trunk: whitespace fixes

This commit is contained in:
Chris PeBenito 2009-06-26 14:40:13 +00:00
parent 20272c2b27
commit 3f67f722bb
157 changed files with 796 additions and 797 deletions

View File

@ -97,8 +97,8 @@ allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_dirs_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
manage_files_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
manage_files_pattern(amanda_t, amanda_log_t, amanda_log_t)
manage_dirs_pattern(amanda_t, amanda_log_t, amanda_log_t)

View File

@ -38,7 +38,7 @@ interface(`dpkg_domtrans_script',`
')
# transition to dpkg script:
corecmd_shell_domtrans($1,dpkg_script_t)
corecmd_shell_domtrans($1, dpkg_script_t)
allow dpkg_script_t $1:fd use;
allow dpkg_script_t $1:fifo_file rw_file_perms;
allow dpkg_script_t $1:process sigchld;

View File

@ -89,7 +89,7 @@ files_search_var(kudzu_t)
files_search_locks(kudzu_t)
files_manage_etc_files(kudzu_t)
files_manage_etc_runtime_files(kudzu_t)
files_etc_filetrans_etc_runtime(kudzu_t,file)
files_etc_filetrans_etc_runtime(kudzu_t, file)
files_manage_mnt_files(kudzu_t)
files_manage_mnt_symlinks(kudzu_t)
files_dontaudit_search_src(kudzu_t)

View File

@ -132,7 +132,7 @@ ifdef(`distro_debian', `
# for syslogd-listfiles
logging_read_syslog_config(logrotate_t)
# for "test -x /sbin/syslogd"
# for "test -x /sbin/syslogd"
logging_check_exec_syslog(logrotate_t)
')

View File

@ -34,7 +34,7 @@ manage_dirs_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
manage_files_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
allow logwatch_t logwatch_lock_t:file manage_file_perms;
files_lock_filetrans(logwatch_t,logwatch_lock_t,file)
files_lock_filetrans(logwatch_t, logwatch_lock_t, file)
manage_dirs_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)

View File

@ -54,7 +54,7 @@ manage_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
manage_lnk_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
allow mrtg_t mrtg_var_run_t:file manage_file_perms;
files_pid_filetrans(mrtg_t,mrtg_var_run_t,file)
files_pid_filetrans(mrtg_t, mrtg_var_run_t, file)
kernel_read_system_state(mrtg_t)
kernel_read_network_state(mrtg_t)

View File

@ -99,7 +99,7 @@ interface(`portage_compile_domain',`
allow $1 self:dbus send_msg;
allow $1 portage_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty($1,portage_devpts_t)
term_create_pty($1, portage_devpts_t)
# write compile logs
allow $1 portage_log_t:dir setattr;

View File

@ -36,7 +36,7 @@ interface(`rpm_domtrans_script',`
')
# transition to rpm script:
corecmd_shell_domtrans($1,rpm_script_t)
corecmd_shell_domtrans($1, rpm_script_t)
allow rpm_script_t $1:fd use;
allow rpm_script_t $1:fifo_file rw_file_perms;
allow rpm_script_t $1:process sigchld;

View File

@ -166,7 +166,7 @@ template(`su_role_template',`
')
type $1_su_t, su_domain_type;
domain_entry_file($1_su_t,su_exec_t)
domain_entry_file($1_su_t, su_exec_t)
domain_type($1_su_t)
domain_interactive_fd($1_su_t)
ubac_constrained($1_su_t)

View File

@ -29,7 +29,7 @@ allow sxid_t self:tcp_socket create_stream_socket_perms;
allow sxid_t self:udp_socket create_socket_perms;
allow sxid_t sxid_log_t:file manage_file_perms;
logging_log_filetrans(sxid_t,sxid_log_t,file)
logging_log_filetrans(sxid_t, sxid_log_t, file)
manage_dirs_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
manage_files_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)

View File

@ -49,7 +49,7 @@ files_tmp_file(sysadm_passwd_tmp_t)
type useradd_t;
type useradd_exec_t;
domain_obj_id_change_exemption(useradd_t)
init_system_domain(useradd_t,useradd_exec_t)
init_system_domain(useradd_t, useradd_exec_t)
role system_r types useradd_t;
########################################
@ -210,7 +210,7 @@ files_manage_etc_files(groupadd_t)
files_relabel_etc_files(groupadd_t)
files_read_etc_runtime_files(groupadd_t)
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
# Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}.
corecmd_exec_bin(groupadd_t)
logging_send_audit_msgs(groupadd_t)

View File

@ -480,7 +480,7 @@ userdom_search_user_home_dirs(evolution_exchange_t)
# until properly implemented
userdom_dontaudit_read_user_home_content_files(evolution_exchange_t)
xserver_user_x_domain_template(evolution_exchange,evolution_exchange_t, evolution_exchange_tmpfs_t)
xserver_user_x_domain_template(evolution_exchange, evolution_exchange_t, evolution_exchange_tmpfs_t)
# Access evolution home
tunable_policy(`use_nfs_home_dirs',`

View File

@ -11,4 +11,4 @@
/usr/bin/vlc -- gen_context(system_u:object_r:mplayer_exec_t,s0)
/usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:mplayer_home_t,s0)
HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:mplayer_home_t,s0)

View File

@ -67,12 +67,12 @@ interface(`mplayer_domtrans',`
########################################
## <summary>
## Execute mplayer in the caller domain.
## Execute mplayer in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
#

View File

@ -35,7 +35,7 @@ interface(`locate_read_lib_files',`
type locate_var_lib_t;
')
read_files_pattern($1,locate_var_lib_t,locate_var_lib_t)
read_files_pattern($1, locate_var_lib_t, locate_var_lib_t)
allow $1 locate_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
')

View File

@ -54,7 +54,7 @@ corecmd_search_bin(wireshark_t)
manage_dirs_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
manage_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
manage_lnk_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
userdom_user_home_dir_filetrans(wireshark_t, wireshark_home_t,dir)
userdom_user_home_dir_filetrans(wireshark_t, wireshark_home_t, dir)
# Store temporary files
manage_dirs_pattern(wireshark_t, wireshark_tmp_t, wireshark_tmp_t)

View File

@ -74,7 +74,7 @@ ifdef(`distro_redhat',`
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
@ -218,11 +218,11 @@ ifdef(`distro_gentoo',`
/usr/share/PackageKit/pk-upgrade-distro\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/PackageKit/helpers(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
@ -241,8 +241,8 @@ ifdef(`distro_redhat', `
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
@ -305,7 +305,7 @@ ifdef(`distro_suse', `
/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)

