trunk: 3 patches from dan.
This commit is contained in:
parent
a334d2918f
commit
2f27163c1b
@ -1,4 +1,4 @@
|
||||
policy_module(brctl,1.0.1)
|
||||
policy_module(brctl,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -26,6 +26,7 @@ kernel_read_network_state(brctl_t)
|
||||
kernel_read_sysctl(brctl_t)
|
||||
|
||||
dev_rw_sysfs(brctl_t)
|
||||
dev_write_sysfs_dirs(brctl_t)
|
||||
|
||||
# Init script handling
|
||||
domain_use_interactive_fds(brctl_t)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(logwatch,1.6.0)
|
||||
policy_module(logwatch,1.6.1)
|
||||
|
||||
#################################
|
||||
#
|
||||
@ -48,7 +48,7 @@ corecmd_exec_bin(logwatch_t)
|
||||
corecmd_exec_shell(logwatch_t)
|
||||
|
||||
dev_read_urand(logwatch_t)
|
||||
dev_search_sysfs(logwatch_t)
|
||||
dev_read_sysfs(logwatch_t)
|
||||
|
||||
# Read /proc/PID directories for all domains.
|
||||
domain_read_all_domains_state(logwatch_t)
|
||||
|
@ -216,6 +216,24 @@ interface(`usermanage_run_admin_passwd',`
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Dontaudit attempts to use useradd fds
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The type of the process performing this action.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`usermanage_dontaudit_use_useradd_fds',`
|
||||
gen_require(`
|
||||
type useradd_t;
|
||||
')
|
||||
|
||||
dontaudit $1 useradd_t:fd use;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute useradd in the useradd domain.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(usermanage,1.8.1)
|
||||
policy_module(usermanage,1.8.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -519,6 +519,10 @@ userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notd
|
||||
|
||||
mta_manage_spool(useradd_t)
|
||||
|
||||
optional_policy(`
|
||||
apache_manage_all_user_content(useradd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
dpkg_use_fds(useradd_t)
|
||||
dpkg_rw_pipes(useradd_t)
|
||||
|
Loading…
Reference in New Issue
Block a user