Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
This commit is contained in:
parent
b46b3ad67f
commit
2528a2d701
@ -20,8 +20,7 @@
|
|||||||
interface(`postfixpolicyd_admin',`
|
interface(`postfixpolicyd_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type postfix_policyd_t, postfix_policyd_conf_t;
|
type postfix_policyd_t, postfix_policyd_conf_t;
|
||||||
type postfix_policyd_var_run_t;
|
type postfix_policyd_var_run_t, postfix_policyd_initrc_exec_t;
|
||||||
type postfix_policyd_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 postfix_policyd_t:process { ptrace signal_perms };
|
allow $1 postfix_policyd_t:process { ptrace signal_perms };
|
||||||
|
@ -417,13 +417,10 @@ interface(`postgresql_unconfined',`
|
|||||||
#
|
#
|
||||||
interface(`postgresql_admin',`
|
interface(`postgresql_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute sepgsql_admin_type;
|
attribute sepgsql_admin_type, sepgsql_client_type;
|
||||||
attribute sepgsql_client_type;
|
type postgresql_t, postgresql_var_run_t, postgresql_initrc_exec_t;
|
||||||
|
type postgresql_tmp_t, postgresql_db_t, postgresql_log_t;
|
||||||
type postgresql_t, postgresql_var_run_t;
|
type postgresql_etc_t;
|
||||||
type postgresql_tmp_t, postgresql_db_t;
|
|
||||||
type postgresql_etc_t, postgresql_log_t;
|
|
||||||
type postgresql_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
typeattribute $1 sepgsql_admin_type;
|
typeattribute $1 sepgsql_admin_type;
|
||||||
|
@ -57,9 +57,8 @@ interface(`postgrey_search_spool',`
|
|||||||
#
|
#
|
||||||
interface(`postgrey_admin',`
|
interface(`postgrey_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type postgrey_t, postgrey_etc_t;
|
type postgrey_t, postgrey_etc_t, postgrey_initrc_exec_t;
|
||||||
type postgrey_var_lib_t, postgrey_var_run_t;
|
type postgrey_var_lib_t, postgrey_var_run_t;
|
||||||
type postgrey_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 postgrey_t:process { ptrace signal_perms };
|
allow $1 postgrey_t:process { ptrace signal_perms };
|
||||||
|
@ -353,11 +353,9 @@ interface(`ppp_initrc_domtrans',`
|
|||||||
interface(`ppp_admin',`
|
interface(`ppp_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
|
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
|
||||||
type pppd_etc_t, pppd_secret_t;
|
type pppd_etc_t, pppd_secret_t, pppd_var_run_t;
|
||||||
type pppd_etc_rw_t, pppd_var_run_t;
|
|
||||||
|
|
||||||
type pptp_t, pptp_log_t, pptp_var_run_t;
|
type pptp_t, pptp_log_t, pptp_var_run_t;
|
||||||
type pppd_initrc_exec_t;
|
type pppd_initrc_exec_t, pppd_etc_rw_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 pppd_t:process { ptrace signal_perms };
|
allow $1 pppd_t:process { ptrace signal_perms };
|
||||||
|
@ -112,13 +112,10 @@ interface(`prelude_manage_spool',`
|
|||||||
#
|
#
|
||||||
interface(`prelude_admin',`
|
interface(`prelude_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type prelude_t, prelude_spool_t;
|
type prelude_t, prelude_spool_t, prelude_initrc_exec_t;
|
||||||
type prelude_var_run_t, prelude_var_lib_t;
|
type prelude_var_run_t, prelude_var_lib_t, prelude_lml_var_run_t;
|
||||||
type prelude_audisp_t, prelude_audisp_var_run_t;
|
type prelude_audisp_t, prelude_audisp_var_run_t, prelude_lml_tmp_t;
|
||||||
type prelude_initrc_exec_t;
|
type prelude_lml_t;
|
||||||
|
|
||||||
type prelude_lml_t, prelude_lml_tmp_t;
|
|
||||||
type prelude_lml_var_run_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 prelude_t:process { ptrace signal_perms };
|
allow $1 prelude_t:process { ptrace signal_perms };
|
||||||
|
@ -19,9 +19,8 @@
|
|||||||
#
|
#
|
||||||
interface(`privoxy_admin',`
|
interface(`privoxy_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type privoxy_t, privoxy_log_t;
|
type privoxy_t, privoxy_log_t, privoxy_initrc_exec_t;
|
||||||
type privoxy_etc_rw_t, privoxy_var_run_t;
|
type privoxy_etc_rw_t, privoxy_var_run_t;
|
||||||
type privoxy_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 privoxy_t:process { ptrace signal_perms };
|
allow $1 privoxy_t:process { ptrace signal_perms };
|
||||||
|