View File

@ -70,7 +70,7 @@ interface(`corecmd_bin_entry_type',`
type bin_t;
')
domain_entry_file($1,bin_t)
domain_entry_file($1, bin_t)
')
########################################

View File

@ -230,7 +230,7 @@ type netif_t, netif_type;
sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
build_option(`enable_mls',`
network_interface(lo, lo,s0 - mls_systemhigh)
network_interface(lo, lo, s0 - mls_systemhigh)
',`
typealias netif_t alias { lo_netif_t netif_lo_t };
')

View File

@ -68,8 +68,8 @@ interface(`dev_relabel_all_dev_nodes',`
relabelfrom_lnk_files_pattern($1, device_t, { device_t device_node })
relabelfrom_fifo_files_pattern($1, device_t, device_node)
relabelfrom_sock_files_pattern($1, device_t, device_node)
relabel_blk_files_pattern($1,device_t,{ device_t device_node })
relabel_chr_files_pattern($1,device_t,{ device_t device_node })
relabel_blk_files_pattern($1, device_t,{ device_t device_node })
relabel_chr_files_pattern($1, device_t,{ device_t device_node })
')
########################################
@ -1247,7 +1247,7 @@ interface(`dev_create_cardmgr_dev',`
create_chr_files_pattern($1, device_t, cardmgr_dev_t)
create_blk_files_pattern($1, device_t, cardmgr_dev_t)
filetrans_pattern($1,device_t, cardmgr_dev_t, { chr_file blk_file })
filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
')
########################################
@ -1709,11 +1709,11 @@ interface(`dev_read_kvm',`
########################################
## <summary>
## Read and write to kvm devices.
## Read and write to kvm devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

View File

@ -2138,7 +2138,7 @@ interface(`files_create_boot_flag',`
')
allow $1 etc_runtime_t:file manage_file_perms;
filetrans_pattern($1,root_t,etc_runtime_t,file)
filetrans_pattern($1, root_t, etc_runtime_t, file)
')
########################################
@ -4662,7 +4662,7 @@ interface(`files_rw_generic_pids',`
type var_t, var_run_t;
')
list_dirs_pattern($1,var_t,var_run_t)
list_dirs_pattern($1, var_t, var_run_t)
rw_files_pattern($1, var_run_t, var_run_t)
')

View File

@ -103,7 +103,7 @@ interface(`fs_exec_noxattr',`
attribute noxattrfs;
')
can_exec($1,noxattrfs)
can_exec($1, noxattrfs)
')
########################################
@ -1455,7 +1455,7 @@ interface(`fs_read_fusefs_files',`
type fusefs_t;
')
read_files_pattern($1,fusefs_t,fusefs_t)
read_files_pattern($1, fusefs_t, fusefs_t)
')
########################################

View File

@ -959,7 +959,7 @@ interface(`mls_dbus_send_all_levels',`
attribute mlsdbussend;
')
typeattribute $1 mlsdbussend;
typeattribute $1 mlsdbussend;
')
########################################
@ -980,5 +980,5 @@ interface(`mls_dbus_recv_all_levels',`
attribute mlsdbusrecv;
')
typeattribute $1 mlsdbusrecv;
typeattribute $1 mlsdbusrecv;
')

View File

@ -6,7 +6,7 @@
## </summary>
## <param name="role">
## <summary>
## Role allowed access.
## Role allowed access.
## </summary>
## </param>
## <rolecap/>

View File

@ -6,7 +6,7 @@
## </summary>
## <param name="role">
## <summary>
## Role allowed access.
## Role allowed access.
## </summary>
## </param>
## <rolecap/>

View File

@ -6,7 +6,7 @@
## </summary>
## <param name="role">
## <summary>
## Role allowed access.
## Role allowed access.
## </summary>
## </param>
## <rolecap/>

View File

@ -65,7 +65,7 @@ allow afs_bosserver_t self:process { setsched signal_perms };
allow afs_bosserver_t self:tcp_socket create_stream_socket_perms;
allow afs_bosserver_t self:udp_socket create_socket_perms;
can_exec(afs_bosserver_t,afs_bosserver_exec_t)
can_exec(afs_bosserver_t, afs_bosserver_exec_t)
manage_dirs_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
manage_files_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
@ -236,7 +236,7 @@ allow afs_ptserver_t self:unix_stream_socket create_stream_socket_perms;
allow afs_ptserver_t self:tcp_socket create_stream_socket_perms;
allow afs_ptserver_t self:udp_socket create_socket_perms;
read_files_pattern(afs_ptserver_t,afs_config_t,afs_config_t)
read_files_pattern(afs_ptserver_t, afs_config_t, afs_config_t)
allow afs_ptserver_t afs_config_t:dir list_dir_perms;
manage_dirs_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
@ -274,14 +274,14 @@ allow afs_vlserver_t self:unix_stream_socket create_stream_socket_perms;
allow afs_vlserver_t self:tcp_socket create_stream_socket_perms;
allow afs_vlserver_t self:udp_socket create_socket_perms;
read_files_pattern(afs_vlserver_t,afs_config_t,afs_config_t)
read_files_pattern(afs_vlserver_t, afs_config_t, afs_config_t)
allow afs_vlserver_t afs_config_t:dir list_dir_perms;
manage_dirs_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
manage_files_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
manage_files_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t)
filetrans_pattern(afs_vlserver_t, afs_dbdir_t,afs_vl_db_t, file)
filetrans_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t, file)
corenet_all_recvfrom_unlabeled(afs_vlserver_t)
corenet_all_recvfrom_netlabel(afs_vlserver_t)

View File

@ -78,7 +78,7 @@ files_search_spool(amavis_t)
# tmp files
manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
allow amavis_t amavis_tmp_t:dir setattr;
files_tmp_filetrans(amavis_t,amavis_tmp_t,file)
files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
# var/lib files for amavis
manage_dirs_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)

