- Merge with upstream
This commit is contained in:
Dan Walsh
parent
ba77266a14
commit
59475c2524
124
policy-F14.patch
124
policy-F14.patch
@ -7091,7 +7091,7 @@ index 3b2da10..7eed11d 100644
|
|||||||
+#
|
+#
|
||||||
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
|
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
|
||||||
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
|
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
|
||||||
index cac0c64..9223f7d 100644
|
index cac0c64..d0aaa1c 100644
|
||||||
--- a/policy/modules/kernel/devices.if
|
--- a/policy/modules/kernel/devices.if
|
||||||
+++ b/policy/modules/kernel/devices.if
|
+++ b/policy/modules/kernel/devices.if
|
||||||
@@ -461,6 +461,24 @@ interface(`dev_getattr_generic_chr_files',`
|
@@ -461,6 +461,24 @@ interface(`dev_getattr_generic_chr_files',`
|
||||||
@ -7287,7 +7287,32 @@ index cac0c64..9223f7d 100644
|
|||||||
## Get the attributes of sysfs directories.
|
## Get the attributes of sysfs directories.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -3851,6 +3995,24 @@ interface(`dev_read_usbmon_dev',`
|
@@ -3682,6 +3826,24 @@ interface(`dev_rw_sysfs',`
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
+## Allow caller to modify hardware state information.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`dev_manage_sysfs_dirs',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type sysfs_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ manage_dirs_pattern($1, sysfs_t, sysfs_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
## Read from pseudo random number generator devices (e.g., /dev/urandom).
|
||||||
|
## </summary>
|
||||||
|
## <desc>
|
||||||
|
@@ -3851,6 +4013,24 @@ interface(`dev_read_usbmon_dev',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -7312,7 +7337,7 @@ index cac0c64..9223f7d 100644
|
|||||||
## Mount a usbfs filesystem.
|
## Mount a usbfs filesystem.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -4161,11 +4323,10 @@ interface(`dev_write_video_dev',`
|
@@ -4161,11 +4341,10 @@ interface(`dev_write_video_dev',`
|
||||||
#
|
#
|
||||||
interface(`dev_rw_vhost',`
|
interface(`dev_rw_vhost',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -14184,7 +14209,7 @@ index 1cf6c4e..90c60df 100644
|
|||||||
-/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
|
-/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
|
||||||
-/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
|
-/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
|
||||||
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
|
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
|
||||||
index 293e08d..a57fe37 100644
|
index 293e08d..1bdfe84 100644
|
||||||
--- a/policy/modules/services/cobbler.if
|
--- a/policy/modules/services/cobbler.if
|
||||||
+++ b/policy/modules/services/cobbler.if
|
+++ b/policy/modules/services/cobbler.if
|
||||||
@@ -26,6 +26,7 @@ interface(`cobblerd_domtrans',`
|
@@ -26,6 +26,7 @@ interface(`cobblerd_domtrans',`
|
||||||
@ -14260,7 +14285,7 @@ index 293e08d..a57fe37 100644
|
|||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -137,12 +140,51 @@ interface(`cobbler_manage_lib_files',`
|
@@ -137,12 +140,33 @@ interface(`cobbler_manage_lib_files',`
|
||||||
type cobbler_var_lib_t;
|
type cobbler_var_lib_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -14272,24 +14297,6 @@ index 293e08d..a57fe37 100644
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
+## dontaudit read and write Cobbler log files.
|
|
||||||
+## </summary>
|
|
||||||
+## <param name="domain">
|
|
||||||
+## <summary>
|
|
||||||
+## Domain allowed access.
|
|
||||||
+## </summary>
|
|
||||||
+## </param>
|
|
||||||
+#
|
|
||||||
+interface(`cobbler_dontaudit_rw_log',`
|
|
||||||
+ gen_require(`
|
|
||||||
+ type cobbler_var_log_t;
|
|
||||||
+ ')
|
|
||||||
+
|
|
||||||
+ dontaudit $1 cobbler_var_log_t:file rw_inherited_files_perms;
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
+########################################
|
|
||||||
+## <summary>
|
|
||||||
+## Do not audit attempts to read and write
|
+## Do not audit attempts to read and write
|
||||||
+## Cobbler log files (leaked fd).
|
+## Cobbler log files (leaked fd).
