* Mon May 16 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-190
- Label /var/log/ganesha.log as gluster_log_t Allow glusterd_t domain to create glusterd_log_t files. Label /var/run/ganesha.pid as gluster_var_run_t. - Allow zabbix to connect to postgresql port - Label /usr/libexec/openssh/sshd-keygen as sshd_keygen_exec_t. BZ(1335149) - Allow systemd to read efivarfs. Resolve: #121
This commit is contained in:
parent
a2f43d9c50
commit
5e78b00393
Binary file not shown.
@ -27728,10 +27728,10 @@ index 0306134..bb5f3dd 100644
|
|||||||
+ ')
|
+ ')
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
|
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
|
||||||
index 76d9f66..5c271ce 100644
|
index 76d9f66..7528851 100644
|
||||||
--- a/policy/modules/services/ssh.fc
|
--- a/policy/modules/services/ssh.fc
|
||||||
+++ b/policy/modules/services/ssh.fc
|
+++ b/policy/modules/services/ssh.fc
|
||||||
@@ -1,16 +1,41 @@
|
@@ -1,16 +1,42 @@
|
||||||
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
|
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
|
||||||
+HOME_DIR/\.ansible/cp/.* -s gen_context(system_u:object_r:ssh_home_t,s0)
|
+HOME_DIR/\.ansible/cp/.* -s gen_context(system_u:object_r:ssh_home_t,s0)
|
||||||
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
|
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
|
||||||
@ -27765,6 +27765,7 @@ index 76d9f66..5c271ce 100644
|
|||||||
|
|
||||||
+/usr/libexec/nm-ssh-service -- gen_context(system_u:object_r:ssh_exec_t,s0)
|
+/usr/libexec/nm-ssh-service -- gen_context(system_u:object_r:ssh_exec_t,s0)
|
||||||
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||||
|
+/usr/libexec/openssh/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
|
||||||
|
|
||||||
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
|
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
|
||||||
+/usr/sbin/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
|
+/usr/sbin/sshd-keygen -- gen_context(system_u:object_r:sshd_keygen_exec_t,s0)
|
||||||
@ -36657,7 +36658,7 @@ index 79a45f6..e69fa39 100644
|
|||||||
+ allow $1 init_var_lib_t:dir search_dir_perms;
|
+ allow $1 init_var_lib_t:dir search_dir_perms;
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||||
index 17eda24..1522b3c 100644
|
index 17eda24..09abd53 100644
|
||||||
--- a/policy/modules/system/init.te
|
--- a/policy/modules/system/init.te
|
||||||
+++ b/policy/modules/system/init.te
|
+++ b/policy/modules/system/init.te
|
||||||
@@ -11,10 +11,31 @@ gen_require(`
|
@@ -11,10 +11,31 @@ gen_require(`
|
||||||
@ -36882,9 +36883,12 @@ index 17eda24..1522b3c 100644
|
|||||||
# file descriptors inherited from the rootfs:
|
# file descriptors inherited from the rootfs:
|
||||||
files_dontaudit_rw_root_files(init_t)
|
files_dontaudit_rw_root_files(init_t)
|
||||||
files_dontaudit_rw_root_chr_files(init_t)
|
files_dontaudit_rw_root_chr_files(init_t)
|
||||||
@@ -156,28 +257,64 @@ fs_list_inotifyfs(init_t)
|
@@ -155,29 +256,67 @@ fs_list_inotifyfs(init_t)
|
||||||
|
# cjp: this may be related to /dev/log
|
||||||
fs_write_ramfs_sockets(init_t)
