rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

avahi patch from Dan Walsh

Browse Source 
Didn't include the file read in the dbus_chat interface.
This commit is contained in:
Jeremy Solt 2010-03-24 14:19:30 -04:00 committed by Chris PeBenito
parent dcbb332992
commit 4c05dff3d1
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/avahi.fc
View File

@ -6,4 +6,4 @@
/var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0) /var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
/usr/lib/avahi-autoipd(/.*) gen_context(system_u:object_r:avahi_var_lib_t,s0) /var/lib/avahi-autoipd(/.*)? gen_context(system_u:object_r:avahi_var_lib_t,s0)

13
policy/modules/services/avahi.te
View File

@ -24,7 +24,7 @@ files_pid_file(avahi_var_run_t)
# Local policy # Local policy
# #
allow avahi_t self:capability { dac_override setgid chown fowner kill net_admin setuid sys_chroot }; allow avahi_t self:capability { dac_override setgid chown fowner kill net_admin net_raw setuid sys_chroot };
dontaudit avahi_t self:capability sys_tty_config; dontaudit avahi_t self:capability sys_tty_config;
allow avahi_t self:process { setrlimit signal_perms getcap setcap }; allow avahi_t self:process { setrlimit signal_perms getcap setcap };
allow avahi_t self:fifo_file rw_fifo_file_perms; allow avahi_t self:fifo_file rw_fifo_file_perms;
@ -32,6 +32,7 @@ allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow avahi_t self:unix_dgram_socket create_socket_perms; allow avahi_t self:unix_dgram_socket create_socket_perms;
allow avahi_t self:tcp_socket create_stream_socket_perms; allow avahi_t self:tcp_socket create_stream_socket_perms;
allow avahi_t self:udp_socket create_socket_perms; allow avahi_t self:udp_socket create_socket_perms;
allow avahi_t self:packet_socket create_socket_perms;
manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t) manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t) manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
@ -42,11 +43,13 @@ manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
allow avahi_t avahi_var_run_t:dir setattr; allow avahi_t avahi_var_run_t:dir setattr;
files_pid_filetrans(avahi_t, avahi_var_run_t, file) files_pid_filetrans(avahi_t, avahi_var_run_t, file)
kernel_read_system_state(avahi_t)
kernel_read_kernel_sysctls(avahi_t) kernel_read_kernel_sysctls(avahi_t)
kernel_list_proc(avahi_t)
kernel_read_proc_symlinks(avahi_t)
kernel_read_network_state(avahi_t) kernel_read_network_state(avahi_t)
corecmd_exec_bin(avahi_t)
corecmd_exec_shell(avahi_t)
corenet_all_recvfrom_unlabeled(avahi_t) corenet_all_recvfrom_unlabeled(avahi_t)
corenet_all_recvfrom_netlabel(avahi_t) corenet_all_recvfrom_netlabel(avahi_t)
corenet_tcp_sendrecv_generic_if(avahi_t) corenet_tcp_sendrecv_generic_if(avahi_t)
@ -85,6 +88,10 @@ logging_send_syslog_msg(avahi_t)
miscfiles_read_localization(avahi_t) miscfiles_read_localization(avahi_t)
miscfiles_read_certs(avahi_t) miscfiles_read_certs(avahi_t)
sysnet_domtrans_ifconfig(avahi_t)
sysnet_manage_config(avahi_t)
sysnet_etc_filetrans_config(avahi_t)
userdom_dontaudit_use_unpriv_user_fds(avahi_t) userdom_dontaudit_use_unpriv_user_fds(avahi_t)
userdom_dontaudit_search_user_home_dirs(avahi_t) userdom_dontaudit_search_user_home_dirs(avahi_t)