change qemu_t to svirt_t in mls config file virtual machines, remove config data
This commit is contained in:
Dan Walsh
parent
d5bededc4d
commit
5717c509f3
BIN
config.tgz
BIN
config.tgz
Binary file not shown.
@ -1,6 +0,0 @@
|
||||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<selinux>
|
||||
</selinux>
|
||||
</busconfig>
|
||||
@ -1,15 +0,0 @@
|
||||
system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
|
||||
system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
|
||||
system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
|
||||
|
||||
staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
|
||||
|
||||
sysadm_r:sysadm_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
|
||||
|
||||
user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
|
||||
@ -1,6 +0,0 @@
|
||||
auditadm_r:auditadm_t
|
||||
secadm_r:secadm_t
|
||||
sysadm_r:sysadm_t
|
||||
staff_r:staff_t
|
||||
unconfined_r:unconfined_t
|
||||
user_r:user_t
|
||||
@ -1 +0,0 @@
|
||||
sysadm_r:sysadm_t:s0
|
||||
@ -1,6 +0,0 @@
|
||||
guest_r:guest_t:s0 guest_r:guest_t:s0
|
||||
system_r:crond_t:s0 guest_r:guest_t:s0
|
||||
system_r:initrc_su_t:s0 guest_r:guest_t:s0
|
||||
system_r:local_login_t:s0 guest_r:guest_t:s0
|
||||
system_r:remote_login_t:s0 guest_r:guest_t:s0
|
||||
system_r:sshd_t:s0 guest_r:guest_t:s0
|
||||
@ -1 +0,0 @@
|
||||
system_u:system_r:initrc_t:s0
|
||||
@ -1,3 +0,0 @@
|
||||
cdrom system_u:object_r:removable_device_t:s0
|
||||
floppy system_u:object_r:removable_device_t:s0
|
||||
disk system_u:object_r:fixed_disk_device_t:s0
|
||||
@ -1 +0,0 @@
|
||||
system_u:object_r:removable_t:s0
|
||||
@ -1,11 +0,0 @@
|
||||
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
|
||||
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
|
||||
staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
sysadm_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
user_r:user_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
|
||||
#
|
||||
# Uncomment if you want to automatically login as sysadm_r
|
||||
#
|
||||
#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
@ -1 +0,0 @@
|
||||
user_tty_device_t
|
||||
@ -1,3 +0,0 @@
|
||||
system_u:system_u:s0-mcs_systemhigh
|
||||
root:root:s0-mcs_systemhigh
|
||||
__default__:user_u:s0
|
||||
@ -1,10 +0,0 @@
|
||||
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
system_r:remote_login_t:s0 staff_r:staff_t:s0
|
||||
system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
system_r:crond_t:s0 staff_r:cronjob_t:s0
|
||||
system_r:xdm_t:s0 staff_r:staff_t:s0
|
||||
staff_r:staff_su_t:s0 staff_r:staff_t:s0
|
||||
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
|
||||
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
|
||||
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
|
||||
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
|
||||
@ -1,8 +0,0 @@
|
||||
system_r:local_login_t:s0 user_r:user_t:s0
|
||||
system_r:remote_login_t:s0 user_r:user_t:s0
|
||||
system_r:sshd_t:s0 user_r:user_t:s0
|
||||
system_r:crond_t:s0 user_r:cronjob_t:s0
|
||||
system_r:xdm_t:s0 user_r:user_t:s0
|
||||
user_r:user_su_t:s0 user_r:user_t:s0
|
||||
user_r:user_sudo_t:s0 user_r:user_t:s0
|
||||
|
||||
@ -1 +0,0 @@
|
||||
system_u:sysadm_r:sysadm_t:s0
|
||||
@ -1,105 +0,0 @@
|
||||
#
|
||||
# Config file for XSELinux extension
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Clients
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# The default client rule defines a context to be used for all clients
|
||||
# connecting to the server from a remote host.
|
||||
#
|
||||
client * system_u:object_r:remote_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Properties
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Property rules map a property name to a context. A default property
|
||||
# rule indicated by an asterisk should follow all other property rules.
|
||||
#
|
||||
# Properties that normal clients may only read
|
||||
property _SELINUX_* system_u:object_r:seclabel_xproperty_t:s0
|
||||
|
||||
# Clipboard and selection properties
|
||||
property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t:s0
|
||||
|
||||
# Default fallback type
|
||||
property * system_u:object_r:xproperty_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Extensions
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Extension rules map an extension name to a context. A default extension
