rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

automount patch from dan.

Browse Source
This commit is contained in:
Chris PeBenito 2009-07-29 08:59:26 -04:00
parent 8f3bddfbfd
commit 33322290f2
4 changed files with 43 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policy/modules/services/automount.if
View File

@ -19,6 +19,25 @@ interface(`automount_domtrans',`
domtrans_pattern($1, automount_exec_t, automount_t) domtrans_pattern($1, automount_exec_t, automount_t)
') ')
########################################
## <summary>
## Send automount a signal
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
#
interface(`automount_signal',`
gen_require(`
type automount_t;
')
allow $1 automount_t:process signal;
')
######################################## ########################################
## <summary> ## <summary>
## Execute automount in the caller domain. ## Execute automount in the caller domain.

7
policy/modules/services/automount.te
View File

@ -1,5 +1,5 @@
policy_module(automount, 1.11.1) policy_module(automount, 1.11.2)
######################################## ########################################
# #
@ -71,6 +71,7 @@ files_search_all(automount_t)
files_mounton_all_mountpoints(automount_t) files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t) files_mount_all_file_type_fs(automount_t)
files_unmount_all_file_type_fs(automount_t) files_unmount_all_file_type_fs(automount_t)
files_manage_non_security_dirs(automount_t)
fs_mount_all_fs(automount_t) fs_mount_all_fs(automount_t)
fs_unmount_all_fs(automount_t) fs_unmount_all_fs(automount_t)
@ -100,6 +101,7 @@ corenet_udp_bind_reserved_port(automount_t)
corenet_udp_bind_all_rpc_ports(automount_t) corenet_udp_bind_all_rpc_ports(automount_t)
dev_read_sysfs(automount_t) dev_read_sysfs(automount_t)
dev_rw_autofs(automount_t)
# for SSP # for SSP
dev_read_rand(automount_t) dev_read_rand(automount_t)
dev_read_urand(automount_t) dev_read_urand(automount_t)
@ -142,6 +144,7 @@ miscfiles_read_certs(automount_t)
# Run mount in the mount_t domain. # Run mount in the mount_t domain.
mount_domtrans(automount_t) mount_domtrans(automount_t)
mount_signal(automount_t)
userdom_dontaudit_use_unpriv_user_fds(automount_t) userdom_dontaudit_use_unpriv_user_fds(automount_t)
userdom_dontaudit_search_user_home_dirs(automount_t) userdom_dontaudit_search_user_home_dirs(automount_t)
@ -155,7 +158,7 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
kerberos_read_keytab(automount_t) kerberos_keytab_template(automount, automount_t)
kerberos_read_config(automount_t) kerberos_read_config(automount_t)
kerberos_dontaudit_write_config(automount_t) kerberos_dontaudit_write_config(automount_t)
') ')

18
policy/modules/system/mount.if
View File

@ -71,6 +71,24 @@ interface(`mount_exec',`
can_exec($1, mount_exec_t) can_exec($1, mount_exec_t)
') ')
########################################
## <summary>
## Send a generic signal to mount.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mount_signal',`
gen_require(`
type mount_t;
')
allow $1 mount_t:process signal;
')
######################################## ########################################
## <summary> ## <summary>
## Use file descriptors for mount. ## Use file descriptors for mount.

2
policy/modules/system/mount.te
View File

@ -1,5 +1,5 @@
policy_module(mount, 1.10.0) policy_module(mount, 1.10.1)
######################################## ########################################
# #