Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
This commit is contained in:
parent
3507be9506
commit
2a724571c9
@ -710,8 +710,8 @@ interface(`postfix_admin',`
|
||||
allow $1 postfix_smtpd_t:process { ptrace signal_perms };
|
||||
ps_process_pattern($1, postfix_smtpd_t)
|
||||
|
||||
postfix_run_map($1,$2)
|
||||
postfix_run_postdrop($1,$2)
|
||||
postfix_run_map($1, $2)
|
||||
postfix_run_postdrop($1, $2)
|
||||
|
||||
postfix_initrc_domtrans($1)
|
||||
domain_system_change_exemption($1)
|
||||
|
@ -10,7 +10,7 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="user_domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## The type of the user domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
@ -312,7 +312,7 @@ interface(`postgresql_stream_connect',`
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_tmp($1)
|
||||
stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t}, { postgresql_var_run_t postgresql_tmp_t}, postgresql_t)
|
||||
stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t }, { postgresql_var_run_t postgresql_tmp_t }, postgresql_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -355,7 +355,7 @@ interface(`ppp_admin',`
|
||||
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
|
||||
type pppd_etc_t, pppd_secret_t, pppd_var_run_t;
|
||||
type pptp_t, pptp_log_t, pptp_var_run_t;
|
||||
type pppd_initrc_exec_t, pppd_etc_rw_t;
|
||||
type pppd_initrc_exec_t, pppd_etc_rw_t;
|
||||
')
|
||||
|
||||
allow $1 pppd_t:process { ptrace signal_perms };
|
||||
|
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run prelude.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`prelude_domtrans',`
|
||||
@ -23,9 +23,9 @@ interface(`prelude_domtrans',`
|
||||
## Execute a domain transition to run prelude_audisp.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`prelude_domtrans_audisp',`
|
||||
@ -41,9 +41,9 @@ interface(`prelude_domtrans_audisp',`
|
||||
## Signal the prelude_audisp domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed acccess.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`prelude_signal_audisp',`
|
||||
@ -78,9 +78,9 @@ interface(`prelude_read_spool',`
|
||||
## Manage to prelude-manager spool files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`prelude_manage_spool',`
|
||||
|
@ -93,7 +93,6 @@ interface(`procmail_read_home_files',`
|
||||
type procmail_home_t;
|
||||
')
|
||||
|
||||
userdom_search_user_home_dirs($1)
|
||||
userdom_search_user_home_dirs($1)
|
||||
read_files_pattern($1, procmail_home_t, procmail_home_t)
|
||||
')
|
||||
|
||||
|
@ -91,7 +91,6 @@ interface(`psad_manage_config',`
|
||||
files_search_etc($1)
|
||||
manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
|
||||
manage_files_pattern($1, psad_etc_t, psad_etc_t)
|
||||
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -21,7 +21,7 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`puppet_rw_tmp', `
|
||||
interface(`puppet_rw_tmp',`
|
||||
gen_require(`
|
||||
type puppet_tmp_t;
|
||||
')
|
||||
|
@ -114,7 +114,7 @@ interface(`pyzor_admin',`
|
||||
|
||||
allow $1 pyzord_t:process { ptrace signal_perms };
|
||||
ps_process_pattern($1, pyzord_t)
|
||||
|
||||
|
||||
init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
|
||||
domain_system_change_exemption($1)
|
||||
role_transition $2 pyzord_initrc_exec_t system_r;
|
||||
@ -132,5 +132,3 @@ interface(`pyzor_admin',`
|
||||
files_list_var_lib($1)
|
||||
admin_pattern($1, pyzor_var_lib_t)
|
||||
')
|
||||
|
||||
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
## <summary>policy for qpidd</summary>
|
||||
|
||||
########################################
|
||||
@ -6,9 +5,9 @@
|
||||
## Execute a domain transition to run qpidd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`qpidd_domtrans',`
|
||||
@ -19,7 +18,6 @@ interface(`qpidd_domtrans',`
|
||||
domtrans_pattern($1, qpidd_exec_t, qpidd_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute qpidd server in the qpidd domain.
