Fixes for f14
This commit is contained in:
parent
46c24a359b
commit
4765a595e8
@ -21,3 +21,21 @@ interface(`firewallgui_dbus_chat',`
|
||||
allow $1 firewallgui_t:dbus send_msg;
|
||||
allow firewallgui_t $1:dbus send_msg;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write firewallgui unnamed pipes.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`firewallgui_dontaudit_rw_pipes',`
|
||||
gen_require(`
|
||||
type firewallgui_t;
|
||||
')
|
||||
|
||||
dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
')
|
||||
|
@ -10,6 +10,7 @@
|
||||
/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/mountpoint -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
|
@ -1442,6 +1442,24 @@ interface(`files_dontaudit_search_all_mountpoints',`
|
||||
dontaudit $1 mountpoint:dir search_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit listing of all mount points.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_dontaudit_list_all_mountpoints',`
|
||||
gen_require(`
|
||||
attribute mountpoint;
|
||||
')
|
||||
|
||||
dontaudit $1 mountpoint:dir list_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Write all mount points.
|
||||
@ -3840,6 +3858,24 @@ interface(`files_relabelto_system_conf_files',`
|
||||
relabelto_files_pattern($1, system_conf_t, system_conf_t)
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Relabel manageable system configuration files in /etc.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_relabelfrom_system_conf_files',`
|
||||
gen_require(`
|
||||
type usr_t;
|
||||
')
|
||||
|
||||
relabelfrom_files_pattern($1, system_conf_t, system_conf_t)
|
||||
')
|
||||
|
||||
###################################
|
||||
## <summary>
|
||||
## Create files in /etc with the type used for
|
||||
|
@ -144,6 +144,7 @@ corecmd_exec_shell(boinc_project_t)
|
||||
|
||||
corenet_tcp_connect_boinc_port(boinc_project_t)
|
||||
|
||||
dev_read_urand(boinc_project_t)
|
||||
dev_rw_xserver_misc(boinc_project_t)
|
||||
|
||||
files_read_etc_files(boinc_project_t)
|
||||
|
@ -130,6 +130,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
samba_domtrans_winbind_helper(radiusd_t)
|
||||
samba_read_var_files(radiusd_t)
|
||||
')
|
||||
|
||||
|
@ -341,6 +341,7 @@ files_read_usr_files(smbd_t)
|
||||
files_search_spool(smbd_t)
|
||||
# smbd seems to getattr all mountpoints
|
||||
files_dontaudit_getattr_all_dirs(smbd_t)
|
||||
files_dontaudit_list_all_mountpoints(smbd_t)
|
||||
# Allow samba to list mnt_t for potential mounted dirs
|
||||
files_list_mnt(smbd_t)
|
||||
|
||||
|
@ -450,6 +450,24 @@ interface(`virt_read_images',`
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow domain to read virt blk image files
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`virt_read_blk_images',`
|
||||
gen_require(`
|
||||
attribute virt_image_type;
|
||||
')
|
||||
|
||||
read_blk_files_pattern($1, virt_image_type, virt_image_type)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete
|
||||
|
@ -288,6 +288,8 @@ files_read_etc_runtime_files(virtd_t)
|
||||
files_search_all(virtd_t)
|
||||
files_read_kernel_modules(virtd_t)
|
||||
files_read_usr_src_files(virtd_t)
|
||||
files_relabelto_system_conf_files(virtd_t)
|
||||
files_relabelfrom_system_conf_files(virtd_t)
|
||||
|
||||
# Manages /etc/sysconfig/system-config-firewall
|
||||
files_manage_system_conf_files(virtd_t)
|
||||
|
@ -189,6 +189,10 @@ optional_policy(`
|
||||
rhgb_stub(fsadm_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
virt_read_blk_images(fsadm_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
xen_append_log(fsadm_t)
|
||||
xen_rw_image_files(fsadm_t)
|
||||
|
@ -203,6 +203,10 @@ optional_policy(`
|
||||
firstboot_dontaudit_rw_stream_sockets(insmod_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
firewallgui_dontaudit_rw_pipes(insmod_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
hal_write_log(insmod_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user