|
fs_write_ramfs_sockets(init_t)
|
||||||
|
|
||||||
|
+fs_read_efivarfs_files(init_t)
|
||||||
|
+
|
||||||
mcs_process_set_categories(init_t)
|
mcs_process_set_categories(init_t)
|
||||||
-mcs_killall(init_t)
|
-mcs_killall(init_t)
|
||||||
|
|
||||||
@ -36952,7 +36956,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
allow init_t self:process { getcap setcap };
|
allow init_t self:process { getcap setcap };
|
||||||
@@ -186,29 +323,252 @@ ifdef(`distro_gentoo',`
|
@@ -186,29 +325,252 @@ ifdef(`distro_gentoo',`
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@ -37214,7 +37218,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -216,7 +576,30 @@ optional_policy(`
|
@@ -216,7 +578,30 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37246,7 +37250,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -225,9 +608,9 @@ optional_policy(`
|
@@ -225,9 +610,9 @@ optional_policy(`
|
||||||
#
|
#
|
||||||
|
|
||||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||||
@ -37258,7 +37262,7 @@ index 17eda24..1522b3c 100644
|
|||||||
allow initrc_t self:passwd rootok;
|
allow initrc_t self:passwd rootok;
|
||||||
allow initrc_t self:key manage_key_perms;
|
allow initrc_t self:key manage_key_perms;
|
||||||
|
|
||||||
@@ -258,12 +641,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
@@ -258,12 +643,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
||||||
|
|
||||||
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
||||||
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
||||||
@ -37275,7 +37279,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
||||||
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
||||||
@@ -279,23 +666,36 @@ kernel_change_ring_buffer_level(initrc_t)
|
@@ -279,23 +668,36 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||||
kernel_clear_ring_buffer(initrc_t)
|
kernel_clear_ring_buffer(initrc_t)
|
||||||
kernel_get_sysvipc_info(initrc_t)
|
kernel_get_sysvipc_info(initrc_t)
|
||||||
kernel_read_all_sysctls(initrc_t)
|
kernel_read_all_sysctls(initrc_t)
|
||||||
@ -37318,7 +37322,7 @@ index 17eda24..1522b3c 100644
|
|||||||
corenet_tcp_sendrecv_all_ports(initrc_t)
|
corenet_tcp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_udp_sendrecv_all_ports(initrc_t)
|
corenet_udp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_tcp_connect_all_ports(initrc_t)
|
corenet_tcp_connect_all_ports(initrc_t)
|
||||||
@@ -303,9 +703,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
@@ -303,9 +705,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
||||||
|
|
||||||
dev_read_rand(initrc_t)
|
dev_read_rand(initrc_t)
|
||||||
dev_read_urand(initrc_t)
|
dev_read_urand(initrc_t)
|
||||||
@ -37330,7 +37334,7 @@ index 17eda24..1522b3c 100644
|
|||||||
dev_rw_sysfs(initrc_t)
|
dev_rw_sysfs(initrc_t)
|
||||||
dev_list_usbfs(initrc_t)
|
dev_list_usbfs(initrc_t)
|
||||||
dev_read_framebuffer(initrc_t)
|
dev_read_framebuffer(initrc_t)
|
||||||
@@ -313,8 +715,10 @@ dev_write_framebuffer(initrc_t)
|
@@ -313,8 +717,10 @@ dev_write_framebuffer(initrc_t)
|
||||||
dev_read_realtime_clock(initrc_t)
|