|
||||
# rule indicated by an asterisk should follow all other extension rules.
|
||||
#
|
||||
# Restricted extensions
|
||||
extension SELinux system_u:object_r:security_xextension_t:s0
|
||||
|
||||
# Standard extensions
|
||||
extension * system_u:object_r:xextension_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Selections
|
||||
##
|
||||
#
|
||||
|
||||
# Selection rules map a selection name to a context. A default selection
|
||||
# rule indicated by an asterisk should follow all other selection rules.
|
||||
#
|
||||
# Standard selections
|
||||
selection PRIMARY system_u:object_r:clipboard_xselection_t:s0
|
||||
selection CLIPBOARD system_u:object_r:clipboard_xselection_t:s0
|
||||
|
||||
# Default fallback type
|
||||
selection * system_u:object_r:xselection_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Events
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Event rules map an event protocol name to a context. A default event
|
||||
# rule indicated by an asterisk should follow all other event rules.
|
||||
#
|
||||
# Input events
|
||||
event X11:KeyPress system_u:object_r:input_xevent_t:s0
|
||||
event X11:KeyRelease system_u:object_r:input_xevent_t:s0
|
||||
event X11:ButtonPress system_u:object_r:input_xevent_t:s0
|
||||
event X11:ButtonRelease system_u:object_r:input_xevent_t:s0
|
||||
event X11:MotionNotify system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceButtonRelease system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceMotionNotify system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t:s0
|
||||
|
||||
# Client message events
|
||||
event X11:ClientMessage system_u:object_r:client_xevent_t:s0
|
||||
event X11:SelectionNotify system_u:object_r:client_xevent_t:s0
|
||||
event X11:UnmapNotify system_u:object_r:client_xevent_t:s0
|
||||
event X11:ConfigureNotify system_u:object_r:client_xevent_t:s0
|
||||
|
||||
# Default fallback type
|
||||
event * system_u:object_r:xevent_t:s0
|
||||
@ -1,7 +0,0 @@
|
||||
system_r:crond_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:local_login_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:remote_login_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:sshd_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:xdm_t:s0 xguest_r:xguest_t:s0
|
||||
xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
|
||||
@ -1,6 +0,0 @@
|
||||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<selinux>
|
||||
</selinux>
|
||||
</busconfig>
|
||||
@ -1,15 +0,0 @@
|
||||
system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
|
||||
system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
|
||||
system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
|
||||
|
||||
staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
|
||||
|
||||
sysadm_r:sysadm_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
|
||||
|
||||
user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
|
||||
@ -1,6 +0,0 @@
|
||||
auditadm_r:auditadm_t
|
||||
secadm_r:secadm_t
|
||||
sysadm_r:sysadm_t
|
||||
staff_r:staff_t
|
||||
unconfined_r:unconfined_t
|
||||
user_r:user_t
|
||||
@ -1 +0,0 @@
|
||||
sysadm_r:sysadm_t:s0
|
||||
@ -1,5 +0,0 @@
|
||||
guest_r:guest_t:s0 guest_r:guest_t:s0
|
||||
system_r:crond_t:s0 guest_r:guest_t:s0
|
||||
system_r:local_login_t:s0 guest_r:guest_t:s0
|
||||
system_r:remote_login_t:s0 guest_r:guest_t:s0
|
||||
system_r:sshd_t:s0 guest_r:guest_t:s0
|
||||
@ -1 +0,0 @@
|
||||
system_u:system_r:initrc_t:s0-mls_systemhigh
|
||||
@ -1,3 +0,0 @@
|
||||
cdrom system_u:object_r:removable_device_t:s0
|
||||
floppy system_u:object_r:removable_device_t:s0
|
||||
disk system_u:object_r:fixed_disk_device_t:s0
|
||||
@ -1 +0,0 @@
|
||||
system_u:object_r:removable_t:s0
|
||||
@ -1,11 +0,0 @@
|
||||
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
|
||||
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
|
||||
staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
sysadm_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
user_r:user_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
|
||||
#
|
||||
# Uncomment if you want to automatically login as sysadm_r
|
||||
#
|
||||
#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
|
||||
@ -1 +0,0 @@
|
||||
user_tty_device_t
|
||||
@ -1,3 +0,0 @@
|
||||
system_u:system_u:s0-mls_systemhigh
|
||||
root:root:s0-mls_systemhigh
|
||||
__default__:user_u:s0
|
||||
@ -1,10 +0,0 @@
|
||||
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
system_r:remote_login_t:s0 staff_r:staff_t:s0
|
||||
system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
|
||||
system_r:crond_t:s0 staff_r:cronjob_t:s0
|
||||
system_r:xdm_t:s0 staff_r:staff_t:s0
|
||||
staff_r:staff_su_t:s0 staff_r:staff_t:s0
|
||||
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
|
||||
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
|
||||
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
|
||||
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
|
||||
@ -1,8 +0,0 @@
|
||||
system_r:local_login_t:s0 user_r:user_t:s0
|
||||
system_r:remote_login_t:s0 user_r:user_t:s0
|
||||
system_r:sshd_t:s0 user_r:user_t:s0
|
||||
system_r:crond_t:s0 user_r:cronjob_t:s0
|
||||
system_r:xdm_t:s0 user_r:user_t:s0
|
||||
user_r:user_su_t:s0 user_r:user_t:s0
|
||||
user_r:user_sudo_t:s0 user_r:user_t:s0
|
||||
|
||||
@ -1 +0,0 @@
|
||||
system_u:sysadm_r:sysadm_t:s0
|
||||
@ -1,105 +0,0 @@
|
||||
#
|
||||
# Config file for XSELinux extension
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Clients
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# The default client rule defines a context to be used for all clients