View File

@ -79,8 +79,8 @@ template(`apache_content_template',`
read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
allow httpd_$1_script_t httpd_$1_script_ro_t:dir list_dir_perms;
read_files_pattern(httpd_$1_script_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
read_lnk_files_pattern(httpd_$1_script_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
read_files_pattern(httpd_$1_script_t, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
manage_dirs_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
manage_files_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
@ -268,33 +268,33 @@ interface(`apache_role',`
allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom };
manage_dirs_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
manage_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
manage_lnk_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
relabel_dirs_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
relabel_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
relabel_lnk_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
manage_dirs_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
manage_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
manage_lnk_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
relabel_dirs_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
relabel_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
relabel_lnk_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
manage_dirs_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
manage_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
manage_lnk_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
relabel_dirs_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
relabel_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
relabel_lnk_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
manage_dirs_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
manage_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
manage_lnk_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
relabel_dirs_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
relabel_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
relabel_lnk_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
manage_dirs_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
manage_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
manage_lnk_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
relabel_dirs_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
relabel_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
relabel_lnk_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
manage_dirs_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
manage_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
manage_lnk_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
relabel_dirs_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
relabel_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
relabel_lnk_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
manage_dirs_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
manage_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
manage_lnk_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
relabel_dirs_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
relabel_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
relabel_lnk_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
manage_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
manage_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
manage_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
relabel_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
tunable_policy(`httpd_enable_cgi',`
# If a user starts a script by hand it gets the proper context
@ -735,7 +735,7 @@ interface(`apache_exec_modules',`
allow $1 httpd_modules_t:dir list_dir_perms;
allow $1 httpd_modules_t:lnk_file read_lnk_file_perms;
can_exec($1,httpd_modules_t)
can_exec($1, httpd_modules_t)
')
########################################

View File

@ -430,7 +430,7 @@ tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
')
tunable_policy(`httpd_ssi_exec',`
corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
corecmd_shell_domtrans(httpd_t, httpd_sys_script_t)
allow httpd_sys_script_t httpd_t:fd use;
allow httpd_sys_script_t httpd_t:fifo_file rw_file_perms;
allow httpd_sys_script_t httpd_t:process sigchld;

View File

@ -37,7 +37,7 @@ allow apcupsd_t self:unix_stream_socket create_stream_socket_perms;
allow apcupsd_t self:tcp_socket create_stream_socket_perms;
allow apcupsd_t apcupsd_lock_t:file manage_file_perms;
files_lock_filetrans(apcupsd_t,apcupsd_lock_t,file)
files_lock_filetrans(apcupsd_t, apcupsd_lock_t, file)
allow apcupsd_t apcupsd_log_t:dir setattr;
manage_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
@ -47,7 +47,7 @@ manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
files_tmp_filetrans(apcupsd_t, apcupsd_tmp_t, file)
manage_files_pattern(apcupsd_t, apcupsd_var_run_t, apcupsd_var_run_t)
files_pid_filetrans(apcupsd_t,apcupsd_var_run_t, file)
files_pid_filetrans(apcupsd_t, apcupsd_var_run_t, file)
kernel_read_system_state(apcupsd_t)
@ -73,7 +73,7 @@ files_read_etc_files(apcupsd_t)
files_search_locks(apcupsd_t)
# Creates /etc/nologin
files_manage_etc_runtime_files(apcupsd_t)
files_etc_filetrans_etc_runtime(apcupsd_t,file)
files_etc_filetrans_etc_runtime(apcupsd_t, file)
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240805
term_use_unallocated_ttys(apcupsd_t)

View File

@ -67,7 +67,7 @@ allow apmd_t self:unix_dgram_socket create_socket_perms;
allow apmd_t self:unix_stream_socket create_stream_socket_perms;
allow apmd_t apmd_log_t:file manage_file_perms;
logging_log_filetrans(apmd_t,apmd_log_t,file)
logging_log_filetrans(apmd_t, apmd_log_t, file)
manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
@ -139,7 +139,7 @@ userdom_dontaudit_search_user_home_content(apmd_t) # Excessive?
ifdef(`distro_redhat',`
allow apmd_t apmd_lock_t:file manage_file_perms;
files_lock_filetrans(apmd_t,apmd_lock_t,file)
files_lock_filetrans(apmd_t, apmd_lock_t, file)
can_exec(apmd_t, apmd_var_run_t)

View File

@ -40,7 +40,7 @@ files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
allow avahi_t avahi_var_run_t:dir setattr;
files_pid_filetrans(avahi_t,avahi_var_run_t,file)
files_pid_filetrans(avahi_t, avahi_var_run_t, file)
kernel_read_kernel_sysctls(avahi_t)
kernel_list_proc(avahi_t)

View File

@ -151,7 +151,7 @@ userdom_dontaudit_search_user_home_dirs(named_t)
tunable_policy(`named_write_master_zones',`
manage_dirs_pattern(named_t, named_zone_t, named_zone_t)
manage_files_pattern(named_t, named_zone_t,named_zone_t)
manage_files_pattern(named_t, named_zone_t, named_zone_t)
manage_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
')

View File

@ -77,7 +77,7 @@ filetrans_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t, { dir file
can_exec(bluetooth_t, bluetooth_helper_exec_t)
allow bluetooth_t bluetooth_lock_t:file manage_file_perms;
files_lock_filetrans(bluetooth_t,bluetooth_lock_t,file)
files_lock_filetrans(bluetooth_t, bluetooth_lock_t, file)
manage_dirs_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
manage_files_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)

View File

@ -16,7 +16,7 @@ interface(`canna_stream_connect',`
')
files_search_pids($1)
stream_connect_pattern($1, canna_var_run_t, canna_var_run_t,canna_t)
stream_connect_pattern($1, canna_var_run_t, canna_var_run_t, canna_t)
')
########################################

View File

@ -1,7 +1,7 @@
/etc/certmaster(/.*)? gen_context(system_u:object_r:certmaster_etc_rw_t,s0)
/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
/usr/bin/certmaster -- gen_context(system_u:object_r:certmaster_exec_t,s0)
/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
/var/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0)

View File

@ -20,60 +20,60 @@ interface(`certmaster_domtrans',`
#######################################
## <summary>
## read certmaster logs.
## read certmaster logs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`certmaster_read_log',`
gen_require(`
type certmaster_var_log_t;
')
gen_require(`
type certmaster_var_log_t;
')
read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
logging_search_logs($1)
')
#######################################
## <summary>
## Append to certmaster logs.
## Append to certmaster logs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`certmaster_append_log',`
gen_require(`
type certmaster_var_log_t;
')
gen_require(`
type certmaster_var_log_t;
')
append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
logging_search_logs($1)
')
#######################################
## <summary>
## Create, read, write, and delete
## certmaster logs.
## Create, read, write, and delete
## certmaster logs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`certmaster_manage_log',`
gen_require(`
type certmaster_var_log_t;
')
gen_require(`
type certmaster_var_log_t;
')
manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
logging_search_logs($1)
')

