Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible. Signed-off-by: Dominick Grift <domg472@gmail.com> Replace type and attributes statements by comma delimiters where possible. Replace type and attributes statements by comma delimiters where possible.
This commit is contained in:
Dominick Grift
parent
2de2341198
commit
2f94f46028
@ -490,8 +490,7 @@ interface(`samba_manage_var_files',`
|
||||
#
|
||||
interface(`samba_domtrans_smbcontrol',`
|
||||
gen_require(`
|
||||
type smbcontrol_t;
|
||||
type smbcontrol_exec_t;
|
||||
type smbcontrol_t, smbcontrol_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, smbcontrol_exec_t, smbcontrol_t)
|
||||
@ -756,16 +755,12 @@ template(`samba_helper_template',`
|
||||
#
|
||||
interface(`samba_admin',`
|
||||
gen_require(`
|
||||
type nmbd_t, nmbd_var_run_t;
|
||||
type smbd_t, smbd_tmp_t;
|
||||
type smbd_var_run_t;
|
||||
type samba_initrc_exec_t;
|
||||
type samba_log_t, samba_var_t;
|
||||
type samba_etc_t, samba_share_t;
|
||||
type samba_secrets_t;
|
||||
type nmbd_t, nmbd_var_run_t, smbd_var_run_t;
|
||||
type smbd_t, smbd_tmp_t, samba_secrets_t;
|
||||
type samba_initrc_exec_t, samba_log_t, samba_var_t;
|
||||
type samba_etc_t, samba_share_t, winbind_log_t;
|
||||
type swat_var_run_t, swat_tmp_t;
|
||||
type winbind_var_run_t, winbind_tmp_t;
|
||||
type winbind_log_t;
|
||||
type samba_unconfined_script_t, samba_unconfined_script_exec_t;
|
||||
')
|
||||
|
||||
|
||||
@ -229,8 +229,7 @@ interface(`sssd_stream_connect',`
|
||||
#
|
||||
interface(`sssd_admin',`
|
||||
gen_require(`
|
||||
type sssd_t, sssd_public_t;
|
||||
type sssd_initrc_exec_t;
|
||||
type sssd_t, sssd_public_t, sssd_initrc_exec_t;
|
||||
')
|
||||
|
||||
allow $1 sssd_t:process { ptrace signal_perms };
|
||||
|
||||
@ -112,8 +112,7 @@ interface(`tuned_initrc_domtrans',`
|
||||
#
|
||||
interface(`tuned_admin',`
|
||||
gen_require(`
|
||||
type tuned_t, tuned_var_run_t;
|
||||
type tuned_initrc_exec_t;
|
||||
type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;
|
||||
')
|
||||
|
||||
allow $1 tuned_t:process { ptrace signal_perms };
|
||||
|
||||
@ -119,9 +119,8 @@ interface(`ulogd_append_log',`
|
||||
#
|
||||
interface(`ulogd_admin',`
|
||||
gen_require(`
|
||||
type ulogd_t, ulogd_etc_t;
|
||||
type ulogd_t, ulogd_etc_t, ulogd_modules_t;
|
||||
type ulogd_var_log_t, ulogd_initrc_exec_t;
|
||||
type ulogd_modules_t;
|
||||
')
|
||||
|
||||
allow $1 ulogd_t:process { ptrace signal_perms };
|
||||
|
||||
@ -151,9 +151,8 @@ interface(`varnishd_manage_log',`
|
||||
#
|
||||
interface(`varnishd_admin_varnishlog',`
|
||||
gen_require(`
|
||||
type varnishlog_t;
|
||||
type varnishlog_t, varnishlog_initrc_exec_t;
|
||||
type varnishlog_var_run_t, varnishlog_log_t;
|
||||
type varnishlog_initrc_exec_t;
|
||||
')
|
||||
|
||||
allow $1 varnishlog_t:process { ptrace signal_perms };
|
||||
|
||||
@ -14,8 +14,7 @@
|
||||
template(`virt_domain_template',`
|
||||
gen_require(`
|
||||
type virtd_t;
|
||||
attribute virt_image_type;
|
||||
attribute virt_domain;
|
||||
attribute virt_image_type, virt_domain;
|
||||
')
|
||||
|
||||
type $1_t, virt_domain;
|
||||
@ -154,8 +153,7 @@ interface(`virt_attach_tun_iface',`
|
||||
#
|
||||
interface(`virt_read_config',`
|
||||
gen_require(`
|
||||
type virt_etc_t;
|
||||
type virt_etc_rw_t;