|
||||
# connecting to the server from a remote host.
|
||||
#
|
||||
client * system_u:object_r:remote_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Properties
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Property rules map a property name to a context. A default property
|
||||
# rule indicated by an asterisk should follow all other property rules.
|
||||
#
|
||||
# Properties that normal clients may only read
|
||||
property _SELINUX_* system_u:object_r:seclabel_xproperty_t:s0
|
||||
|
||||
# Clipboard and selection properties
|
||||
property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t:s0
|
||||
|
||||
# Default fallback type
|
||||
property * system_u:object_r:xproperty_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Extensions
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Extension rules map an extension name to a context. A default extension
|
||||
# rule indicated by an asterisk should follow all other extension rules.
|
||||
#
|
||||
# Restricted extensions
|
||||
extension SELinux system_u:object_r:security_xextension_t:s0
|
||||
|
||||
# Standard extensions
|
||||
extension * system_u:object_r:xextension_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Selections
|
||||
##
|
||||
#
|
||||
|
||||
# Selection rules map a selection name to a context. A default selection
|
||||
# rule indicated by an asterisk should follow all other selection rules.
|
||||
#
|
||||
# Standard selections
|
||||
selection PRIMARY system_u:object_r:clipboard_xselection_t:s0
|
||||
selection CLIPBOARD system_u:object_r:clipboard_xselection_t:s0
|
||||
|
||||
# Default fallback type
|
||||
selection * system_u:object_r:xselection_t:s0
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Events
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Event rules map an event protocol name to a context. A default event
|
||||
# rule indicated by an asterisk should follow all other event rules.
|
||||
#
|
||||
# Input events
|
||||
event X11:KeyPress system_u:object_r:input_xevent_t:s0
|
||||
event X11:KeyRelease system_u:object_r:input_xevent_t:s0
|
||||
event X11:ButtonPress system_u:object_r:input_xevent_t:s0
|
||||
event X11:ButtonRelease system_u:object_r:input_xevent_t:s0
|
||||
event X11:MotionNotify system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceButtonRelease system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceMotionNotify system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t:s0
|
||||
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t:s0
|
||||
|
||||
# Client message events
|
||||
event X11:ClientMessage system_u:object_r:client_xevent_t:s0
|
||||
event X11:SelectionNotify system_u:object_r:client_xevent_t:s0
|
||||
event X11:UnmapNotify system_u:object_r:client_xevent_t:s0
|
||||
event X11:ConfigureNotify system_u:object_r:client_xevent_t:s0
|
||||
|
||||
# Default fallback type
|
||||
event * system_u:object_r:xevent_t:s0
|
||||
@ -1,7 +0,0 @@
|
||||
system_r:crond_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:local_login_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:remote_login_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:sshd_t:s0 xguest_r:xguest_t:s0
|
||||
system_r:xdm_t:s0 xguest_r:xguest_t:s0
|
||||
xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
|
||||
@ -1,6 +0,0 @@
|
||||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<selinux>
|
||||
</selinux>
|
||||
</busconfig>
|
||||
@ -1,15 +0,0 @@
|
||||
system_r:crond_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_crond_t unconfined_r:unconfined_cronjob_t
|
||||
system_r:local_login_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
|
||||
system_r:remote_login_t user_r:user_t staff_r:staff_t unconfined_r:unconfined_t
|
||||