View File

@ -120,7 +120,7 @@ cron_rw_pipes(clamd_t)
optional_policy(`
amavis_read_lib_files(clamd_t)
amavis_read_spool_files(clamd_t)
amavis_spool_filetrans(clamd_t,clamd_var_run_t,sock_file)
amavis_spool_filetrans(clamd_t, clamd_var_run_t, sock_file)
amavis_create_pid_files(clamd_t)
')

View File

@ -35,7 +35,7 @@ template(`courier_domain_template',`
can_exec(courier_$1_t, courier_$1_exec_t)
read_files_pattern(courier_$1_t,courier_etc_t,courier_etc_t)
read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
allow courier_$1_t courier_etc_t:dir list_dir_perms;
manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)

View File

@ -34,7 +34,7 @@ template(`cron_common_crontab_template',`
allow $1_t self:process signal_perms;
allow $1_t $1_tmp_t:file manage_file_perms;
files_tmp_filetrans($1_t,$1_tmp_t,file)
files_tmp_filetrans($1_t,$1_tmp_t, file)
# create files in /var/spool/cron
# cjp: change this to a role transition
@ -411,7 +411,7 @@ interface(`cron_anacron_domtrans_system_job',`
type system_cronjob_t, anacron_exec_t;
')
domtrans_pattern($1,anacron_exec_t,system_cronjob_t)
domtrans_pattern($1, anacron_exec_t, system_cronjob_t)
')
########################################

View File

@ -90,7 +90,7 @@ type system_cronjob_tmp_t alias system_crond_tmp_t;
files_tmp_file(system_cronjob_tmp_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(crond_t,crond_exec_t,s0 - mcs_systemhigh)
init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
')
type unconfined_cronjob_t;
@ -147,7 +147,7 @@ allow crond_t self:msg { send receive };
allow crond_t self:key { search write link };
allow crond_t crond_var_run_t:file manage_file_perms;
files_pid_filetrans(crond_t,crond_var_run_t,file)
files_pid_filetrans(crond_t, crond_var_run_t, file)
allow crond_t cron_spool_t:dir rw_dir_perms;
allow crond_t cron_spool_t:file read_file_perms;
@ -306,7 +306,7 @@ allow system_cronjob_t crond_t:process sigchld;
# Write /var/lock/makewhatis.lock.
allow system_cronjob_t system_cronjob_lock_t:file manage_file_perms;
files_lock_filetrans(system_cronjob_t,system_cronjob_lock_t,file)
files_lock_filetrans(system_cronjob_t, system_cronjob_lock_t, file)
# write temporary files
manage_files_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t)

View File

@ -66,11 +66,11 @@ type ptal_var_run_t;
files_pid_file(ptal_var_run_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(cupsd_t,cupsd_exec_t,s0 - mcs_systemhigh)
init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, s0 - mcs_systemhigh)
')
ifdef(`enable_mls',`
init_ranged_daemon_domain(cupsd_t,cupsd_exec_t,mls_systemhigh)
init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, mls_systemhigh)
')
########################################

View File

@ -42,7 +42,7 @@ allow ddclient_t self:udp_socket create_socket_perms;
allow ddclient_t ddclient_etc_t:file read_file_perms;
allow ddclient_t ddclient_log_t:file manage_file_perms;
logging_log_filetrans(ddclient_t,ddclient_log_t,file)
logging_log_filetrans(ddclient_t, ddclient_log_t, file)
manage_dirs_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
manage_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)

View File

@ -36,7 +36,7 @@ allow dnsmasq_t self:rawip_socket create_socket_perms;
# dhcp leases
manage_files_pattern(dnsmasq_t, dnsmasq_lease_t, dnsmasq_lease_t)
files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
files_var_lib_filetrans(dnsmasq_t, dnsmasq_lease_t, file)
manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)

View File

@ -53,14 +53,14 @@ files_pid_file(exim_var_run_t)
# exim local policy
#
allow exim_t self:capability { chown dac_override dac_read_search fowner setuid setgid sys_resource };
allow exim_t self:capability { chown dac_override dac_read_search fowner setuid setgid sys_resource };
allow exim_t self:process { setrlimit setpgid };
allow exim_t self:fifo_file rw_fifo_file_perms;
allow exim_t self:unix_stream_socket create_stream_socket_perms;
allow exim_t self:tcp_socket create_stream_socket_perms;
allow exim_t self:udp_socket create_socket_perms;
can_exec(exim_t,exim_exec_t)
can_exec(exim_t, exim_exec_t)
manage_files_pattern(exim_t, exim_log_t, exim_log_t)
logging_log_filetrans(exim_t, exim_log_t, { file dir })
@ -132,8 +132,8 @@ mta_mailserver_delivery(exim_t)
tunable_policy(`exim_can_connect_db',`
corenet_tcp_connect_mysqld_port(exim_t)
corenet_sendrecv_mysqld_client_packets(exim_t)
corenet_tcp_connect_postgresql_port(exim_t)
corenet_sendrecv_postgresql_client_packets(exim_t)
corenet_tcp_connect_postgresql_port(exim_t)
corenet_sendrecv_postgresql_client_packets(exim_t)
')
tunable_policy(`exim_read_user_files',`

View File

@ -246,7 +246,7 @@ optional_policy(`
files_read_usr_files(ftpd_t)
cron_system_entry(ftpd_t, ftpd_exec_t)
cron_system_entry(ftpd_t, ftpd_exec_t)
optional_policy(`
logrotate_exec(ftpd_t)

View File

@ -39,7 +39,7 @@ manage_files_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t)
files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file manage_file_perms;
files_pid_filetrans(gpm_t,gpm_var_run_t,file)
files_pid_filetrans(gpm_t, gpm_var_run_t, file)
allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;

View File

@ -1 +1 @@
/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)

