rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix cert calls in telepath, boinc, kerberos

Browse Source 
Add sys_admin to xend to allow it to start
Add oident calls to staff_t
This commit is contained in:
Dan Walsh 2010-09-10 13:18:49 -04:00
parent cab9bc9c58
commit 366396d855
5 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/apps/telepathy.te
View File

@ -78,7 +78,7 @@ libs_exec_ldconfig(telepathy_msn_t)
logging_send_syslog_msg(telepathy_msn_t) logging_send_syslog_msg(telepathy_msn_t)
miscfiles_read_certs(telepathy_msn_t) miscfiles_read_all_certs(telepathy_msn_t)
sysnet_read_config(telepathy_msn_t) sysnet_read_config(telepathy_msn_t)
@ -129,7 +129,7 @@ dev_read_urand(telepathy_gabble_t)
files_read_config_files(telepathy_gabble_t) files_read_config_files(telepathy_gabble_t)
files_read_usr_files(telepathy_gabble_t) files_read_usr_files(telepathy_gabble_t)
miscfiles_read_certs(telepathy_gabble_t) miscfiles_read_all_certs(telepathy_gabble_t)
sysnet_read_config(telepathy_gabble_t) sysnet_read_config(telepathy_gabble_t)

9
policy/modules/roles/staff.te
View File

@ -76,6 +76,11 @@ optional_policy(`
kerneloops_manage_tmp_files(staff_t) kerneloops_manage_tmp_files(staff_t)
') ')
optional_policy(`
oident_manage_user_content(staff_t)
oident_relabel_user_content(staff_t)
')
optional_policy(` optional_policy(`
postgresql_role(staff_r, staff_t) postgresql_role(staff_r, staff_t)
') ')
@ -186,10 +191,6 @@ ifndef(`distro_redhat',`
mta_role(staff_r, staff_t) mta_role(staff_r, staff_t)
') ')
optional_policy(`
oident_manage_user_content(staff_t)
oident_relabel_user_content(staff_t)
')
optional_policy(` optional_policy(`
pyzor_role(staff_r, staff_t) pyzor_role(staff_r, staff_t)
') ')

2
policy/modules/services/boinc.te
View File

@ -99,7 +99,7 @@ fs_getattr_all_fs(boinc_t)
term_dontaudit_getattr_ptmx(boinc_t) term_dontaudit_getattr_ptmx(boinc_t)
miscfiles_read_localization(boinc_t) miscfiles_read_localization(boinc_t)
miscfiles_read_certs(boinc_t) miscfiles_read_generic_certs(boinc_t)
logging_send_syslog_msg(boinc_t) logging_send_syslog_msg(boinc_t)

4
policy/modules/services/kerberos.te
View File

@ -152,7 +152,7 @@ selinux_validate_context(kadmind_t)
logging_send_syslog_msg(kadmind_t) logging_send_syslog_msg(kadmind_t)
miscfiles_read_certs(kadmind_t) miscfiles_read_generic_certs(kadmind_t)
miscfiles_read_localization(kadmind_t) miscfiles_read_localization(kadmind_t)
seutil_read_file_contexts(kadmind_t) seutil_read_file_contexts(kadmind_t)
@ -252,7 +252,7 @@ selinux_validate_context(krb5kdc_t)
logging_send_syslog_msg(krb5kdc_t) logging_send_syslog_msg(krb5kdc_t)
miscfiles_read_certs(krb5kdc_t) miscfiles_read_geniric_certs(krb5kdc_t)
miscfiles_read_localization(krb5kdc_t) miscfiles_read_localization(krb5kdc_t)
seutil_read_file_contexts(krb5kdc_t) seutil_read_file_contexts(krb5kdc_t)

5
policy/modules/system/xen.te
View File

@ -110,7 +110,7 @@ files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
# xend local policy # xend local policy
# #
allow xend_t self:capability { mknod dac_override ipc_lock net_admin setuid sys_nice sys_ptrace sys_tty_config net_raw }; allow xend_t self:capability { mknod dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_ptrace sys_tty_config net_raw };
dontaudit xend_t self:capability { sys_ptrace }; dontaudit xend_t self:capability { sys_ptrace };
allow xend_t self:process { signal sigkill }; allow xend_t self:process { signal sigkill };
dontaudit xend_t self:process ptrace; dontaudit xend_t self:process ptrace;
@ -225,6 +225,7 @@ logging_send_syslog_msg(xend_t)
lvm_domtrans(xend_t) lvm_domtrans(xend_t)
miscfiles_read_localization(xend_t) miscfiles_read_localization(xend_t)
miscfiles_read_hwdata(xend_t)
mount_domtrans(xend_t) mount_domtrans(xend_t)
@ -242,6 +243,8 @@ xen_stream_connect_xenstore(xend_t)
netutils_domtrans(xend_t) netutils_domtrans(xend_t)
virt_read_config(xend_t)
optional_policy(` optional_policy(`
brctl_domtrans(xend_t) brctl_domtrans(xend_t)
') ')