|
||||||
+## </summary>
|
+## </summary>
|
||||||
@ -14312,7 +14319,7 @@ index 293e08d..a57fe37 100644
|
|||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
## an cobblerd environment
|
## an cobblerd environment
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -162,6 +204,9 @@ interface(`cobblerd_admin',`
|
@@ -162,6 +186,9 @@ interface(`cobblerd_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
|
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
|
||||||
type cobbler_etc_t, cobblerd_initrc_exec_t;
|
type cobbler_etc_t, cobblerd_initrc_exec_t;
|
||||||
@ -14322,7 +14329,7 @@ index 293e08d..a57fe37 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
allow $1 cobblerd_t:process { ptrace signal_perms getattr };
|
allow $1 cobblerd_t:process { ptrace signal_perms getattr };
|
||||||
@@ -176,10 +221,18 @@ interface(`cobblerd_admin',`
|
@@ -176,10 +203,18 @@ interface(`cobblerd_admin',`
|
||||||
logging_search_logs($1)
|
logging_search_logs($1)
|
||||||
admin_pattern($1, cobbler_var_log_t)
|
admin_pattern($1, cobbler_var_log_t)
|
||||||
|
|
||||||
@ -28994,7 +29001,7 @@ index f6aafe7..7da8294 100644
|
|||||||
+ allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
|
+ allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||||
index bd45076..cd266c0 100644
|
index bd45076..a1b6d56 100644
|
||||||
--- a/policy/modules/system/init.te
|
--- a/policy/modules/system/init.te
|
||||||
+++ b/policy/modules/system/init.te
|
+++ b/policy/modules/system/init.te
|
||||||
@@ -16,6 +16,27 @@ gen_require(`
|
@@ -16,6 +16,27 @@ gen_require(`
|
||||||
@ -29108,7 +29115,7 @@ index bd45076..cd266c0 100644
|
|||||||
corecmd_shell_domtrans(init_t, initrc_t)
|
corecmd_shell_domtrans(init_t, initrc_t)
|
||||||
',`
|
',`
|
||||||
# Run the shell in the sysadm role for single-user mode.
|
# Run the shell in the sysadm role for single-user mode.
|
||||||
@@ -185,15 +216,73 @@ tunable_policy(`init_upstart',`
|
@@ -185,15 +216,80 @@ tunable_policy(`init_upstart',`
|
||||||
sysadm_shell_domtrans(init_t)
|
sysadm_shell_domtrans(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -29116,7 +29123,7 @@ index bd45076..cd266c0 100644
|
|||||||
+modutils_domtrans_insmod(init_t)
|
+modutils_domtrans_insmod(init_t)
|
||||||
+
|
+
|
||||||
+tunable_policy(`init_systemd',`
|
+tunable_policy(`init_systemd',`
|
||||||
+ allow init_t self:unix_dgram_socket create_socket_perms;
|
+ allow init_t self:unix_dgram_socket { create_socket_perms sendto };
|
||||||
+ allow init_t self:process { setsockcreate setfscreate };
|
+ allow init_t self:process { setsockcreate setfscreate };
|
||||||
+ allow init_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
+ allow init_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||||
+ allow init_t self:netlink_kobject_uevent_socket create_socket_perms;
|
+ allow init_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||||
@ -29135,6 +29142,7 @@ index bd45076..cd266c0 100644
|
|||||||
+ dev_read_generic_chr_files(init_t)
|
+ dev_read_generic_chr_files(init_t)
|
||||||
+ dev_relabelfrom_generic_chr_files(init_t)
|
+ dev_relabelfrom_generic_chr_files(init_t)
|
||||||
+ dev_relabel_autofs_dev(init_t)
|
+ dev_relabel_autofs_dev(init_t)
|
||||||
|
+ dev_manage_sysfs_dirs(init_t)
|
||||||
+
|
+
|
||||||
+ files_mounton_all_mountpoints(init_t)
|
+ files_mounton_all_mountpoints(init_t)
|
||||||
+ files_manage_all_pids_dirs(init_t)
|
+ files_manage_all_pids_dirs(init_t)
|
||||||
@ -29145,16 +29153,22 @@ index bd45076..cd266c0 100644
|
|||||||
+ fs_list_auto_mountpoints(init_t)
|
+ fs_list_auto_mountpoints(init_t)
|
||||||
+ fs_read_cgroup_files(init_t)
|
+ fs_read_cgroup_files(init_t)
|
||||||
+ fs_write_cgroup_files(init_t)
|
+ fs_write_cgroup_files(init_t)
|
||||||
|
+ fs_search_cgroup_dirs(daemon)
|
||||||
+
|
+
|
||||||
+ selinux_compute_create_context(init_t)
|
+ selinux_compute_create_context(init_t)
|
||||||
