trunk: 7 patches from dan.

This commit is contained in:
Chris PeBenito 2009-06-26 13:22:39 +00:00
parent c989807d4a
commit 20272c2b27
8 changed files with 41 additions and 17 deletions

View File

@ -1,5 +1,5 @@
policy_module(apm, 1.9.1) policy_module(apm, 1.9.2)
######################################## ########################################
# #
@ -123,6 +123,7 @@ libs_exec_ld_so(apmd_t)
libs_exec_lib_files(apmd_t) libs_exec_lib_files(apmd_t)
logging_send_syslog_msg(apmd_t) logging_send_syslog_msg(apmd_t)
logging_send_audit_msgs(apmd_t)
miscfiles_read_localization(apmd_t) miscfiles_read_localization(apmd_t)
miscfiles_read_hwdata(apmd_t) miscfiles_read_hwdata(apmd_t)

View File

@ -1,5 +1,5 @@
policy_module(audioentropy, 1.5.0) policy_module(audioentropy, 1.5.1)
######################################## ########################################
# #
@ -40,6 +40,9 @@ dev_read_sound(entropyd_t)
# and sample rate. # and sample rate.
dev_write_sound(entropyd_t) dev_write_sound(entropyd_t)
files_read_etc_files(entropyd_t)
files_read_usr_files(entropyd_t)
fs_getattr_all_fs(entropyd_t) fs_getattr_all_fs(entropyd_t)
fs_search_auto_mountpoints(entropyd_t) fs_search_auto_mountpoints(entropyd_t)
@ -52,6 +55,11 @@ miscfiles_read_localization(entropyd_t)
userdom_dontaudit_use_unpriv_user_fds(entropyd_t) userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
userdom_dontaudit_search_user_home_dirs(entropyd_t) userdom_dontaudit_search_user_home_dirs(entropyd_t)
optional_policy(`
alsa_read_lib(entropyd_t)
alsa_read_rw_config(entropyd_t)
')
optional_policy(` optional_policy(`
seutil_sigchld_newrole(entropyd_t) seutil_sigchld_newrole(entropyd_t)
') ')

View File

@ -1,5 +1,5 @@
policy_module(bitlbee, 1.1.1) policy_module(bitlbee, 1.1.2)
######################################## ########################################
# #
@ -46,6 +46,8 @@ files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)
manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t) manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file) files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
kernel_read_system_state(bitlbee_t)
corenet_all_recvfrom_unlabeled(bitlbee_t) corenet_all_recvfrom_unlabeled(bitlbee_t)
corenet_udp_sendrecv_generic_if(bitlbee_t) corenet_udp_sendrecv_generic_if(bitlbee_t)
corenet_udp_sendrecv_generic_node(bitlbee_t) corenet_udp_sendrecv_generic_node(bitlbee_t)

View File

@ -134,6 +134,7 @@ interface(`lpd_manage_spool',`
files_search_spool($1) files_search_spool($1)
manage_dirs_pattern($1, print_spool_t, print_spool_t) manage_dirs_pattern($1, print_spool_t, print_spool_t)
manage_files_pattern($1, print_spool_t, print_spool_t) manage_files_pattern($1, print_spool_t, print_spool_t)
manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
') ')
######################################## ########################################

View File

@ -1,5 +1,5 @@
policy_module(lpd, 1.11.2) policy_module(lpd, 1.11.3)
######################################## ########################################
# #

View File

@ -1,5 +1,5 @@
policy_module(portreserve, 1.0.0) policy_module(portreserve, 1.0.1)
######################################## ########################################
# #
@ -37,9 +37,11 @@ manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t) manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file }) files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
corenet_all_recvfrom_unlabeled(portreserve_t)
corenet_all_recvfrom_netlabel(portreserve_t)
corenet_tcp_bind_generic_node(portreserve_t) corenet_tcp_bind_generic_node(portreserve_t)
corenet_udp_bind_generic_node(portreserve_t) corenet_udp_bind_generic_node(portreserve_t)
corenet_tcp_bind_all_reserved_ports(portreserve_t) corenet_tcp_bind_all_ports(portreserve_t)
corenet_udp_bind_all_reserved_ports(portreserve_t) corenet_udp_bind_all_ports(portreserve_t)
files_read_etc_files(portreserve_t) files_read_etc_files(portreserve_t)

View File

@ -1,11 +1,19 @@
policy_module(privoxy, 1.8.2) policy_module(privoxy, 1.8.3)
######################################## ########################################
# #
# Declarations # Declarations
# #
## <desc>
## <p>
## Allow privoxy to connect to all ports, not just
## HTTP, FTP, and Gopher ports.
## </p>
## </desc>
gen_tunable(privoxy_connect_any, false)
type privoxy_t; # web_client_domain type privoxy_t; # web_client_domain
type privoxy_exec_t; type privoxy_exec_t;
init_daemon_domain(privoxy_t, privoxy_exec_t) init_daemon_domain(privoxy_t, privoxy_exec_t)
@ -70,23 +78,20 @@ domain_use_interactive_fds(privoxy_t)
files_read_etc_files(privoxy_t) files_read_etc_files(privoxy_t)
auth_use_nsswitch(privoxy_t)
logging_send_syslog_msg(privoxy_t) logging_send_syslog_msg(privoxy_t)
miscfiles_read_localization(privoxy_t) miscfiles_read_localization(privoxy_t)
sysnet_dns_name_resolve(privoxy_t)
userdom_dontaudit_use_unpriv_user_fds(privoxy_t) userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
userdom_dontaudit_search_user_home_dirs(privoxy_t) userdom_dontaudit_search_user_home_dirs(privoxy_t)
# cjp: this should really not be needed # cjp: this should really not be needed
userdom_use_user_terminals(privoxy_t) userdom_use_user_terminals(privoxy_t)
optional_policy(` tunable_policy(`privoxy_connect_any',`
nis_use_ypbind(privoxy_t) corenet_tcp_connect_all_ports(privoxy_t)
') corenet_sendrecv_all_client_packets(privoxy_t)
optional_policy(`
nscd_socket_use(privoxy_t)
') ')
optional_policy(` optional_policy(`

View File

@ -1,5 +1,5 @@
policy_module(sasl, 1.11.2) policy_module(sasl, 1.11.3)
######################################## ########################################
# #
@ -99,6 +99,7 @@ tunable_policy(`allow_saslauthd_read_shadow',`
optional_policy(` optional_policy(`
kerberos_keytab_template(saslauthd, saslauthd_t) kerberos_keytab_template(saslauthd, saslauthd_t)
kerberos_manage_host_rcache(saslauthd_t)
') ')
optional_policy(` optional_policy(`
@ -106,6 +107,10 @@ optional_policy(`
mysql_stream_connect(saslauthd_t) mysql_stream_connect(saslauthd_t)
') ')
optional_policy(`
nis_authenticate(saslauthd_t)
')
optional_policy(` optional_policy(`
seutil_sigchld_newrole(saslauthd_t) seutil_sigchld_newrole(saslauthd_t)
') ')