Remove improper usage of userdom_manage_home_role(), userdom_manage_tmp_role(), and userdom_manage_tmpfs_role().
This commit is contained in:
parent
a3b0dc5b3c
commit
1db1836ab9
@ -72,7 +72,7 @@ template(`java_role_template',`
|
|||||||
|
|
||||||
domain_interactive_fd($1_java_t)
|
domain_interactive_fd($1_java_t)
|
||||||
|
|
||||||
userdom_manage_tmpfs_role($2, $1_java_t)
|
userdom_manage_user_tmpfs_files($1_java_t)
|
||||||
|
|
||||||
allow $1_java_t self:process { ptrace signal getsched execmem execstack };
|
allow $1_java_t self:process { ptrace signal getsched execmem execstack };
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(java, 2.3.0)
|
policy_module(java, 2.3.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -40,8 +40,6 @@ template(`mono_role_template',`
|
|||||||
domain_interactive_fd($1_mono_t)
|
domain_interactive_fd($1_mono_t)
|
||||||
application_type($1_mono_t)
|
application_type($1_mono_t)
|
||||||
|
|
||||||
userdom_manage_tmpfs_role($2, $1_mono_t)
|
|
||||||
|
|
||||||
allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
|
allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
|
||||||
|
|
||||||
allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
|
allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
|
||||||
@ -51,6 +49,8 @@ template(`mono_role_template',`
|
|||||||
fs_dontaudit_rw_tmpfs_files($1_mono_t)
|
fs_dontaudit_rw_tmpfs_files($1_mono_t)
|
||||||
corecmd_bin_domtrans($1_mono_t, $1_t)
|
corecmd_bin_domtrans($1_mono_t, $1_t)
|
||||||
|
|
||||||
|
userdom_manage_user_tmpfs_files($1_mono_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
xserver_role($1_r, $1_mono_t)
|
xserver_role($1_r, $1_mono_t)
|
||||||
')
|
')
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(mono, 1.7.0)
|
policy_module(mono, 1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -35,10 +35,6 @@ interface(`pulseaudio_role',`
|
|||||||
allow pulseaudio_t $2:unix_stream_socket connectto;
|
allow pulseaudio_t $2:unix_stream_socket connectto;
|
||||||
allow $2 pulseaudio_t:unix_stream_socket connectto;
|
allow $2 pulseaudio_t:unix_stream_socket connectto;
|
||||||
|
|
||||||
userdom_manage_home_role($1, pulseaudio_t)
|
|
||||||
userdom_manage_tmp_role($1, pulseaudio_t)
|
|
||||||
userdom_manage_tmpfs_role($1, pulseaudio_t)
|
|
||||||
|
|
||||||
allow $2 pulseaudio_t:dbus send_msg;
|
allow $2 pulseaudio_t:dbus send_msg;
|
||||||
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
|
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
|
||||||
')
|
')
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(pulseaudio, 1.2.1)
|
policy_module(pulseaudio, 1.2.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -90,6 +90,11 @@ logging_send_syslog_msg(pulseaudio_t)
|
|||||||
|
|
||||||
miscfiles_read_localization(pulseaudio_t)
|
miscfiles_read_localization(pulseaudio_t)
|
||||||
|
|
||||||
|
# cjp: this seems excessive. need to confirm
|
||||||
|
userdom_manage_user_home_content_files(pulseaudio_t)
|
||||||
|
userdom_manage_user_tmp_files(pulseaudio_t)
|
||||||
|
userdom_manage_user_tmpfs_files(pulseaudio_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
bluetooth_stream_connect(pulseaudio_t)
|
bluetooth_stream_connect(pulseaudio_t)
|
||||||
')
|
')
|
||||||
|
@ -101,7 +101,7 @@ template(`wine_role_template',`
|
|||||||
corecmd_bin_domtrans($1_wine_t, $1_t)
|
corecmd_bin_domtrans($1_wine_t, $1_t)
|
||||||
|
|
||||||
userdom_unpriv_usertype($1, $1_wine_t)
|
userdom_unpriv_usertype($1, $1_wine_t)
|
||||||
userdom_manage_tmpfs_role($2, $1_wine_t)
|
userdom_manage_user_tmpfs_files($1_wine_t)
|
||||||
|
|
||||||
domain_mmap_low($1_wine_t)
|
domain_mmap_low($1_wine_t)
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(wine, 1.7.0)
|
policy_module(wine, 1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -75,10 +75,6 @@ template(`wm_role_template',`
|
|||||||
miscfiles_read_fonts($1_wm_t)
|
miscfiles_read_fonts($1_wm_t)
|
||||||
miscfiles_read_localization($1_wm_t)
|
miscfiles_read_localization($1_wm_t)
|
||||||
|
|
||||||
userdom_manage_home_role($2, $1_wm_t)
|
|
||||||
userdom_manage_tmpfs_role($2, $1_wm_t)
|
|
||||||
userdom_manage_tmp_role($2, $1_wm_t)
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_system_bus_client($1_wm_t)
|
dbus_system_bus_client($1_wm_t)
|
||||||
dbus_session_bus_client($1_wm_t)
|
dbus_session_bus_client($1_wm_t)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(wm, 1.0.1)
|
policy_module(wm, 1.0.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(likewise, 1.0.0)
|
policy_module(likewise, 1.0.1)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -143,7 +143,7 @@ sysnet_use_ldap(lsassd_t)
|
|||||||
sysnet_read_config(lsassd_t)
|
sysnet_read_config(lsassd_t)
|
||||||
|
|
||||||
userdom_home_filetrans_user_home_dir(lsassd_t)
|
userdom_home_filetrans_user_home_dir(lsassd_t)
|
||||||
userdom_manage_home_role(system_r, lsassd_t)
|
userdom_manage_user_home_content_files(lsassd_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
kerberos_rw_keytab(lsassd_t)
|
kerberos_rw_keytab(lsassd_t)
|
||||||
|
@ -2456,6 +2456,26 @@ interface(`userdom_rw_user_tmpfs_files',`
|
|||||||
fs_search_tmpfs($1)
|
fs_search_tmpfs($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Create, read, write, and delete user tmpfs files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`userdom_manage_user_tmpfs_files',`
|
||||||
|
gen_require(`
|
||||||
|
type user_tmpfs_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
manage_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
|
||||||
|
allow $1 user_tmpfs_t:dir list_dir_perms;
|
||||||
|
fs_search_tmpfs($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Get the attributes of a user domain tty.
|
## Get the attributes of a user domain tty.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(userdomain, 4.4.1)
|
policy_module(userdomain, 4.4.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user