+ selinux_validate_context(init_t)
|
+ selinux_validate_context(init_t)
|
||||||
+ selinux_unmount_fs(init_t)
|
+ selinux_unmount_fs(init_t)
|
||||||
+
|
+
|
||||||
|
+ storage_getattr_removable_dev(init_t)
|
||||||
|
+
|
||||||
+ init_read_script_state(init_t)
|
+ init_read_script_state(init_t)
|
||||||
+
|
+
|
||||||
+ seutil_read_file_contexts(init_t)
|
+ seutil_read_file_contexts(init_t)
|
||||||
+
|
+
|
||||||
+ storage_getattr_removable_dev(init_t)
|
+ optional_policy(`
|
||||||
|
+ plymouthd_stream_connect(init_t)
|
||||||
|
+ plymouthd_exec_plymouth(init_t)
|
||||||
|
+ ')
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29182,7 +29196,7 @@ index bd45076..cd266c0 100644
|
|||||||
nscd_socket_use(init_t)
|
nscd_socket_use(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -202,6 +291,10 @@ optional_policy(`
|
@@ -202,6 +298,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29193,7 +29207,7 @@ index bd45076..cd266c0 100644
|
|||||||
unconfined_domain(init_t)
|
unconfined_domain(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -211,7 +304,7 @@ optional_policy(`
|
@@ -211,7 +311,7 @@ optional_policy(`
|
||||||
#
|
#
|
||||||
|
|
||||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||||
@ -29202,7 +29216,7 @@ index bd45076..cd266c0 100644
|
|||||||
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
|
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
|
||||||
allow initrc_t self:passwd rootok;
|
allow initrc_t self:passwd rootok;
|
||||||
allow initrc_t self:key manage_key_perms;
|
allow initrc_t self:key manage_key_perms;
|
||||||
@@ -240,6 +333,7 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
@@ -240,6 +340,7 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
||||||
|
|
||||||
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
||||||
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
||||||
@ -29210,7 +29224,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
can_exec(initrc_t, initrc_tmp_t)
|
can_exec(initrc_t, initrc_tmp_t)
|
||||||
manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
|
manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
|
||||||
@@ -257,11 +351,22 @@ kernel_change_ring_buffer_level(initrc_t)
|
@@ -257,11 +358,22 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||||
kernel_clear_ring_buffer(initrc_t)
|
kernel_clear_ring_buffer(initrc_t)
|
||||||
kernel_get_sysvipc_info(initrc_t)
|
kernel_get_sysvipc_info(initrc_t)
|
||||||
kernel_read_all_sysctls(initrc_t)
|
kernel_read_all_sysctls(initrc_t)
|
||||||
@ -29233,7 +29247,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
corecmd_exec_all_executables(initrc_t)
|
corecmd_exec_all_executables(initrc_t)
|
||||||
|
|
||||||
@@ -297,11 +402,13 @@ dev_manage_generic_files(initrc_t)
|
@@ -297,11 +409,13 @@ dev_manage_generic_files(initrc_t)
|
||||||
dev_delete_generic_symlinks(initrc_t)
|
dev_delete_generic_symlinks(initrc_t)
|
||||||
dev_getattr_all_blk_files(initrc_t)
|
dev_getattr_all_blk_files(initrc_t)
|
||||||
dev_getattr_all_chr_files(initrc_t)
|
dev_getattr_all_chr_files(initrc_t)
|
||||||
@ -29247,7 +29261,7 @@ index bd45076..cd266c0 100644
|
|||||||
domain_sigchld_all_domains(initrc_t)
|
domain_sigchld_all_domains(initrc_t)
|
||||||
domain_read_all_domains_state(initrc_t)
|
domain_read_all_domains_state(initrc_t)
|
||||||
domain_getattr_all_domains(initrc_t)
|
domain_getattr_all_domains(initrc_t)
|
||||||
@@ -320,8 +427,10 @@ files_getattr_all_symlinks(initrc_t)
|
@@ -320,8 +434,10 @@ files_getattr_all_symlinks(initrc_t)
|
||||||
files_getattr_all_pipes(initrc_t)
|
files_getattr_all_pipes(initrc_t)
|
||||||
files_getattr_all_sockets(initrc_t)
|
files_getattr_all_sockets(initrc_t)
|
||||||
files_purge_tmp(initrc_t)
|
files_purge_tmp(initrc_t)
|
||||||
@ -29259,7 +29273,7 @@ index bd45076..cd266c0 100644
|
|||||||
files_delete_all_pids(initrc_t)
|
files_delete_all_pids(initrc_t)
|
||||||
files_delete_all_pid_dirs(initrc_t)
