remove rhgb_domain and update for optional_policy() behavior change
This commit is contained in:
parent
09741b1f0e
commit
33d087189d
@ -87,7 +87,7 @@ corecmd_exec_shell($1)
|
||||
files_read_etc_runtime_files($1)
|
||||
mta_append_spool($1)
|
||||
ifdef(`TODO',`
|
||||
optional_policy(`arpwatch.te',`
|
||||
optional_policy(`arpwatch',`
|
||||
# why is mail delivered to a directory of type arpwatch_data_t?
|
||||
allow mta_delivery_agent arpwatch_data_t:dir search;
|
||||
')
|
||||
@ -105,25 +105,25 @@ allow mta_user_agent privmail:fd use;
|
||||
allow mta_user_agent privmail:process sigchld;
|
||||
allow mta_user_agent privmail:fifo_file { read write };
|
||||
allow mta_user_agent sysadm_t:fifo_file { read write };
|
||||
optional_policy(`arpwatch.te',`
|
||||
optional_policy(`arpwatch',`
|
||||
# why is mail delivered to a directory of type arpwatch_data_t?
|
||||
allow mta_user_agent arpwatch_tmp_t:file rw_file_perms;
|
||||
ifdef(`hide_broken_symptoms', `
|
||||
dontaudit mta_user_agent arpwatch_t:packet_socket { read write };
|
||||
')
|
||||
')
|
||||
optional_policy(`cron.te',`
|
||||
optional_policy(`cron',`
|
||||
cron_sigchld($1)
|
||||
cron_read_system_job_tmp_files($1)
|
||||
')
|
||||
optional_policy(`logrotate.te',`
|
||||
optional_policy(`logrotate',`
|
||||
logrotate_read_tmp_files($1)
|
||||
')
|
||||
|
||||
#
|
||||
# nscd_client_domain: complete
|
||||
#
|
||||
optional_policy(`nscd.te',`
|
||||
optional_policy(`nscd',`
|
||||
nscd_use_socket($1)
|
||||
')
|
||||
|
||||
@ -135,14 +135,14 @@ domain_wide_inherit_fd($1)
|
||||
#
|
||||
# privlog: complete
|
||||
#
|
||||
optional_policy(`logging.te',`
|
||||
optional_policy(`logging',`
|
||||
logging_send_syslog_msg($1)
|
||||
')
|
||||
|
||||
#
|
||||
# privmail: complete
|
||||
#
|
||||
optional_policy(`mta.te',`
|
||||
optional_policy(`mta',`
|
||||
mta_send_mail($1)
|
||||
')
|
||||
|
||||
@ -209,7 +209,7 @@ seutil_read_default_contexts($1)
|
||||
#
|
||||
# web_client_domain:
|
||||
#
|
||||
optional_policy(`squid.te',`
|
||||
optional_policy(`squid',`
|
||||
squid_use($1)
|
||||
')
|
||||
|
||||
@ -386,7 +386,7 @@ selinux_compute_user_contexts($1)
|
||||
#
|
||||
# can_kerberos(): complete
|
||||
#
|
||||
optional_policy(`kerberos.te',`
|
||||
optional_policy(`kerberos',`
|
||||
kerberos_use($1)
|
||||
')
|
||||
|
||||
@ -417,7 +417,7 @@ corenet_udp_sendrecv_all_ports($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_udp_bind_all_nodes($1)
|
||||
sysnet_read_config($1)
|
||||
optional_policy(`mount.te',`
|
||||
optional_policy(`mount',`
|
||||
mount_send_nfs_client_request($1)
|
||||
')
|
||||
|
||||
@ -440,7 +440,7 @@ sysnet_read_config($1)
|
||||
# (remove _port_t from $2):
|
||||
corenet_tcp_sendrecv_$2_port($1)
|
||||
corenet_udp_sendrecv_$2_port($1)
|
||||
optional_policy(`mount.te',`
|
||||
optional_policy(`mount',`
|
||||
mount_send_nfs_client_request($1)
|
||||
')
|
||||
|
||||
@ -720,14 +720,14 @@ allow $1 $2:unix_dgram_socket sendto;
|
||||
#
|