dev_read_realtime_clock(initrc_t)
|
||||||
dev_read_sound_mixer(initrc_t)
|
dev_read_sound_mixer(initrc_t)
|
||||||
dev_write_sound_mixer(initrc_t)
|
dev_write_sound_mixer(initrc_t)
|
||||||
@ -37341,7 +37345,7 @@ index 17eda24..1522b3c 100644
|
|||||||
dev_delete_lvm_control_dev(initrc_t)
|
dev_delete_lvm_control_dev(initrc_t)
|
||||||
dev_manage_generic_symlinks(initrc_t)
|
dev_manage_generic_symlinks(initrc_t)
|
||||||
dev_manage_generic_files(initrc_t)
|
dev_manage_generic_files(initrc_t)
|
||||||
@@ -322,8 +726,7 @@ dev_manage_generic_files(initrc_t)
|
@@ -322,8 +728,7 @@ dev_manage_generic_files(initrc_t)
|
||||||
dev_delete_generic_symlinks(initrc_t)
|
dev_delete_generic_symlinks(initrc_t)
|
||||||
dev_getattr_all_blk_files(initrc_t)
|
dev_getattr_all_blk_files(initrc_t)
|
||||||
dev_getattr_all_chr_files(initrc_t)
|
dev_getattr_all_chr_files(initrc_t)
|
||||||
@ -37351,7 +37355,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
domain_kill_all_domains(initrc_t)
|
domain_kill_all_domains(initrc_t)
|
||||||
domain_signal_all_domains(initrc_t)
|
domain_signal_all_domains(initrc_t)
|
||||||
@@ -332,7 +735,6 @@ domain_sigstop_all_domains(initrc_t)
|
@@ -332,7 +737,6 @@ domain_sigstop_all_domains(initrc_t)
|
||||||
domain_sigchld_all_domains(initrc_t)
|
domain_sigchld_all_domains(initrc_t)
|
||||||
domain_read_all_domains_state(initrc_t)
|
domain_read_all_domains_state(initrc_t)
|
||||||
domain_getattr_all_domains(initrc_t)
|
domain_getattr_all_domains(initrc_t)
|
||||||
@ -37359,7 +37363,7 @@ index 17eda24..1522b3c 100644
|
|||||||
domain_getsession_all_domains(initrc_t)
|
domain_getsession_all_domains(initrc_t)
|
||||||
domain_use_interactive_fds(initrc_t)
|
domain_use_interactive_fds(initrc_t)
|
||||||
# for lsof which is used by alsa shutdown:
|
# for lsof which is used by alsa shutdown:
|
||||||
@@ -340,6 +742,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
@@ -340,6 +744,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_pipes(initrc_t)
|
domain_dontaudit_getattr_all_pipes(initrc_t)
|
||||||
@ -37367,7 +37371,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
files_getattr_all_dirs(initrc_t)
|
files_getattr_all_dirs(initrc_t)
|
||||||
files_getattr_all_files(initrc_t)
|
files_getattr_all_files(initrc_t)
|
||||||
@@ -347,14 +750,15 @@ files_getattr_all_symlinks(initrc_t)
|
@@ -347,14 +752,15 @@ files_getattr_all_symlinks(initrc_t)
|
||||||
files_getattr_all_pipes(initrc_t)
|
files_getattr_all_pipes(initrc_t)
|
||||||
files_getattr_all_sockets(initrc_t)
|
files_getattr_all_sockets(initrc_t)
|
||||||
files_purge_tmp(initrc_t)
|
files_purge_tmp(initrc_t)
|
||||||
@ -37385,7 +37389,7 @@ index 17eda24..1522b3c 100644
|
|||||||
files_read_usr_files(initrc_t)
|
files_read_usr_files(initrc_t)
|
||||||
files_manage_urandom_seed(initrc_t)
|
files_manage_urandom_seed(initrc_t)
|
||||||
files_manage_generic_spool(initrc_t)
|
files_manage_generic_spool(initrc_t)
|
||||||
@@ -364,8 +768,12 @@ files_list_isid_type_dirs(initrc_t)
|
@@ -364,8 +770,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||||
files_mounton_isid_type_dirs(initrc_t)
|