|
files_delete_all_pid_dirs(initrc_t)
|
||||||
files_read_etc_files(initrc_t)
|
files_read_etc_files(initrc_t)
|
||||||
@@ -337,8 +446,12 @@ files_list_isid_type_dirs(initrc_t)
|
@@ -337,8 +453,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||||
files_mounton_isid_type_dirs(initrc_t)
|
files_mounton_isid_type_dirs(initrc_t)
|
||||||
files_list_default(initrc_t)
|
files_list_default(initrc_t)
|
||||||
files_mounton_default(initrc_t)
|
files_mounton_default(initrc_t)
|
||||||
@ -29273,7 +29287,7 @@ index bd45076..cd266c0 100644
|
|||||||
fs_list_inotifyfs(initrc_t)
|
fs_list_inotifyfs(initrc_t)
|
||||||
fs_register_binary_executable_type(initrc_t)
|
fs_register_binary_executable_type(initrc_t)
|
||||||
# rhgb-console writes to ramfs
|
# rhgb-console writes to ramfs
|
||||||
@@ -348,6 +461,8 @@ fs_mount_all_fs(initrc_t)
|
@@ -348,6 +468,8 @@ fs_mount_all_fs(initrc_t)
|
||||||
fs_unmount_all_fs(initrc_t)
|
fs_unmount_all_fs(initrc_t)
|
||||||
fs_remount_all_fs(initrc_t)
|
fs_remount_all_fs(initrc_t)
|
||||||
fs_getattr_all_fs(initrc_t)
|
fs_getattr_all_fs(initrc_t)
|
||||||
@ -29282,7 +29296,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
# initrc_t needs to do a pidof which requires ptrace
|
# initrc_t needs to do a pidof which requires ptrace
|
||||||
mcs_ptrace_all(initrc_t)
|
mcs_ptrace_all(initrc_t)
|
||||||
@@ -360,6 +475,7 @@ mls_process_read_up(initrc_t)
|
@@ -360,6 +482,7 @@ mls_process_read_up(initrc_t)
|
||||||
mls_process_write_down(initrc_t)
|
mls_process_write_down(initrc_t)
|
||||||
mls_rangetrans_source(initrc_t)
|
mls_rangetrans_source(initrc_t)
|
||||||
mls_fd_share_all_levels(initrc_t)
|
mls_fd_share_all_levels(initrc_t)
|
||||||
@ -29290,7 +29304,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
selinux_get_enforce_mode(initrc_t)
|
selinux_get_enforce_mode(initrc_t)
|
||||||
|
|
||||||
@@ -391,13 +507,14 @@ logging_read_audit_config(initrc_t)
|
@@ -391,13 +514,14 @@ logging_read_audit_config(initrc_t)
|
||||||
|
|
||||||
miscfiles_read_localization(initrc_t)
|
miscfiles_read_localization(initrc_t)
|
||||||
# slapd needs to read cert files from its initscript
|
# slapd needs to read cert files from its initscript
|
||||||
@ -29306,7 +29320,7 @@ index bd45076..cd266c0 100644
|
|||||||
userdom_read_user_home_content_files(initrc_t)
|
userdom_read_user_home_content_files(initrc_t)
|
||||||
# Allow access to the sysadm TTYs. Note that this will give access to the
|
# Allow access to the sysadm TTYs. Note that this will give access to the
|
||||||
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
|
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
|
||||||
@@ -470,7 +587,7 @@ ifdef(`distro_redhat',`
|
@@ -470,7 +594,7 @@ ifdef(`distro_redhat',`
|
||||||
|
|
||||||
# Red Hat systems seem to have a stray
|
# Red Hat systems seem to have a stray
|
||||||
# fd open from the initrd
|
# fd open from the initrd
|
||||||
@ -29315,7 +29329,7 @@ index bd45076..cd266c0 100644
|
|||||||
files_dontaudit_read_root_files(initrc_t)
|
files_dontaudit_read_root_files(initrc_t)
|
||||||
|
|
||||||
# These seem to be from the initrd
|
# These seem to be from the initrd
|
||||||
@@ -516,6 +633,19 @@ ifdef(`distro_redhat',`
|
@@ -516,6 +640,19 @@ ifdef(`distro_redhat',`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
bind_manage_config_dirs(initrc_t)
|
bind_manage_config_dirs(initrc_t)
|
||||||
bind_write_config(initrc_t)
|
bind_write_config(initrc_t)
|
||||||
@ -29335,7 +29349,7 @@ index bd45076..cd266c0 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -523,10 +653,17 @@ ifdef(`distro_redhat',`
|
@@ -523,10 +660,17 @@ ifdef(`distro_redhat',`
|
||||||
rpc_write_exports(initrc_t)
|
rpc_write_exports(initrc_t)
|
||||||
rpc_manage_nfs_state_data(initrc_t)
|
rpc_manage_nfs_state_data(initrc_t)
|
||||||
')
|
')
|
||||||
@ -29353,7 +29367,7 @@ index bd45076..cd266c0 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -541,6 +678,35 @@ ifdef(`distro_suse',`