View File

@ -2,71 +2,71 @@
########################################
## <summary>
## Execute a domain transition to run gpsd.
## Execute a domain transition to run gpsd.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`gpsd_domtrans',`
gen_require(`
type gpsd_t, gpsd_exec_t;
')
gen_require(`
type gpsd_t, gpsd_exec_t;
')
domtrans_pattern($1, gpsd_exec_t, gpsd_t)
domtrans_pattern($1, gpsd_exec_t, gpsd_t)
')
########################################
## <summary>
## Execute gpsd in the gpsd domain, and
## allow the specified role the gpsd domain.
## Execute gpsd in the gpsd domain, and
## allow the specified role the gpsd domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## <summary>
## Domain allowed access
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the gpsd domain.
## </summary>
## <summary>
## The role to be allowed the gpsd domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the role's terminal.
## </summary>
## <summary>
## The type of the role's terminal.
## </summary>
## </param>
#
interface(`gpsd_run',`
gen_require(`
type gpsd_t;
')
gen_require(`
type gpsd_t;
')
gpsd_domtrans($1)
role $2 types gpsd_t;
allow gpsd_t $3:chr_file rw_term_perms;
gpsd_domtrans($1)
role $2 types gpsd_t;
allow gpsd_t $3:chr_file rw_term_perms;
')
########################################
## <summary>
## Read and write gpsd shared memory.
## Read and write gpsd shared memory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`gpsd_rw_shm',`
gen_require(`
type gpsd_t, gpsd_tmpfs_t;
')
gen_require(`
type gpsd_t, gpsd_tmpfs_t;
')
allow $1 gpsd_t:shm rw_shm_perms;
allow $1 gpsd_tmpfs_t:dir list_dir_perms;
rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
fs_search_tmpfs($1)
allow $1 gpsd_t:shm rw_shm_perms;
allow $1 gpsd_tmpfs_t:dir list_dir_perms;
rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
fs_search_tmpfs($1)
')

View File

@ -47,7 +47,7 @@ logging_send_syslog_msg(gpsd_t)
miscfiles_read_localization(gpsd_t)
optional_policy(`
dbus_system_bus_client(gpsd_t)
dbus_system_bus_client(gpsd_t)
')
optional_policy(`

View File

@ -1,6 +1,6 @@
/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
/etc/rc\.d/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0)
/etc/rc\.d/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0)
/usr/sbin/ifplugd -- gen_context(system_u:object_r:ifplugd_exec_t,s0)

View File

@ -73,5 +73,5 @@ sysnet_read_dhcpc_pid(ifplugd_t)
sysnet_signal_dhcpc(ifplugd_t)
optional_policy(`
consoletype_exec(ifplugd_t)
consoletype_exec(ifplugd_t)
')

View File

@ -31,7 +31,7 @@ type inetd_child_var_run_t;
files_pid_file(inetd_child_var_run_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(inetd_t, inetd_exec_t,s0 - mcs_systemhigh)
init_ranged_daemon_domain(inetd_t, inetd_exec_t, s0 - mcs_systemhigh)
')
########################################

View File

@ -281,7 +281,7 @@ interface(`kerberos_connect_524',`
tunable_policy(`allow_kerberos',`
allow $1 self:udp_socket create_socket_perms;
corenet_all_recvfrom_unlabeled($1)
corenet_all_recvfrom_unlabeled($1)
corenet_udp_sendrecv_generic_if($1)
corenet_udp_sendrecv_generic_node($1)
corenet_udp_sendrecv_kerberos_master_port($1)

View File

@ -84,7 +84,7 @@ allow kadmind_t self:tcp_socket connected_stream_socket_perms;
allow kadmind_t self:udp_socket create_socket_perms;
allow kadmind_t kadmind_log_t:file manage_file_perms;
logging_log_filetrans(kadmind_t,kadmind_log_t,file)
logging_log_filetrans(kadmind_t, kadmind_log_t, file)
allow kadmind_t krb5_conf_t:file read_file_perms;
dontaudit kadmind_t krb5_conf_t:file write;

View File

@ -61,7 +61,7 @@ manage_lnk_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
allow slapd_t slapd_etc_t:file read_file_perms;
allow slapd_t slapd_lock_t:file manage_file_perms;
files_lock_filetrans(slapd_t,slapd_lock_t,file)
files_lock_filetrans(slapd_t, slapd_lock_t, file)
# Allow access to write the replication log (should tighten this)
manage_dirs_pattern(slapd_t, slapd_replog_t, slapd_replog_t)

View File

@ -21,39 +21,39 @@ interface(`lircd_domtrans',`
######################################
## <summary>
## Connect to lircd over a unix domain
## stream socket.
## Connect to lircd over a unix domain
## stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`lircd_stream_connect',`
gen_require(`
type lircd_sock_t, lircd_t;
')
gen_require(`
type lircd_sock_t, lircd_t;
')
allow $1 lircd_t:unix_stream_socket connectto;
allow $1 lircd_sock_t:sock_file write_sock_file_perms;
files_search_pids($1)
allow $1 lircd_t:unix_stream_socket connectto;
allow $1 lircd_sock_t:sock_file write_sock_file_perms;
files_search_pids($1)
')
#######################################
## <summary>
## Read lircd etc file
## Read lircd etc file
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`lircd_read_config',`
gen_require(`
type lircd_etc_t;
')
')
read_files_pattern($1, lircd_etc_t, lircd_etc_t)
')

View File

@ -148,7 +148,7 @@ files_tmp_filetrans(lpd_t, lpd_tmp_t, { file dir })
manage_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
manage_sock_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
files_pid_filetrans(lpd_t, lpd_var_run_t,file)
files_pid_filetrans(lpd_t, lpd_var_run_t, file)
# Write to /var/spool/lpd.
manage_files_pattern(lpd_t, print_spool_t, print_spool_t)
@ -304,14 +304,14 @@ tunable_policy(`use_lpd_server',`
manage_files_pattern(lpr_t, lpr_tmp_t, lpr_tmp_t)
files_tmp_filetrans(lpr_t, lpr_tmp_t, { file dir })
manage_files_pattern(lpr_t,print_spool_t,print_spool_t)
filetrans_pattern(lpr_t,print_spool_t,print_spool_t,file)
manage_files_pattern(lpr_t, print_spool_t, print_spool_t)
filetrans_pattern(lpr_t, print_spool_t, print_spool_t, file)
# Read and write shared files in the spool directory.
allow lpr_t print_spool_t:file rw_file_perms;
allow lpr_t printconf_t:dir list_dir_perms;
read_files_pattern(lpr_t,printconf_t,printconf_t)
read_lnk_files_pattern(lpr_t,printconf_t,printconf_t)
read_files_pattern(lpr_t, printconf_t, printconf_t)
read_lnk_files_pattern(lpr_t, printconf_t, printconf_t)
')
tunable_policy(`use_nfs_home_dirs',`