system_r:sshd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
|
||||
system_r:sulogin_t sysadm_r:sysadm_t
|
||||
system_r:xdm_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t
|
||||
|
||||
staff_r:staff_su_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
|
||||
staff_r:staff_sudo_t sysadm_r:sysadm_t staff_r:staff_t
|
||||
|
||||
sysadm_r:sysadm_su_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
|
||||
sysadm_r:sysadm_sudo_t sysadm_r:sysadm_t
|
||||
|
||||
user_r:user_su_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
|
||||
user_r:user_sudo_t sysadm_r:sysadm_t user_r:user_t
|
||||
@ -1,6 +0,0 @@
|
||||
auditadm_r:auditadm_t
|
||||
secadm_r:secadm_t
|
||||
sysadm_r:sysadm_t
|
||||
staff_r:staff_t
|
||||
unconfined_r:unconfined_t
|
||||
user_r:user_t
|
||||
@ -1 +0,0 @@
|
||||
sysadm_r:sysadm_t
|
||||
@ -1,7 +0,0 @@
|
||||
guest_r:guest_t guest_r:guest_t
|
||||
system_r:crond_t guest_r:guest_t
|
||||
system_r:initrc_su_t guest_r:guest_t
|
||||
system_r:local_login_t guest_r:guest_t
|
||||
system_r:remote_login_t guest_r:guest_t
|
||||
system_r:sshd_t guest_r:guest_t
|
||||
|
||||
@ -1 +0,0 @@
|
||||
system_u:system_r:initrc_t
|
||||
@ -1,3 +0,0 @@
|
||||
cdrom system_u:object_r:removable_device_t
|
||||
floppy system_u:object_r:removable_device_t
|
||||
disk system_u:object_r:fixed_disk_device_t
|
||||
@ -1 +0,0 @@
|
||||
system_u:object_r:removable_t
|
||||
@ -1,11 +0,0 @@
|
||||
system_r:crond_t unconfined_r:unconfined_t sysadm_r:cronjob_t staff_r:cronjob_t user_r:cronjob_t
|
||||
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
|
||||
|
||||
staff_r:staff_su_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
|
||||
sysadm_r:sysadm_su_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
|
||||
user_r:user_su_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
|
||||
|
||||
#
|
||||
# Uncomment if you want to automatically login as sysadm_r
|
||||
#
|
||||
#system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
|
||||
@ -1 +0,0 @@
|
||||
user_tty_device_t
|
||||
@ -1,3 +0,0 @@
|
||||
system_u:system_u
|
||||
root:root
|
||||
__default__:user_u
|
||||
@ -1,10 +0,0 @@
|
||||
system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t
|
||||
system_r:remote_login_t staff_r:staff_t
|
||||
system_r:sshd_t staff_r:staff_t sysadm_r:sysadm_t
|
||||
system_r:crond_t staff_r:cronjob_t
|
||||
system_r:xdm_t staff_r:staff_t
|
||||
staff_r:staff_su_t staff_r:staff_t
|
||||
staff_r:staff_sudo_t staff_r:staff_t
|
||||
sysadm_r:sysadm_su_t sysadm_r:sysadm_t
|
||||
sysadm_r:sysadm_sudo_t sysadm_r:sysadm_t
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
system_r:crond_t unconfined_r:unconfined_t unconfined_r:unconfined_cronjob_t
|
||||
system_r:initrc_t unconfined_r:unconfined_t
|
||||
system_r:local_login_t unconfined_r:unconfined_t
|
||||
system_r:remote_login_t unconfined_r:unconfined_t
|
||||
system_r:rshd_t unconfined_r:unconfined_t
|
||||
system_r:sshd_t unconfined_r:unconfined_t
|
||||
system_r:sysadm_su_t unconfined_r:unconfined_t
|
||||
system_r:unconfined_t unconfined_r:unconfined_t
|
||||
system_r:xdm_t unconfined_r:unconfined_t
|
||||
@ -1,8 +0,0 @@
|
||||
system_r:local_login_t user_r:user_t
|
||||
system_r:remote_login_t user_r:user_t
|
||||
system_r:sshd_t user_r:user_t
|
||||
system_r:crond_t user_r:cronjob_t
|
||||
system_r:xdm_t user_r:user_t
|
||||
user_r:user_su_t user_r:user_t
|
||||
user_r:user_sudo_t user_r:user_t
|
||||
|
||||
@ -1 +0,0 @@
|
||||
system_u:sysadm_r:sysadm_t
|
||||
@ -1,105 +0,0 @@
|
||||
#
|
||||
# Config file for XSELinux extension
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Clients
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# The default client rule defines a context to be used for all clients