|
@@ -541,6 +685,35 @@ ifdef(`distro_suse',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -29389,7 +29403,7 @@ index bd45076..cd266c0 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -553,6 +719,8 @@ optional_policy(`
|
@@ -553,6 +726,8 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_read_config(initrc_t)
|
apache_read_config(initrc_t)
|
||||||
apache_list_modules(initrc_t)
|
apache_list_modules(initrc_t)
|
||||||
@ -29398,7 +29412,7 @@ index bd45076..cd266c0 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -569,6 +737,7 @@ optional_policy(`
|
@@ -569,6 +744,7 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cgroup_stream_connect_cgred(initrc_t)
|
cgroup_stream_connect_cgred(initrc_t)
|
||||||
@ -29406,7 +29420,7 @@ index bd45076..cd266c0 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -581,6 +750,11 @@ optional_policy(`
|
@@ -581,6 +757,11 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29418,7 +29432,7 @@ index bd45076..cd266c0 100644
|
|||||||
dev_getattr_printer_dev(initrc_t)
|
dev_getattr_printer_dev(initrc_t)
|
||||||
|
|
||||||
cups_read_log(initrc_t)
|
cups_read_log(initrc_t)
|
||||||
@@ -597,6 +771,7 @@ optional_policy(`
|
@@ -597,6 +778,7 @@ optional_policy(`
|
||||||
dbus_connect_system_bus(initrc_t)
|
dbus_connect_system_bus(initrc_t)
|
||||||
dbus_system_bus_client(initrc_t)
|
dbus_system_bus_client(initrc_t)
|
||||||
dbus_read_config(initrc_t)
|
dbus_read_config(initrc_t)
|
||||||
@ -29426,7 +29440,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
consolekit_dbus_chat(initrc_t)
|
consolekit_dbus_chat(initrc_t)
|
||||||
@@ -698,7 +873,12 @@ optional_policy(`
|
@@ -698,7 +880,12 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29439,7 +29453,7 @@ index bd45076..cd266c0 100644
|
|||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -721,6 +901,10 @@ optional_policy(`
|
@@ -721,6 +908,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29450,7 +29464,7 @@ index bd45076..cd266c0 100644
|
|||||||
postgresql_manage_db(initrc_t)
|
postgresql_manage_db(initrc_t)
|
||||||
postgresql_read_config(initrc_t)
|
postgresql_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -742,6 +926,10 @@ optional_policy(`
|
@@ -742,6 +933,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29461,7 +29475,7 @@ index bd45076..cd266c0 100644
|
|||||||
fs_write_ramfs_sockets(initrc_t)
|
fs_write_ramfs_sockets(initrc_t)
|
||||||
fs_search_ramfs(initrc_t)
|
fs_search_ramfs(initrc_t)
|
||||||
|
|
||||||
@@ -763,8 +951,6 @@ optional_policy(`
|
@@ -763,8 +958,6 @@ optional_policy(`
|
||||||
# bash tries ioctl for some reason
|
# bash tries ioctl for some reason
|
||||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||||
|
|
||||||
@ -29470,7 +29484,7 @@ index bd45076..cd266c0 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -773,14 +959,21 @@ optional_policy(`
|
@@ -773,14 +966,21 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29492,7 +29506,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_dontaudit_read_server_keys(initrc_t)
|
ssh_dontaudit_read_server_keys(initrc_t)
|
||||||
@@ -802,11 +995,19 @@ optional_policy(`
|
@@ -802,11 +1002,19 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29513,7 +29527,7 @@ index bd45076..cd266c0 100644
|
|||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
# system-config-services causes avc messages that should be dontaudited
|
# system-config-services causes avc messages that should be dontaudited
|
||||||
@@ -816,6 +1017,25 @@ optional_policy(`
|
@@ -816,6 +1024,25 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mono_domtrans(initrc_t)
|
mono_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@ -29539,7 +29553,7 @@ index bd45076..cd266c0 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -841,3 +1061,55 @@ optional_policy(`
|
@@ -841,3 +1068,55 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user