View File

@ -16,7 +16,7 @@ interface(`memcached_domtrans',`
type memcached_exec_t;
')
domtrans_pattern($1,memcached_exec_t,memcached_t)
domtrans_pattern($1, memcached_exec_t, memcached_t)
')
########################################

View File

@ -40,7 +40,7 @@ corenet_udp_bind_memcache_port(memcached_t)
manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
files_pid_filetrans(memcached_t,memcached_var_run_t, { file dir })
files_pid_filetrans(memcached_t, memcached_var_run_t, { file dir })
files_read_etc_files(memcached_t)

View File

@ -257,7 +257,7 @@ interface(`mta_sendmail_mailserver',`
type sendmail_exec_t;
')
init_system_domain($1,sendmail_exec_t)
init_system_domain($1, sendmail_exec_t)
typeattribute $1 mailserver_domain;
')

View File

@ -101,7 +101,7 @@ optional_policy(`
')
optional_policy(`
cron_system_entry(munin_t,munin_exec_t)
cron_system_entry(munin_t, munin_exec_t)
')
optional_policy(`

View File

@ -10,7 +10,7 @@
#
# /usr
#
/usr/bin/mysqld_safe -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
/usr/bin/mysqld_safe -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)

View File

@ -142,18 +142,18 @@ interface(`mysql_manage_db_dirs',`
#######################################
## <summary>
## Append to the MySQL database directory.
## Append to the MySQL database directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mysql_append_db_files',`
gen_require(`
type mysqld_db_t;
')
gen_require(`
type mysqld_db_t;
')
files_search_var_lib($1)
append_files_pattern($1, mysqld_db_t, mysqld_db_t)
@ -161,40 +161,40 @@ interface(`mysql_append_db_files',`
#######################################
## <summary>
## Read and write to the MySQL database directory.
## Read and write to the MySQL database directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mysql_rw_db_files',`
gen_require(`
type mysqld_db_t;
')
gen_require(`
type mysqld_db_t;
')
files_search_var_lib($1)
files_search_var_lib($1)
rw_files_pattern($1, mysqld_db_t, mysqld_db_t)
')
#######################################
## <summary>
## Create, read, write, and delete MySQL database files.
## Create, read, write, and delete MySQL database files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mysql_manage_db_files',`
gen_require(`
type mysqld_db_t;
')
gen_require(`
type mysqld_db_t;
')
files_search_var_lib($1)
manage_files_pattern($1, mysqld_db_t, mysqld_db_t)
files_search_var_lib($1)
manage_files_pattern($1, mysqld_db_t, mysqld_db_t)
')
########################################
@ -239,21 +239,21 @@ interface(`mysql_write_log',`
#####################################
## <summary>
## Search MySQL PID files.
## Search MySQL PID files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
##
#
interface(`mysql_search_pid_files',`
gen_require(`
type mysqld_var_run_t;
')
gen_require(`
type mysqld_var_run_t;
')
search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
')
########################################

View File

@ -152,7 +152,7 @@ hostname_exec(mysqld_safe_t)
miscfiles_read_localization(mysqld_safe_t)
mysql_append_db_files(mysqld_safe_t)
mysql_append_db_files(mysqld_safe_t)
mysql_read_config(mysqld_safe_t)
mysql_search_pid_files(mysqld_safe_t)
mysql_write_log(mysqld_safe_t)

View File

@ -57,7 +57,7 @@ files_search_tmp(NetworkManager_t)
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)

View File

@ -225,7 +225,7 @@ allow ypserv_t self:netlink_route_socket r_netlink_socket_perms;
allow ypserv_t self:tcp_socket connected_stream_socket_perms;
allow ypserv_t self:udp_socket create_socket_perms;
manage_files_pattern(ypserv_t,var_yp_t,var_yp_t)
manage_files_pattern(ypserv_t, var_yp_t, var_yp_t)
allow ypserv_t ypserv_conf_t:file read_file_perms;

View File

@ -1,10 +1,10 @@
/etc/nsd(/.*)? gen_context(system_u:object_r:nsd_conf_t,s0)
/etc/nsd(/.*)? gen_context(system_u:object_r:nsd_conf_t,s0)
/etc/nsd/nsd\.db -- gen_context(system_u:object_r:nsd_db_t,s0)
/etc/nsd/primary(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
/etc/nsd/secondary(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
/usr/sbin/nsd -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsd -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsdc -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsd-notify -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/zonec -- gen_context(system_u:object_r:nsd_exec_t,s0)

View File

@ -56,24 +56,24 @@ interface(`ntp_domtrans_ntpdate',`
########################################
## <summary>
## Read and write ntpd shared memory.
## Read and write ntpd shared memory.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`ntpd_rw_shm',`
gen_require(`
type ntpd_t, ntpd_tmpfs_t;
')
gen_require(`
type ntpd_t, ntpd_tmpfs_t;
')
allow $1 ntpd_t:shm rw_shm_perms;
list_dirs_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
fs_search_tmpfs($1)
allow $1 ntpd_t:shm rw_shm_perms;
list_dirs_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
fs_search_tmpfs($1)
')
########################################

View File

@ -52,13 +52,13 @@ allow ntpd_t self:udp_socket create_socket_perms;
manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
can_exec(ntpd_t,ntpd_exec_t)
can_exec(ntpd_t, ntpd_exec_t)
read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
allow ntpd_t ntpd_log_t:dir setattr;
manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
logging_log_filetrans(ntpd_t,ntpd_log_t,{ file dir })
manage_files_pattern(ntpd_t, ntpd_log_t, ntpd_log_t)
logging_log_filetrans(ntpd_t, ntpd_log_t, { file dir })
# for some reason it creates a file in /tmp
manage_dirs_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)

View File

@ -35,7 +35,7 @@ allow nx_server_t self:tcp_socket create_socket_perms;
allow nx_server_t self:udp_socket create_socket_perms;
allow nx_server_t nx_server_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty(nx_server_t,nx_server_devpts_t)
term_create_pty(nx_server_t, nx_server_devpts_t)
manage_dirs_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
manage_files_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)

View File

@ -16,7 +16,7 @@ interface(`openca_domtrans',`
type openca_ca_t, openca_ca_exec_t, openca_usr_share_t;
')
domtrans_pattern($1,openca_ca_exec_t,openca_ca_t)
domtrans_pattern($1, openca_ca_exec_t, openca_ca_t)
allow $1 openca_usr_share_t:dir search_dir_perms;
files_search_usr($1)
')