||||
# can_winbind(): complete
|
||||
#
|
||||
optional_policy(`samba.te',`
|
||||
optional_policy(`samba',`
|
||||
samba_connect_winbind($1)
|
||||
')
|
||||
|
||||
#
|
||||
# can_ypbind(): complete
|
||||
#
|
||||
optional_policy(`nis.te',`
|
||||
optional_policy(`nis',`
|
||||
nis_use_ypbind($1)
|
||||
')
|
||||
|
||||
@ -777,17 +777,12 @@ ifdef(`targeted_policy',`
|
||||
term_dontaudit_use_generic_pty($1_t)
|
||||
files_dontaudit_read_root_file($1_t)
|
||||
')
|
||||
optional_policy(`selinuxutil.te',`
|
||||
optional_policy(`selinuxutil',`
|
||||
seutil_sigchld_newrole($1_t)
|
||||
')
|
||||
optional_policy(`udev.te', `
|
||||
optional_policy(`udev',`
|
||||
udev_read_db($1_t)
|
||||
')
|
||||
ifdef(`TODO',`
|
||||
optional_policy(`rhgb.te',`
|
||||
rhgb_domain($1_t)
|
||||
')
|
||||
') dnl end TODO
|
||||
|
||||
#
|
||||
# daemon_domain():
|
||||
@ -823,17 +818,12 @@ ifdef(`targeted_policy', `
|
||||
term_dontaudit_use_generic_pty($1_t)
|
||||
files_dontaudit_read_root_file($1_t)
|
||||
')
|
||||
optional_policy(`selinuxutil.te',`
|
||||
optional_policy(`selinuxutil',`
|
||||
seutil_sigchld_newrole($1_t)
|
||||
')
|
||||
optional_policy(`udev.te', `
|
||||
optional_policy(`udev',`
|
||||
udev_read_db($1_t)
|
||||
')
|
||||
ifdef(`TODO',`
|
||||
optional_policy(`rhgb.te',`
|
||||
rhgb_domain($1_t)
|
||||
')
|
||||
') dnl end TODO
|
||||
|
||||
#
|
||||
# daemon_sub_domain():
|
||||
@ -905,7 +895,7 @@ allow $1 self:msgq create_msgq_perms;
|
||||
allow $1 self:msg { send receive };
|
||||
fs_search_auto_mountpoints($1)
|
||||
userdom_use_unpriv_users_fd($1)
|
||||
optional_policy(`nis.te',`
|
||||
optional_policy(`nis',`
|
||||
nis_use_ypbind($1)
|
||||
')
|
||||
|
||||
@ -945,7 +935,7 @@ ifdef(`targeted_policy',`
|
||||
term_dontaudit_use_generic_pty($1_t)
|
||||
files_dontaudit_read_root_file($1_t)
|
||||
')
|
||||
optional_policy(`udev.te',`
|
||||
optional_policy(`udev',`
|
||||
udev_read_db($1_t)
|
||||
')
|
||||
|
||||
@ -968,7 +958,7 @@ allow $1_t self:tcp_socket connected_stream_socket_perms;
|
||||
allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
||||
allow $1_t self:capability { setuid setgid };
|
||||
files_search_home($1_t)
|
||||
optional_policy(`kerberos.te',`
|
||||
optional_policy(`kerberos',`
|
||||
kerberos_use($1_t)
|
||||
')
|
||||
#end for identd
|
||||
@ -999,10 +989,10 @@ libs_use_shared_libs($1_t)
|
||||
logging_send_syslog_msg($1_t)
|
||||
miscfiles_read_localization($1_t)
|
||||
sysnet_read_config($1_t)
|
||||
optional_policy(`nis.te',`
|
||||
optional_policy(`nis',`
|
||||
nis_use_ypbind($1_t)
|
||||
')
|
||||
optional_policy(`nscd.te',`
|
||||
optional_policy(`nscd',`
|
||||
nscd_use_socket($1_t)
|
||||
')
|
||||
|
||||
@ -1136,7 +1126,7 @@ allow $1 $2:lnk_file { getattr read };
|
||||
#
|
||||
# system_crond_entry():
|
||||
#
|
||||
optional_policy(`cron.te',`
|
||||
optional_policy(`cron',`
|
||||
cron_system_entry($2,$1)
|
||||
')
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user