|
||||
# connecting to the server from a remote host.
|
||||
#
|
||||
client * system_u:object_r:remote_t
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Properties
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Property rules map a property name to a context. A default property
|
||||
# rule indicated by an asterisk should follow all other property rules.
|
||||
#
|
||||
# Properties that normal clients may only read
|
||||
property _SELINUX_* system_u:object_r:seclabel_xproperty_t
|
||||
|
||||
# Clipboard and selection properties
|
||||
property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t
|
||||
|
||||
# Default fallback type
|
||||
property * system_u:object_r:xproperty_t
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Extensions
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Extension rules map an extension name to a context. A default extension
|
||||
# rule indicated by an asterisk should follow all other extension rules.
|
||||
#
|
||||
# Restricted extensions
|
||||
extension SELinux system_u:object_r:security_xextension_t
|
||||
|
||||
# Standard extensions
|
||||
extension * system_u:object_r:xextension_t
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Selections
|
||||
##
|
||||
#
|
||||
|
||||
# Selection rules map a selection name to a context. A default selection
|
||||
# rule indicated by an asterisk should follow all other selection rules.
|
||||
#
|
||||
# Standard selections
|
||||
selection PRIMARY system_u:object_r:clipboard_xselection_t
|
||||
selection CLIPBOARD system_u:object_r:clipboard_xselection_t
|
||||
|
||||
# Default fallback type
|
||||
selection * system_u:object_r:xselection_t
|
||||
|
||||
|
||||
#
|
||||
##
|
||||
### Rules for X Events
|
||||
##
|
||||
#
|
||||
|
||||
#
|
||||
# Event rules map an event protocol name to a context. A default event
|
||||
# rule indicated by an asterisk should follow all other event rules.
|
||||
#
|
||||
# Input events
|
||||
event X11:KeyPress system_u:object_r:input_xevent_t
|
||||
event X11:KeyRelease system_u:object_r:input_xevent_t
|
||||
event X11:ButtonPress system_u:object_r:input_xevent_t
|
||||
event X11:ButtonRelease system_u:object_r:input_xevent_t
|
||||
event X11:MotionNotify system_u:object_r:input_xevent_t
|
||||
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t
|
||||
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t
|
||||
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t
|
||||
event XInputExtension:DeviceButtonRelease system_u:object_r:input_xevent_t
|
||||
event XInputExtension:DeviceMotionNotify system_u:object_r:input_xevent_t
|
||||
event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t
|
||||
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t
|
||||
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t
|
||||
|
||||
# Client message events
|
||||
event X11:ClientMessage system_u:object_r:client_xevent_t
|
||||
event X11:SelectionNotify system_u:object_r:client_xevent_t
|
||||
event X11:UnmapNotify system_u:object_r:client_xevent_t
|
||||
event X11:ConfigureNotify system_u:object_r:client_xevent_t
|
||||
|
||||
# Default fallback type
|
||||
event * system_u:object_r:xevent_t
|
||||
@ -1,7 +0,0 @@
|
||||
system_r:crond_t xguest_r:xguest_t
|
||||
system_r:initrc_su_t xguest_r:xguest_t
|
||||
system_r:local_login_t xguest_r:xguest_t
|
||||
system_r:remote_login_t xguest_r:xguest_t
|
||||
system_r:sshd_t xguest_r:xguest_t
|
||||
system_r:xdm_t xguest_r:xguest_t
|
||||
xguest_r:xguest_t xguest_r:xguest_t
|
||||
@ -1,21 +0,0 @@
|
||||
##################################
|
||||
#
|
||||
# User configuration.
|
||||
#
|
||||
# This file defines additional users recognized by the system security policy.
|
||||
# Only the user identities defined in this file and the system.users file
|
||||
# may be used as the user attribute in a security context.
|
||||
#
|
||||
# Each user has a set of roles that may be entered by processes
|
||||
# with the users identity. The syntax of a user declaration is:
|
||||
#
|
||||
# user username roles role_set [ level default_level range allowed_range ];
|
||||
#
|
||||
# The MLS default level and allowed range should only be specified if
|
||||
# MLS was enabled in the policy.
|
||||
|
||||
# sample for administrative user
|
||||
# user jadmin roles { staff_r sysadm_r };
|
||||
|
||||
# sample for regular user
|
||||
#user jdoe roles { user_r };
|
||||
Loading…
Reference in New Issue
Block a user