|
||||
@ -72,12 +70,11 @@ interface(`qpidd_manage_var_run',`
|
||||
type qpidd_var_run_t;
|
||||
')
|
||||
|
||||
manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
|
||||
manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
|
||||
manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
|
||||
manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
|
||||
manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
|
||||
manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search qpidd lib directories.
|
||||
@ -113,7 +110,7 @@ interface(`qpidd_read_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -133,7 +130,7 @@ interface(`qpidd_manage_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -151,12 +148,11 @@ interface(`qpidd_manage_var_lib',`
|
||||
type qpidd_var_lib_t;
|
||||
')
|
||||
|
||||
manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
@ -181,7 +177,6 @@ interface(`qpidd_admin',`
|
||||
|
||||
allow $1 qpidd_t:process { ptrace signal_perms };
|
||||
ps_process_pattern($1, qpidd_t)
|
||||
|
||||
|
||||
# Allow qpidd_t to restart the apache service
|
||||
qpidd_initrc_domtrans($1)
|
||||
@ -192,41 +187,40 @@ interface(`qpidd_admin',`
|
||||
qpidd_manage_var_run($1)
|
||||
|
||||
qpidd_manage_var_lib($1)
|
||||
|
||||
')
|
||||
|
||||
#####################################
|
||||
## <summary>
|
||||
## Allow read and write access to qpidd semaphores.
|
||||
## Allow read and write access to qpidd semaphores.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`qpidd_rw_semaphores',`
|
||||
gen_require(`
|
||||
type qpidd_t;
|
||||
')
|
||||
gen_require(`
|
||||
type qpidd_t;
|
||||
')
|
||||
|
||||
allow $1 qpidd_t:sem rw_sem_perms;
|
||||
allow $1 qpidd_t:sem rw_sem_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write to qpidd shared memory.
|
||||
## Read and write to qpidd shared memory.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`qpidd_rw_shm',`
|
||||
gen_require(`
|
||||
type qpidd_t;
|
||||
')
|
||||
gen_require(`
|
||||
type qpidd_t;
|
||||
')
|
||||
|
||||
allow $1 qpidd_t:shm rw_shm_perms;
|
||||
allow $1 qpidd_t:shm rw_shm_perms;
|
||||
')
|
||||
|
@ -26,6 +26,7 @@ template(`razor_common_domain_template',`
|
||||
gen_require(`
|
||||
type razor_exec_t, razor_etc_t, razor_log_t, razor_var_lib_t;
|
||||
')
|
||||
|
||||
type $1_t;
|
||||
domain_type($1_t)
|
||||
domain_entry_file($1_t, razor_exec_t)
|
||||
@ -197,4 +198,3 @@ interface(`razor_read_lib_files',`
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
|
||||
')
|
||||
|
||||
|
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run rgmanager.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rgmanager_domtrans',`
|
||||
@ -78,20 +78,20 @@ interface(`rgmanager_manage_tmpfs_files',`
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Allow read and write access to rgmanager semaphores.