|
||||
type virt_etc_t, virt_etc_rw_t;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
@ -176,8 +174,7 @@ interface(`virt_read_config',`
|
||||
#
|
||||
interface(`virt_manage_config',`
|
||||
gen_require(`
|
||||
type virt_etc_t;
|
||||
type virt_etc_rw_t;
|
||||
type virt_etc_t, virt_etc_rw_t;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
|
||||
@ -363,9 +363,8 @@ template(`xserver_common_x_domain_template',`
|
||||
type xevent_t, client_xevent_t;
|
||||
type input_xevent_t, $1_input_xevent_t;
|
||||
|
||||
attribute x_domain;
|
||||
attribute x_domain, input_xevent_type;
|
||||
attribute xdrawable_type, xcolormap_type;
|
||||
attribute input_xevent_type;
|
||||
|
||||
class x_drawable all_x_drawable_perms;
|
||||
class x_property all_x_property_perms;
|
||||
@ -783,8 +782,7 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
|
||||
#
|
||||
interface(`xserver_stream_connect_xdm',`
|
||||
gen_require(`
|
||||
type xdm_t, xdm_tmp_t;
|
||||
type xdm_var_run_t;
|
||||
type xdm_t, xdm_tmp_t, xdm_var_run_t;
|
||||
')
|
||||
|
||||
files_search_tmp($1)
|
||||
@ -1323,13 +1321,12 @@ interface(`xserver_read_tmp_files',`
|
||||
#
|
||||
interface(`xserver_manage_core_devices',`
|
||||
gen_require(`
|
||||
type xserver_t;
|
||||
type xserver_t, root_xdrawable_t;
|
||||
class x_device all_x_device_perms;
|
||||
class x_pointer all_x_pointer_perms;
|
||||
class x_keyboard all_x_keyboard_perms;
|
||||
class x_screen all_x_screen_perms;
|
||||
class x_drawable { manage };
|
||||
type root_xdrawable_t;
|
||||
attribute x_domain;
|
||||
class x_drawable { read manage setattr show };
|
||||
class x_resource { write read };
|
||||
@ -1357,8 +1354,7 @@ interface(`xserver_manage_core_devices',`
|
||||
#
|
||||
interface(`xserver_unconfined',`
|
||||
gen_require(`
|
||||
attribute x_domain;
|
||||
attribute xserver_unconfined_type;
|
||||
attribute x_domain, xserver_unconfined_type;
|
||||
')
|
||||
|
||||
typeattribute $1 x_domain;
|
||||
@ -1377,8 +1373,7 @@ interface(`xserver_unconfined',`
|
||||
#
|
||||
interface(`xserver_dontaudit_append_xdm_home_files',`
|
||||
gen_require(`
|
||||
type xdm_home_t;
|
||||
type xserver_tmp_t;
|
||||
type xdm_home_t, xserver_tmp_t;
|
||||
')
|
||||
|
||||
dontaudit $1 xdm_home_t:file rw_inherited_file_perms;
|
||||
@ -1405,8 +1400,7 @@ interface(`xserver_dontaudit_append_xdm_home_files',`
|
||||
#
|
||||
interface(`xserver_append_xdm_home_files',`
|
||||
gen_require(`
|
||||
type xdm_home_t;
|
||||
type xserver_tmp_t;
|
||||
type xdm_home_t, xserver_tmp_t;
|
||||
')
|
||||
|
||||
allow $1 xdm_home_t:file append_file_perms;
|
||||
@ -1570,8 +1564,7 @@ template(`xserver_read_user_iceauth',`
|
||||
#
|
||||
interface(`xserver_rw_inherited_user_fonts',`
|
||||
gen_require(`
|
||||
type user_fonts_t;
|
||||
type user_fonts_config_t;
|
||||
type user_fonts_t, user_fonts_config_t;
|
||||
')
|
||||
|
||||
allow $1 user_fonts_t:file rw_inherited_file_perms;
|
||||
@ -1678,8 +1671,7 @@ interface(`xserver_run_xauth',`
|
||||
#
|
||||
interface(`xserver_manage_home_fonts',`
|
||||
gen_require(`
|
||||
type user_fonts_t;
|
||||
type user_fonts_config_t;
|
||||
type user_fonts_t, user_fonts_config_t;
|
||||
')
|
||||
|
||||
manage_dirs_pattern($1, user_fonts_t, user_fonts_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user