from today's interface review meeting:
s/kernel_use_unlabeled_blk_dev/kernel_rw_unlabeled_blk_dev/g s/kernel_userland_entry/kernel_domtrans_to/g
This commit is contained in:
Chris PeBenito
parent
5850761393
commit
270d428a46
@ -18,7 +18,7 @@
|
|||||||
## The executable type for the entrypoint.
|
## The executable type for the entrypoint.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`kernel_userland_entry',`
|
interface(`kernel_domtrans_to',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type kernel_t;
|
type kernel_t;
|
||||||
')
|
')
|
||||||
@ -1562,7 +1562,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`kernel_use_unlabeled_blk_dev',`
|
interface(`kernel_rw_unlabeled_blk_dev',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type unlabeled_t;
|
type unlabeled_t;
|
||||||
')
|
')
|
||||||
|
|||||||
@ -55,7 +55,7 @@ kernel_change_ring_buffer_level(fsadm_t)
|
|||||||
kernel_getattr_proc(fsadm_t)
|
kernel_getattr_proc(fsadm_t)
|
||||||
# Access to /initrd devices
|
# Access to /initrd devices
|
||||||
kernel_rw_unlabeled_dir(fsadm_t)
|
kernel_rw_unlabeled_dir(fsadm_t)
|
||||||
kernel_use_unlabeled_blk_dev(fsadm_t)
|
kernel_rw_unlabeled_blk_dev(fsadm_t)
|
||||||
|
|
||||||
dev_getattr_all_chr_files(fsadm_t)
|
dev_getattr_all_chr_files(fsadm_t)
|
||||||
# mkreiserfs and other programs need this for UUID
|
# mkreiserfs and other programs need this for UUID
|
||||||
|
|||||||
@ -8,7 +8,7 @@ policy_module(hotplug,1.1.0)
|
|||||||
|
|
||||||
type hotplug_t;
|
type hotplug_t;
|
||||||
type hotplug_exec_t;
|
type hotplug_exec_t;
|
||||||
kernel_userland_entry(hotplug_t,hotplug_exec_t)
|
kernel_domtrans_to(hotplug_t,hotplug_exec_t)
|
||||||
init_daemon_domain(hotplug_t,hotplug_exec_t)
|
init_daemon_domain(hotplug_t,hotplug_exec_t)
|
||||||
|
|
||||||
type hotplug_etc_t;
|
type hotplug_etc_t;
|
||||||
|
|||||||
@ -35,7 +35,7 @@ role system_r types init_t;
|
|||||||
gen_require(`
|
gen_require(`
|
||||||
type init_exec_t;
|
type init_exec_t;
|
||||||
')
|
')
|
||||||
kernel_userland_entry(init_t,init_exec_t)
|
kernel_domtrans_to(init_t,init_exec_t)
|
||||||
domain_entry_file(init_t,init_exec_t)
|
domain_entry_file(init_t,init_exec_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -114,7 +114,7 @@ logging_search_logs(insmod_t)
|
|||||||
miscfiles_read_localization(insmod_t)
|
miscfiles_read_localization(insmod_t)
|
||||||
|
|
||||||
if( ! secure_mode_insmod ) {
|
if( ! secure_mode_insmod ) {
|
||||||
kernel_userland_entry(insmod_t,insmod_exec_t)
|
kernel_domtrans_to(insmod_t,insmod_exec_t)
|
||||||
}
|
}
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms',`
|
ifdef(`hide_broken_symptoms',`
|
||||||
|
|||||||
@ -14,7 +14,7 @@ gen_require(`
|
|||||||
|
|
||||||
type udev_t;
|
type udev_t;
|
||||||
type udev_helper_exec_t;
|
type udev_helper_exec_t;
|
||||||
kernel_userland_entry(udev_t,udev_exec_t)
|
kernel_domtrans_to(udev_t,udev_exec_t)
|
||||||
domain_obj_id_change_exempt(udev_t)
|
domain_obj_id_change_exempt(udev_t)
|
||||||
domain_entry_file(udev_t,udev_helper_exec_t)
|
domain_entry_file(udev_t,udev_helper_exec_t)
|
||||||
domain_wide_inherit_fd(udev_t)
|
domain_wide_inherit_fd(udev_t)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user