Iscsi and tgtd patches from Dan Walsh.
This commit is contained in:
parent
939eaf2f13
commit
30496b1575
@ -9,3 +9,20 @@
|
||||
## </p>
|
||||
## </desc>
|
||||
|
||||
#####################################
|
||||
## <summary>
|
||||
## Allow read and write access to tgtd semaphores.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`tgtd_rw_semaphores',`
|
||||
gen_require(`
|
||||
type tgtd_t;
|
||||
')
|
||||
|
||||
allow $1 tgtd_t:sem rw_sem_perms;
|
||||
')
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(tgtd, 1.0.0)
|
||||
policy_module(tgtd, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -60,7 +60,7 @@ corenet_sendrecv_iscsi_server_packets(tgtd_t)
|
||||
|
||||
files_read_etc_files(tgtd_t)
|
||||
|
||||
storage_getattr_fixed_disk_dev(tgtd_t)
|
||||
storage_manage_fixed_disk(tgtd_t)
|
||||
|
||||
logging_send_syslog_msg(tgtd_t)
|
||||
|
||||
|
@ -1,5 +1,7 @@
|
||||
/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
|
||||
/sbin/brcm_iscsiuio -- gen_context(system_u:object_r:iscsid_exec_t,s0)
|
||||
|
||||
/var/lib/iscsi(/.*)? gen_context(system_u:object_r:iscsi_var_lib_t,s0)
|
||||
/var/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
|
||||
/var/log/brcm-iscsi\.log -- gen_context(system_u:object_r:iscsi_log_t,s0)
|
||||
/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(iscsi, 1.6.1)
|
||||
policy_module(iscsi, 1.6.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -14,6 +14,9 @@ init_daemon_domain(iscsid_t, iscsid_exec_t)
|
||||
type iscsi_lock_t;
|
||||
files_lock_file(iscsi_lock_t)
|
||||
|
||||
type iscsi_log_t;
|
||||
logging_log_file(iscsi_log_t)
|
||||
|
||||
type iscsi_tmp_t;
|
||||
files_tmp_file(iscsi_tmp_t)
|
||||
|
||||
@ -36,15 +39,21 @@ allow iscsid_t self:unix_dgram_socket create_socket_perms;
|
||||
allow iscsid_t self:sem create_sem_perms;
|
||||
allow iscsid_t self:shm create_shm_perms;
|
||||
allow iscsid_t self:netlink_socket create_socket_perms;
|
||||
allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow iscsid_t self:tcp_socket create_stream_socket_perms;
|
||||
|
||||
can_exec(iscsid_t, iscsid_exec_t)
|
||||
|
||||
manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
|
||||
files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
|
||||
|
||||
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
|
||||
allow iscsid_t iscsi_tmp_t:file manage_file_perms;
|
||||
fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, file )
|
||||
manage_files_pattern(iscsid_t, iscsi_log_t, iscsi_log_t)
|
||||
logging_log_filetrans(iscsid_t, iscsi_log_t, file)
|
||||
|
||||
manage_dirs_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
|
||||
manage_files_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
|
||||
fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, { dir file } )
|
||||
|
||||
allow iscsid_t iscsi_var_lib_t:dir list_dir_perms;
|
||||
read_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
|
||||
@ -54,8 +63,8 @@ files_search_var_lib(iscsid_t)
|
||||
manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
|
||||
files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
|
||||
|
||||
kernel_read_network_state(iscsid_t)
|
||||
kernel_read_system_state(iscsid_t)
|
||||
kernel_search_debugfs(iscsid_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(iscsid_t)
|
||||
corenet_all_recvfrom_netlabel(iscsid_t)
|
||||
@ -67,13 +76,21 @@ corenet_tcp_connect_iscsi_port(iscsid_t)
|
||||
corenet_tcp_connect_isns_port(iscsid_t)
|
||||
|
||||
dev_rw_sysfs(iscsid_t)
|
||||
dev_rw_userio_dev(iscsid_t)
|
||||
|
||||
domain_use_interactive_fds(iscsid_t)
|
||||
domain_dontaudit_read_all_domains_state(iscsid_t)
|
||||
|
||||
files_read_etc_files(iscsid_t)
|
||||
|
||||
logging_send_syslog_msg(iscsid_t)
|
||||
|
||||
auth_use_nsswitch(iscsid_t)
|
||||
|
||||
init_stream_connect_script(iscsid_t)
|
||||
|
||||
logging_send_syslog_msg(iscsid_t)
|
||||
|
||||
miscfiles_read_localization(iscsid_t)
|
||||
|
||||
optional_policy(`
|
||||
tgtd_rw_semaphores(iscsid_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user