trunk: 7 patches from dan.
This commit is contained in:
parent
c989807d4a
commit
20272c2b27
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(apm, 1.9.1)
|
policy_module(apm, 1.9.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -123,6 +123,7 @@ libs_exec_ld_so(apmd_t)
|
|||||||
libs_exec_lib_files(apmd_t)
|
libs_exec_lib_files(apmd_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(apmd_t)
|
logging_send_syslog_msg(apmd_t)
|
||||||
|
logging_send_audit_msgs(apmd_t)
|
||||||
|
|
||||||
miscfiles_read_localization(apmd_t)
|
miscfiles_read_localization(apmd_t)
|
||||||
miscfiles_read_hwdata(apmd_t)
|
miscfiles_read_hwdata(apmd_t)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(audioentropy, 1.5.0)
|
policy_module(audioentropy, 1.5.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -40,6 +40,9 @@ dev_read_sound(entropyd_t)
|
|||||||
# and sample rate.
|
# and sample rate.
|
||||||
dev_write_sound(entropyd_t)
|
dev_write_sound(entropyd_t)
|
||||||
|
|
||||||
|
files_read_etc_files(entropyd_t)
|
||||||
|
files_read_usr_files(entropyd_t)
|
||||||
|
|
||||||
fs_getattr_all_fs(entropyd_t)
|
fs_getattr_all_fs(entropyd_t)
|
||||||
fs_search_auto_mountpoints(entropyd_t)
|
fs_search_auto_mountpoints(entropyd_t)
|
||||||
|
|
||||||
@ -52,6 +55,11 @@ miscfiles_read_localization(entropyd_t)
|
|||||||
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
|
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
|
||||||
userdom_dontaudit_search_user_home_dirs(entropyd_t)
|
userdom_dontaudit_search_user_home_dirs(entropyd_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
alsa_read_lib(entropyd_t)
|
||||||
|
alsa_read_rw_config(entropyd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(entropyd_t)
|
seutil_sigchld_newrole(entropyd_t)
|
||||||
')
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(bitlbee, 1.1.1)
|
policy_module(bitlbee, 1.1.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -46,6 +46,8 @@ files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)
|
|||||||
manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
|
manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
|
||||||
files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
|
files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
|
||||||
|
|
||||||
|
kernel_read_system_state(bitlbee_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(bitlbee_t)
|
corenet_all_recvfrom_unlabeled(bitlbee_t)
|
||||||
corenet_udp_sendrecv_generic_if(bitlbee_t)
|
corenet_udp_sendrecv_generic_if(bitlbee_t)
|
||||||
corenet_udp_sendrecv_generic_node(bitlbee_t)
|
corenet_udp_sendrecv_generic_node(bitlbee_t)
|
||||||
|
@ -134,6 +134,7 @@ interface(`lpd_manage_spool',`
|
|||||||
files_search_spool($1)
|
files_search_spool($1)
|
||||||
manage_dirs_pattern($1, print_spool_t, print_spool_t)
|
manage_dirs_pattern($1, print_spool_t, print_spool_t)
|
||||||
manage_files_pattern($1, print_spool_t, print_spool_t)
|
manage_files_pattern($1, print_spool_t, print_spool_t)
|
||||||
|
manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(lpd, 1.11.2)
|
policy_module(lpd, 1.11.3)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(portreserve, 1.0.0)
|
policy_module(portreserve, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -37,9 +37,11 @@ manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t
|
|||||||
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
|
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
|
||||||
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
|
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
|
||||||
|
|
||||||
|
corenet_all_recvfrom_unlabeled(portreserve_t)
|
||||||
|
corenet_all_recvfrom_netlabel(portreserve_t)
|
||||||
corenet_tcp_bind_generic_node(portreserve_t)
|
corenet_tcp_bind_generic_node(portreserve_t)
|
||||||
corenet_udp_bind_generic_node(portreserve_t)
|
corenet_udp_bind_generic_node(portreserve_t)
|
||||||
corenet_tcp_bind_all_reserved_ports(portreserve_t)
|
corenet_tcp_bind_all_ports(portreserve_t)
|
||||||
corenet_udp_bind_all_reserved_ports(portreserve_t)
|
corenet_udp_bind_all_ports(portreserve_t)
|
||||||
|
|
||||||
files_read_etc_files(portreserve_t)
|
files_read_etc_files(portreserve_t)
|
||||||
|
@ -1,11 +1,19 @@
|
|||||||
|
|
||||||
policy_module(privoxy, 1.8.2)
|
policy_module(privoxy, 1.8.3)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Allow privoxy to connect to all ports, not just
|
||||||
|
## HTTP, FTP, and Gopher ports.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
gen_tunable(privoxy_connect_any, false)
|
||||||
|
|
||||||
type privoxy_t; # web_client_domain
|
type privoxy_t; # web_client_domain
|
||||||
type privoxy_exec_t;
|
type privoxy_exec_t;
|
||||||
init_daemon_domain(privoxy_t, privoxy_exec_t)
|
init_daemon_domain(privoxy_t, privoxy_exec_t)
|
||||||
@ -70,23 +78,20 @@ domain_use_interactive_fds(privoxy_t)
|
|||||||
|
|
||||||
files_read_etc_files(privoxy_t)
|
files_read_etc_files(privoxy_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(privoxy_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(privoxy_t)
|
logging_send_syslog_msg(privoxy_t)
|
||||||
|
|
||||||
miscfiles_read_localization(privoxy_t)
|
miscfiles_read_localization(privoxy_t)
|
||||||
|
|
||||||
sysnet_dns_name_resolve(privoxy_t)
|
|
||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
|
userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
|
||||||
userdom_dontaudit_search_user_home_dirs(privoxy_t)
|
userdom_dontaudit_search_user_home_dirs(privoxy_t)
|
||||||
# cjp: this should really not be needed
|
# cjp: this should really not be needed
|
||||||
userdom_use_user_terminals(privoxy_t)
|
userdom_use_user_terminals(privoxy_t)
|
||||||
|
|
||||||
optional_policy(`
|
tunable_policy(`privoxy_connect_any',`
|
||||||
nis_use_ypbind(privoxy_t)
|
corenet_tcp_connect_all_ports(privoxy_t)
|
||||||
')
|
corenet_sendrecv_all_client_packets(privoxy_t)
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(privoxy_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(sasl, 1.11.2)
|
policy_module(sasl, 1.11.3)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -99,6 +99,7 @@ tunable_policy(`allow_saslauthd_read_shadow',`
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
kerberos_keytab_template(saslauthd, saslauthd_t)
|
kerberos_keytab_template(saslauthd, saslauthd_t)
|
||||||
|
kerberos_manage_host_rcache(saslauthd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -106,6 +107,10 @@ optional_policy(`
|
|||||||
mysql_stream_connect(saslauthd_t)
|
mysql_stream_connect(saslauthd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
nis_authenticate(saslauthd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(saslauthd_t)
|
seutil_sigchld_newrole(saslauthd_t)
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user