
||||||
# pid files
|
# pid files
|
||||||
type piranha_$1_var_run_t;
|
type piranha_$1_var_run_t;
|
||||||
files_pid_file(piranha_$1_var_run_t)
|
files_pid_file(piranha_$1_var_run_t)
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
# piranha_$1_t local policy
|
# piranha_$1_t local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
||||||
manage_dirs_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
manage_dirs_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
|
||||||
files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file })
|
files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file })
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -46,9 +44,9 @@ template(`piranha_domain_template',`
|
|||||||
## Execute a domain transition to run fos.
|
## Execute a domain transition to run fos.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`piranha_domtrans_fos',`
|
interface(`piranha_domtrans_fos',`
|
||||||
@ -61,56 +59,56 @@ interface(`piranha_domtrans_fos',`
|
|||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute a domain transition to run lvsd.
|
## Execute a domain transition to run lvsd.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`piranha_domtrans_lvs',`
|
interface(`piranha_domtrans_lvs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type piranha_lvs_t, piranha_lvs_exec_t;
|
type piranha_lvs_t, piranha_lvs_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
|
domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute a domain transition to run pulse.
|
## Execute a domain transition to run pulse.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`piranha_domtrans_pulse',`
|
interface(`piranha_domtrans_pulse',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type piranha_pulse_t, piranha_pulse_exec_t;
|
type piranha_pulse_t, piranha_pulse_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
|
domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute pulse server in the pulse domain.
|
## Execute pulse server in the pulse domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`piranha_pulse_initrc_domtrans',`
|
interface(`piranha_pulse_initrc_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type piranha_pulse_initrc_exec_t;
|
type piranha_pulse_initrc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
|
init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -130,7 +128,7 @@ interface(`piranha_read_log',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
read_files_pattern($1, piranha_log_t, piranha_log_t)
|
read_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -139,9 +137,9 @@ interface(`piranha_read_log',`
|
|||||||
## piranha log files.
|
## piranha log files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed to transition.
|
## Domain allowed to transition.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`piranha_append_log',`
|
interface(`piranha_append_log',`
|
||||||
@ -169,7 +167,7 @@ interface(`piranha_manage_log',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
|
manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
|
||||||
manage_files_pattern($1, piranha_log_t, piranha_log_t)
|
manage_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||||
manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
|
manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
|
||||||
')
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user