|
||||
## Allow read and write access to rgmanager semaphores.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rgmanager_rw_semaphores',`
|
||||
gen_require(`
|
||||
type rgmanager_t;
|
||||
')
|
||||
gen_require(`
|
||||
type rgmanager_t;
|
||||
')
|
||||
|
||||
allow $1 rgmanager_t:sem { unix_read unix_write associate read write };
|
||||
allow $1 rgmanager_t:sem { unix_read unix_write associate read write };
|
||||
')
|
||||
|
||||
######################################
|
||||
@ -100,9 +100,9 @@ interface(`rgmanager_rw_semaphores',`
|
||||
## an rgmanager environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
@ -115,7 +115,7 @@ interface(`rgmanager_admin',`
|
||||
gen_require(`
|
||||
type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t;
|
||||
type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t;
|
||||
')
|
||||
')
|
||||
|
||||
allow $1 rgmanager_t:process { ptrace signal_perms };
|
||||
ps_process_pattern($1, rgmanager_t)
|
||||
|
@ -51,7 +51,6 @@ template(`rhcs_domain_template',`
|
||||
manage_fifo_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
|
||||
manage_sock_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
|
||||
files_pid_filetrans($1_t, $1_var_run_t, { file fifo_file })
|
||||
|
||||
')
|
||||
|
||||
######################################
|
||||
@ -59,9 +58,9 @@ template(`rhcs_domain_template',`
|
||||
## Execute a domain transition to run dlm_controld.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rhcs_domtrans_dlm_controld',`
|
||||
@ -358,40 +357,40 @@ interface(`rhcs_rw_cluster_shm',`
|
||||
|
||||
####################################
|
||||
## <summary>
|
||||
## Read and write access to cluster domains semaphores.
|
||||
## Read and write access to cluster domains semaphores.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rhcs_rw_cluster_semaphores',`
|
||||
gen_require(`
|
||||
gen_require(`
|
||||
attribute cluster_domain;
|
||||
')
|
||||
')
|
||||
|
||||
allow $1 cluster_domain:sem { rw_sem_perms destroy };
|
||||
allow $1 cluster_domain:sem { rw_sem_perms destroy };
|
||||
')
|
||||
|
||||
####################################
|
||||
## <summary>
|
||||
## Connect to cluster domains over a unix domain
|
||||
## stream socket.
|
||||
## Connect to cluster domains over a unix domain
|
||||
## stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rhcs_stream_connect_cluster',`
|
||||
gen_require(`
|
||||
attribute cluster_domain, cluster_pid;
|
||||
')
|
||||
gen_require(`
|
||||
attribute cluster_domain, cluster_pid;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
|
||||
files_search_pids($1)
|
||||
stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
|
||||
')
|
||||
|
||||
######################################
|
||||
@ -433,19 +432,19 @@ interface(`rhcs_read_qdiskd_tmpfs_files',`
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Allow domain to read cluster lib files
|
||||
## Allow domain to read cluster lib files
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rhcs_read_cluster_lib_files',`
|
||||
gen_require(`
|
||||
type cluster_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type cluster_var_lib_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
|
||||
')
|
||||
|
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run ricci.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_domtrans',`
|
||||
@ -20,20 +20,20 @@ interface(`ricci_domtrans',`
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute ricci server in the ricci domain.
|
||||
## Execute ricci server in the ricci domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_initrc_domtrans', `
|
||||
gen_require(`
|
||||
type ricci_initrc_exec_t;
|
||||
')
|
||||
interface(`ricci_initrc_domtrans',`
|
||||
gen_require(`
|
||||
type ricci_initrc_exec_t;
|
||||
')
|
||||
|
||||
init_labeled_script_domtrans($1, ricci_initrc_exec_t)
|
||||
init_labeled_script_domtrans($1, ricci_initrc_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -41,9 +41,9 @@ interface(`ricci_initrc_domtrans', `
|
||||
## Execute a domain transition to run ricci_modcluster.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_domtrans_modcluster',`
|
||||
@ -134,9 +134,9 @@ interface(`ricci_rw_modclusterd_tmpfs_files',`
|
||||
## Execute a domain transition to run ricci_modlog.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_domtrans_modlog',`
|
||||
@ -152,9 +152,9 @@ interface(`ricci_domtrans_modlog',`
|
||||
## Execute a domain transition to run ricci_modrpm.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_domtrans_modrpm',`
|
||||
@ -170,9 +170,9 @@ interface(`ricci_domtrans_modrpm',`
|
||||
## Execute a domain transition to run ricci_modservice.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_domtrans_modservice',`
|
||||
@ -188,9 +188,9 @@ interface(`ricci_domtrans_modservice',`
|
||||
## Execute a domain transition to run ricci_modstorage.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_domtrans_modstorage',`