View File

@ -5,8 +5,8 @@
/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)

View File

@ -20,78 +20,78 @@ interface(`pingd_domtrans',`
#######################################
## <summary>
## Read pingd etc configuration files.
## Read pingd etc configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`pingd_read_config',`
gen_require(`
type pingd_etc_t;
')
gen_require(`
type pingd_etc_t;
')
files_search_etc($1)
read_files_pattern($1, pingd_etc_t, pingd_etc_t)
files_search_etc($1)
read_files_pattern($1, pingd_etc_t, pingd_etc_t)
')
#######################################
## <summary>
## Manage pingd etc configuration files.
## Manage pingd etc configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`pingd_manage_config',`
gen_require(`
type pingd_etc_t;
')
gen_require(`
type pingd_etc_t;
')
files_search_etc($1)
manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
files_search_etc($1)
manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
')
#######################################
## <summary>
## All of the rules required to administrate
## an pingd environment
## All of the rules required to administrate
## an pingd environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the pingd domain.
## </summary>
## <summary>
## The role to be allowed to manage the pingd domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`pingd_admin',`
gen_require(`
type pingd_t, pingd_etc_t;
type pingd_initrc_exec_t, pingd_modules_t;
')
gen_require(`
type pingd_t, pingd_etc_t;
type pingd_initrc_exec_t, pingd_modules_t;
')
allow $1 pingd_t:process { ptrace signal_perms };
ps_process_pattern($1, pingd_t)
allow $1 pingd_t:process { ptrace signal_perms };
ps_process_pattern($1, pingd_t)
init_labeled_script_domtrans($1, pingd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 pingd_initrc_exec_t system_r;
allow $2 system_r;
init_labeled_script_domtrans($1, pingd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 pingd_initrc_exec_t system_r;
allow $2 system_r;
files_list_etc($1)
admin_pattern($1, pingd_etc_t)
files_list_etc($1)
admin_pattern($1, pingd_etc_t)
files_list_usr($1)
admin_pattern($1, pingd_modules_t)
admin_pattern($1, pingd_modules_t)
')

View File

@ -365,7 +365,7 @@ interface(`postfix_exec_master',`
type postfix_master_exec_t;
')
can_exec($1,postfix_master_exec_t)
can_exec($1, postfix_master_exec_t)
')
########################################

View File

@ -106,7 +106,7 @@ allow postfix_master_t self:udp_socket create_socket_perms;
allow postfix_master_t postfix_etc_t:file rw_file_perms;
can_exec(postfix_master_t,postfix_exec_t)
can_exec(postfix_master_t, postfix_exec_t)
allow postfix_master_t postfix_data_t:dir manage_dir_perms;
allow postfix_master_t postfix_data_t:file manage_file_perms;
@ -363,7 +363,7 @@ optional_policy(`
allow postfix_pickup_t self:tcp_socket create_socket_perms;
stream_connect_pattern(postfix_pickup_t,postfix_private_t,postfix_private_t,postfix_master_t)
stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
rw_sock_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
@ -445,7 +445,7 @@ allow postfix_postqueue_t self:tcp_socket create;
allow postfix_postqueue_t self:udp_socket { create ioctl };
# wants to write to /var/spool/postfix/public/showq
stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t,postfix_master_t)
stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t, postfix_master_t)
# write to /var/spool/postfix/public/qmgr
write_fifo_files_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t)

View File

@ -53,7 +53,7 @@ interface(`postgresql_role',`
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
')
allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;

View File

@ -178,7 +178,7 @@ allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
can_exec(postgresql_t, postgresql_exec_t )
allow postgresql_t postgresql_lock_t:file manage_file_perms;
files_lock_filetrans(postgresql_t,postgresql_lock_t,file)
files_lock_filetrans(postgresql_t, postgresql_lock_t, file)
manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
@ -268,7 +268,7 @@ optional_policy(`
optional_policy(`
cron_search_spool(postgresql_t)
cron_system_entry(postgresql_t,postgresql_exec_t)
cron_system_entry(postgresql_t, postgresql_exec_t)
')
optional_policy(`

View File

@ -30,7 +30,7 @@ allow procmail_t self:unix_dgram_socket create_socket_perms;
allow procmail_t self:tcp_socket create_stream_socket_perms;
allow procmail_t self:udp_socket create_socket_perms;
can_exec(procmail_t,procmail_exec_t)
can_exec(procmail_t, procmail_exec_t)
# Write log to /var/log/procmail.log or /var/log/procmail/.*
allow procmail_t procmail_log_t:dir setattr;

View File

@ -84,13 +84,13 @@ interface(`psad_read_config',`
## </param>
#
interface(`psad_manage_config',`
gen_require(`
type psad_etc_t;
')
gen_require(`
type psad_etc_t;
')
files_search_etc($1)
manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
manage_files_pattern($1, psad_etc_t, psad_etc_t)
manage_files_pattern($1, psad_etc_t, psad_etc_t)
')

View File

@ -102,6 +102,6 @@ miscfiles_read_localization(psad_t)
sysnet_exec_ifconfig(psad_t)
optional_policy(`
mta_send_mail(psad_t)
mta_send_mail(psad_t)
mta_read_queue(psad_t)
')

View File

@ -36,7 +36,7 @@ ubac_constrained(pyzor_var_lib_t)
type pyzord_t;
type pyzord_exec_t;
init_daemon_domain(pyzord_t,pyzord_exec_t)
init_daemon_domain(pyzord_t, pyzord_exec_t)
type pyzord_log_t;
logging_log_file(pyzord_log_t)
@ -54,14 +54,14 @@ manage_lnk_files_pattern(pyzor_t, pyzor_home_t, pyzor_home_t)
userdom_user_home_dir_filetrans(pyzor_t, pyzor_home_t, { dir file lnk_file })
allow pyzor_t pyzor_var_lib_t:dir list_dir_perms;
read_files_pattern(pyzor_t,pyzor_var_lib_t,pyzor_var_lib_t)
read_files_pattern(pyzor_t, pyzor_var_lib_t, pyzor_var_lib_t)
files_search_var_lib(pyzor_t)
manage_files_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
manage_dirs_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
kernel_read_kernel_sysctls(pyzor_t)
kernel_read_kernel_sysctls(pyzor_t)
kernel_read_system_state(pyzor_t)
corecmd_list_bin(pyzor_t)