@ -253,8 +253,8 @@ interface(`psad_rw_tmp_files',`
|
|||||||
interface(`psad_admin',`
|
interface(`psad_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type psad_t, psad_var_run_t, psad_var_log_t;
|
type psad_t, psad_var_run_t, psad_var_log_t;
|
||||||
type psad_initrc_exec_t, psad_var_lib_t;
|
type psad_initrc_exec_t, psad_var_lib_t, psad_etc_t;
|
||||||
type psad_tmp_t, psad_etc_t;
|
type psad_tmp_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 psad_t:process { ptrace signal_perms };
|
allow $1 psad_t:process { ptrace signal_perms };
|
||||||
|
@ -109,8 +109,7 @@ interface(`pyzor_exec',`
|
|||||||
interface(`pyzor_admin',`
|
interface(`pyzor_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type pyzord_t, pyzor_tmp_t, pyzord_log_t;
|
type pyzord_t, pyzor_tmp_t, pyzord_log_t;
|
||||||
type pyzor_etc_t, pyzor_var_lib_t;
|
type pyzor_etc_t, pyzor_var_lib_t, pyzord_initrc_exec_t;
|
||||||
type pyzord_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 pyzord_t:process { ptrace signal_perms };
|
allow $1 pyzord_t:process { ptrace signal_perms };
|
||||||
|
@ -176,17 +176,13 @@ interface(`qpidd_manage_var_lib',`
|
|||||||
#
|
#
|
||||||
interface(`qpidd_admin',`
|
interface(`qpidd_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type qpidd_t;
|
type qpidd_t, qpidd_initrc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 qpidd_t:process { ptrace signal_perms };
|
allow $1 qpidd_t:process { ptrace signal_perms };
|
||||||
ps_process_pattern($1, qpidd_t)
|
ps_process_pattern($1, qpidd_t)
|
||||||
|
|
||||||
|
|
||||||
gen_require(`
|
|
||||||
type qpidd_initrc_exec_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
# Allow qpidd_t to restart the apache service
|
# Allow qpidd_t to restart the apache service
|
||||||
qpidd_initrc_domtrans($1)
|
qpidd_initrc_domtrans($1)
|
||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
|
@ -19,8 +19,8 @@
|
|||||||
#
|
#
|
||||||
interface(`radvd_admin',`
|
interface(`radvd_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type radvd_t, radvd_etc_t;
|
type radvd_t, radvd_etc_t, radvd_initrc_exec_t;
|
||||||
type radvd_var_run_t, radvd_initrc_exec_t;
|
type radvd_var_run_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 radvd_t:process { ptrace signal_perms };
|
allow $1 radvd_t:process { ptrace signal_perms };
|
||||||
|
@ -13,9 +13,7 @@
|
|||||||
#
|
#
|
||||||
template(`rhcs_domain_template',`
|
template(`rhcs_domain_template',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute cluster_domain;
|
attribute cluster_domain, cluster_tmpfs, cluster_pid;
|
||||||
attribute cluster_tmpfs;
|
|
||||||
attribute cluster_pid;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
@ -349,8 +347,7 @@ interface(`rhcs_rw_groupd_shm',`
|
|||||||
#
|
#
|
||||||
interface(`rhcs_rw_cluster_shm',`
|
interface(`rhcs_rw_cluster_shm',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute cluster_domain;
|
attribute cluster_domain, cluster_tmpfs;
|
||||||
attribute cluster_tmpfs;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 cluster_domain:shm { rw_shm_perms destroy };
|
allow $1 cluster_domain:shm { rw_shm_perms destroy };
|
||||||
@ -390,8 +387,7 @@ interface(`rhcs_rw_cluster_semaphores',`
|
|||||||
#
|
#
|
||||||
interface(`rhcs_stream_connect_cluster',`
|
interface(`rhcs_stream_connect_cluster',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute cluster_domain;
|
attribute cluster_domain, cluster_pid;
|
||||||
attribute cluster_pid;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
|
@ -761,9 +761,8 @@ interface(`samba_admin',`
|
|||||||
type smbd_t, smbd_tmp_t, samba_secrets_t;
|
type smbd_t, smbd_tmp_t, samba_secrets_t;
|
||||||
type samba_initrc_exec_t, samba_log_t, samba_var_t;
|
type samba_initrc_exec_t, samba_log_t, samba_var_t;
|
||||||
type samba_etc_t, samba_share_t, winbind_log_t;
|
type samba_etc_t, samba_share_t, winbind_log_t;
|
||||||
type swat_var_run_t, swat_tmp_t;
|
type swat_var_run_t, swat_tmp_t, samba_unconfined_script_exec_t;
|
||||||
type winbind_var_run_t, winbind_tmp_t;
|
type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t;