|
||||
@ -203,22 +203,22 @@ interface(`ricci_domtrans_modstorage',`
|
||||
|
||||
####################################
|
||||
## <summary>
|
||||
## Allow the specified domain to manage ricci's lib files.
|
||||
## Allow the specified domain to manage ricci's lib files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`ricci_manage_lib_files',`
|
||||
gen_require(`
|
||||
type ricci_var_lib_t;
|
||||
')
|
||||
gen_require(`
|
||||
type ricci_var_lib_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
|
||||
manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
|
||||
files_search_var_lib($1)
|
||||
manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
|
||||
manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -254,7 +254,7 @@ interface(`ricci_admin',`
|
||||
|
||||
files_list_tmp($1)
|
||||
admin_pattern($1, ricci_tmp_t)
|
||||
|
||||
|
||||
files_list_var_lib($1)
|
||||
admin_pattern($1, ricci_var_lib_t)
|
||||
|
||||
|
@ -32,7 +32,7 @@ interface(`rpc_stub',`
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
template(`rpc_domain_template', `
|
||||
template(`rpc_domain_template',`
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
|
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run rpcbind.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rpcbind_domtrans',`
|
||||
|
@ -109,9 +109,9 @@ interface(`rsync_exec',`
|
||||
## Read rsync config files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rsync_read_config',`
|
||||
@ -128,9 +128,9 @@ interface(`rsync_read_config',`
|
||||
## Write to rsync config files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rsync_write_config',`
|
||||
@ -147,9 +147,9 @@ interface(`rsync_write_config',`
|
||||
## Manage rsync config files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rsync_manage_config',`
|
||||
|
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run rtkit_daemon.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rtkit_daemon_domtrans',`
|
||||
|
@ -5,9 +5,9 @@
|
||||
## Execute a domain transition to run rwho.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`rwho_domtrans',`
|
||||
|
@ -58,7 +58,7 @@ interface(`varnishd_read_config',`
|
||||
|
||||
#####################################
|
||||
## <summary>
|
||||
## Read varnish lib files.
|
||||
## Read varnish lib files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
|
@ -1,15 +1,13 @@
|
||||
|
||||
## <summary>policy for vnstatd</summary>
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run vnstatd.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`vnstatd_domtrans',`
|
||||
@ -20,16 +18,14 @@ interface(`vnstatd_domtrans',`
|
||||
domtrans_pattern($1, vnstatd_exec_t, vnstatd_t)
|
||||
')
|
||||
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run vnstat.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`vnstatd_domtrans_vnstat',`
|
||||
@ -75,7 +71,7 @@ interface(`vnstatd_read_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
|
||||
read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -95,7 +91,7 @@ interface(`vnstatd_manage_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
|
||||
manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -114,7 +110,7 @@ interface(`vnstatd_manage_lib_dirs',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
|
||||
manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
|
||||
')
|
||||
|
||||
|
||||
@ -138,7 +134,7 @@ interface(`vnstatd_manage_lib_dirs',`
|
||||
interface(`vnstatd_admin',`
|
||||
gen_require(`
|
||||
type vnstatd_t;
|
||||
type vnstatd_var_lib_t;
|
||||
type vnstatd_var_lib_t;
|
||||
')
|
||||
|
||||
allow $1 vnstatd_t:process { ptrace signal_perms };
|
||||
@ -146,5 +142,4 @@ interface(`vnstatd_admin',`
|
||||
|
||||
files_list_var_lib($1)
|
||||
admin_pattern($1, vnstatd_var_lib_t)
|
||||
|
||||
')
|
||||
|
@ -243,7 +243,7 @@ interface(`xserver_rw_session',`
|
||||
type xserver_t, xserver_tmpfs_t;
|
||||
')
|
||||
|
||||
xserver_ro_session($1,$2)
|
||||
xserver_ro_session($1, $2)
|
||||
allow $1 xserver_t:shm rw_shm_perms;
|
||||
allow $1 xserver_tmpfs_t:file rw_file_perms;
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user