View File

@ -147,5 +147,5 @@ interface(`qmail_smtpd_service_domain',`
type qmail_smtpd_t;
')
domtrans_pattern(qmail_smtpd_t, $2, $1)
domtrans_pattern(qmail_smtpd_t, $2, $1)
')

View File

@ -3,7 +3,7 @@
/etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0)
/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0)
/etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
/etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
/usr/sbin/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0)

View File

@ -32,7 +32,7 @@ allow rhgb_t self:udp_socket create_socket_perms;
allow rhgb_t self:netlink_route_socket r_netlink_socket_perms;
allow rhgb_t rhgb_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty(rhgb_t,rhgb_devpts_t)
term_create_pty(rhgb_t, rhgb_devpts_t)
manage_dirs_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
manage_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)

View File

@ -71,7 +71,7 @@ interface(`ricci_dontaudit_rw_modcluster_pipes',`
type ricci_modcluster_t;
')
dontaudit $1 ricci_modcluster_t:fifo_file { read write };
dontaudit $1 ricci_modcluster_t:fifo_file { read write };
')
########################################

View File

@ -206,11 +206,11 @@ interface(`rpc_domtrans_nfsd',`
########################################
## <summary>
## Execute domain in nfsd domain.
## Execute domain in nfsd domain.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -362,7 +362,7 @@ interface(`rpc_read_nfs_state_data',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

View File

@ -1,6 +1,6 @@
/usr/bin/rsync -- gen_context(system_u:object_r:rsync_exec_t,s0)
/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)

View File

@ -111,7 +111,7 @@ interface(`rwho_manage_spool_files',`
type rwho_spool_t;
')
manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
files_search_spool($1)
')

View File

@ -537,7 +537,7 @@ corecmd_list_bin(smbmount_t)
files_list_mnt(smbmount_t)
files_mounton_mnt(smbmount_t)
files_manage_etc_runtime_files(smbmount_t)
files_etc_filetrans_etc_runtime(smbmount_t,file)
files_etc_filetrans_etc_runtime(smbmount_t, file)
files_read_etc_files(smbmount_t)
auth_use_nsswitch(smbmount_t)
@ -672,7 +672,7 @@ files_list_var_lib(winbind_t)
rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t)
allow winbind_t winbind_log_t:file manage_file_perms;
logging_log_filetrans(winbind_t,winbind_log_t,file)
logging_log_filetrans(winbind_t, winbind_log_t, file)
manage_dirs_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
manage_files_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)

View File

@ -48,7 +48,7 @@ logging_log_filetrans(setroubleshootd_t, setroubleshoot_var_log_t, { file dir })
# pid file
manage_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
manage_sock_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
files_pid_filetrans(setroubleshootd_t,setroubleshoot_var_run_t, { file sock_file })
files_pid_filetrans(setroubleshootd_t, setroubleshoot_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(setroubleshootd_t)
kernel_read_system_state(setroubleshootd_t)

View File

@ -35,7 +35,7 @@ allow snmpd_t self:tcp_socket create_stream_socket_perms;
allow snmpd_t self:udp_socket connected_stream_socket_perms;
allow snmpd_t snmpd_log_t:file manage_file_perms;
logging_log_filetrans(snmpd_t,snmpd_log_t,file)
logging_log_filetrans(snmpd_t, snmpd_log_t, file)
manage_dirs_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
manage_files_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)

View File

@ -42,7 +42,7 @@ files_tmp_file(sshd_tmp_t)
files_poly_parent(sshd_tmp_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(sshd_t,sshd_exec_t,s0 - mcs_systemhigh)
init_ranged_daemon_domain(sshd_t, sshd_exec_t, s0 - mcs_systemhigh)
')
type ssh_t;
@ -112,8 +112,8 @@ manage_fifo_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
manage_sock_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
fs_tmpfs_filetrans(ssh_t, ssh_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
manage_dirs_pattern(ssh_t,home_ssh_t,home_ssh_t)
manage_sock_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
manage_dirs_pattern(ssh_t, home_ssh_t, home_ssh_t)
manage_sock_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
userdom_user_home_dir_filetrans(ssh_t, home_ssh_t, { dir sock_file })
# Allow the ssh program to communicate with ssh-agent.
@ -122,13 +122,13 @@ stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
allow ssh_t sshd_t:unix_stream_socket connectto;
# ssh client can manage the keys and config
manage_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
read_lnk_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
manage_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
read_lnk_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
# ssh servers can read the user keys and config
allow ssh_server home_ssh_t:dir list_dir_perms;
read_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
read_lnk_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
read_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
read_lnk_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
kernel_read_kernel_sysctls(ssh_t)

View File

@ -1,4 +1,4 @@
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
/usr/bin/stunnel -- gen_context(system_u:object_r:stunnel_exec_t,s0)

View File

@ -16,6 +16,6 @@ interface(`sysstat_manage_log',`
type sysstat_log_t;
')
logging_search_logs($1)
logging_search_logs($1)
manage_files_pattern($1, sysstat_log_t, sysstat_log_t)
')

View File

@ -89,6 +89,6 @@ files_read_etc_files(ucspitcp_t)
sysnet_read_config(ucspitcp_t)
optional_policy(`
daemontools_service_domain(ucspitcp_t,ucspitcp_exec_t)
daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
daemontools_read_svc(ucspitcp_t)
')

View File

@ -62,21 +62,21 @@ interface(`ulogd_read_log',`
#######################################
## <summary>
## Allow the specified domain to search ulogd's log files.
## Allow the specified domain to search ulogd's log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`ulogd_search_log',`
gen_require(`
type ulogd_var_log_t;
')
gen_require(`
type ulogd_var_log_t;
')
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir search_dir_perms;
logging_search_logs($1)
allow $1 ulogd_var_log_t:dir search_dir_perms;
')
########################################

View File

@ -3,4 +3,4 @@
/usr/sbin/uptimed -- gen_context(system_u:object_r:uptimed_exec_t,s0)
/var/spool/uptimed(/.*)? gen_context(system_u:object_r:uptimed_spool_t,s0)
/var/spool/uptimed(/.*)? gen_context(system_u:object_r:uptimed_spool_t,s0)

View File

@ -135,7 +135,7 @@ interface(`virt_manage_pid_files',`
type virt_var_run_t;
')
manage_files_pattern($1, virt_var_run_t, virt_var_run_t)
manage_files_pattern($1, virt_var_run_t, virt_var_run_t)
')
########################################

Some files were not shown because too many files have changed in this diff Show More