|
||||||
type samba_unconfined_script_t, samba_unconfined_script_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 smbd_t:process { ptrace signal_perms };
|
allow $1 smbd_t:process { ptrace signal_perms };
|
||||||
|
@ -136,8 +136,8 @@ interface(`setroubleshoot_fixit_dontaudit_leaks',`
|
|||||||
#
|
#
|
||||||
interface(`setroubleshoot_admin',`
|
interface(`setroubleshoot_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type setroubleshootd_t, setroubleshoot_var_log_t;
|
type setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_var_run_t;
|
||||||
type setroubleshoot_var_lib_t, setroubleshoot_var_run_t;
|
type setroubleshoot_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 setroubleshootd_t:process { ptrace signal_perms };
|
allow $1 setroubleshootd_t:process { ptrace signal_perms };
|
||||||
|
@ -125,9 +125,8 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
|
|||||||
#
|
#
|
||||||
interface(`snmp_admin',`
|
interface(`snmp_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type snmpd_t, snmpd_log_t;
|
type snmpd_t, snmpd_log_t, snmpd_initrc_exec_t;
|
||||||
type snmpd_var_lib_t, snmpd_var_run_t;
|
type snmpd_var_lib_t, snmpd_var_run_t;
|
||||||
type snmpd_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 snmpd_t:process { ptrace signal_perms };
|
allow $1 snmpd_t:process { ptrace signal_perms };
|
||||||
|
@ -33,9 +33,8 @@ interface(`soundserver_tcp_connect',`
|
|||||||
#
|
#
|
||||||
interface(`soundserver_admin',`
|
interface(`soundserver_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type soundd_t, soundd_etc_t;
|
type soundd_t, soundd_etc_t, soundd_initrc_exec_t;
|
||||||
type soundd_tmp_t, soundd_var_run_t;
|
type soundd_tmp_t, soundd_var_run_t;
|
||||||
type soundd_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 soundd_t:process { ptrace signal_perms };
|
allow $1 soundd_t:process { ptrace signal_perms };
|
||||||
|
@ -358,7 +358,7 @@ interface(`xserver_user_client',`
|
|||||||
#
|
#
|
||||||
template(`xserver_common_x_domain_template',`
|
template(`xserver_common_x_domain_template',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type root_xdrawable_t;
|
type root_xdrawable_t, xdm_t, xserver_t;
|
||||||
type xproperty_t, $1_xproperty_t;
|
type xproperty_t, $1_xproperty_t;
|
||||||
type xevent_t, client_xevent_t;
|
type xevent_t, client_xevent_t;
|
||||||
type input_xevent_t, $1_input_xevent_t;
|
type input_xevent_t, $1_input_xevent_t;
|
||||||
@ -375,7 +375,6 @@ template(`xserver_common_x_domain_template',`
|
|||||||
class x_screen { saver_setattr saver_hide saver_show };
|
class x_screen { saver_setattr saver_hide saver_show };
|
||||||
class x_pointer { get_property set_property manage };
|
class x_pointer { get_property set_property manage };
|
||||||
class x_keyboard { read manage };
|
class x_keyboard { read manage };
|
||||||
type xdm_t, xserver_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
@ -474,8 +473,8 @@ template(`xserver_object_types_template',`
|
|||||||
#
|
#
|
||||||
template(`xserver_user_x_domain_template',`
|
template(`xserver_user_x_domain_template',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type xdm_t, xdm_tmp_t;
|
type xdm_t, xdm_tmp_t, xserver_tmpfs_t;
|
||||||
type xauth_home_t, iceauth_home_t, xserver_t, xserver_tmpfs_t;
|
type xauth_home_t, iceauth_home_t, xserver_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $2 self:shm create_shm_perms;
|
allow $2 self:shm create_shm_perms;
|
||||||
|
@ -61,8 +61,7 @@ interface(`zebra_stream_connect',`
|
|||||||
interface(`zebra_admin',`
|
interface(`zebra_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type zebra_t, zebra_tmp_t, zebra_log_t;
|
type zebra_t, zebra_tmp_t, zebra_log_t;
|
||||||
type zebra_conf_t, zebra_var_run_t;
|
type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t;
|
||||||
type zebra_initrc_exec_t;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 zebra_t:process { ptrace signal_perms };
|
allow $1 zebra_t:process { ptrace signal_perms };
|
||||||
|
Loading…
Reference in New Issue
Block a user