files_mounton_isid_type_dirs(initrc_t)
|
||||||
files_list_default(initrc_t)
|
files_list_default(initrc_t)
|
||||||
files_mounton_default(initrc_t)
|
files_mounton_default(initrc_t)
|
||||||
@ -37399,7 +37403,7 @@ index 17eda24..1522b3c 100644
|
|||||||
fs_list_inotifyfs(initrc_t)
|
fs_list_inotifyfs(initrc_t)
|
||||||
fs_register_binary_executable_type(initrc_t)
|
fs_register_binary_executable_type(initrc_t)
|
||||||
# rhgb-console writes to ramfs
|
# rhgb-console writes to ramfs
|
||||||
@@ -375,10 +783,11 @@ fs_mount_all_fs(initrc_t)
|
@@ -375,10 +785,11 @@ fs_mount_all_fs(initrc_t)
|
||||||
fs_unmount_all_fs(initrc_t)
|
fs_unmount_all_fs(initrc_t)
|
||||||
fs_remount_all_fs(initrc_t)
|
fs_remount_all_fs(initrc_t)
|
||||||
fs_getattr_all_fs(initrc_t)
|
fs_getattr_all_fs(initrc_t)
|
||||||
@ -37413,7 +37417,7 @@ index 17eda24..1522b3c 100644
|
|||||||
mcs_process_set_categories(initrc_t)
|
mcs_process_set_categories(initrc_t)
|
||||||
|
|
||||||
mls_file_read_all_levels(initrc_t)
|
mls_file_read_all_levels(initrc_t)
|
||||||
@@ -387,8 +796,10 @@ mls_process_read_up(initrc_t)
|
@@ -387,8 +798,10 @@ mls_process_read_up(initrc_t)
|
||||||
mls_process_write_down(initrc_t)
|
mls_process_write_down(initrc_t)
|
||||||
mls_rangetrans_source(initrc_t)
|
mls_rangetrans_source(initrc_t)
|
||||||
mls_fd_share_all_levels(initrc_t)
|
mls_fd_share_all_levels(initrc_t)
|
||||||
@ -37424,7 +37428,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
storage_getattr_fixed_disk_dev(initrc_t)
|
storage_getattr_fixed_disk_dev(initrc_t)
|
||||||
storage_setattr_fixed_disk_dev(initrc_t)
|
storage_setattr_fixed_disk_dev(initrc_t)
|
||||||
@@ -398,6 +809,7 @@ term_use_all_terms(initrc_t)
|
@@ -398,6 +811,7 @@ term_use_all_terms(initrc_t)
|
||||||
term_reset_tty_labels(initrc_t)
|
term_reset_tty_labels(initrc_t)
|
||||||
|
|
||||||
auth_rw_login_records(initrc_t)
|
auth_rw_login_records(initrc_t)
|
||||||
@ -37432,7 +37436,7 @@ index 17eda24..1522b3c 100644
|
|||||||
auth_setattr_login_records(initrc_t)
|
auth_setattr_login_records(initrc_t)
|
||||||
auth_rw_lastlog(initrc_t)
|
auth_rw_lastlog(initrc_t)
|
||||||
auth_read_pam_pid(initrc_t)
|
auth_read_pam_pid(initrc_t)
|
||||||
@@ -416,20 +828,18 @@ logging_read_all_logs(initrc_t)
|
@@ -416,20 +830,18 @@ logging_read_all_logs(initrc_t)
|
||||||
logging_append_all_logs(initrc_t)
|
logging_append_all_logs(initrc_t)
|
||||||
logging_read_audit_config(initrc_t)
|
logging_read_audit_config(initrc_t)
|
||||||
|
|
||||||
@ -37456,7 +37460,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
dev_setattr_generic_dirs(initrc_t)
|
dev_setattr_generic_dirs(initrc_t)
|
||||||
@@ -451,7 +861,6 @@ ifdef(`distro_gentoo',`
|
@@ -451,7 +863,6 @@ ifdef(`distro_gentoo',`
|
||||||
allow initrc_t self:process setfscreate;
|
allow initrc_t self:process setfscreate;
|
||||||
dev_create_null_dev(initrc_t)
|
dev_create_null_dev(initrc_t)
|
||||||
dev_create_zero_dev(initrc_t)
|
dev_create_zero_dev(initrc_t)
|
||||||
@ -37464,7 +37468,7 @@ index 17eda24..1522b3c 100644
|
|||||||
term_create_console_dev(initrc_t)
|
term_create_console_dev(initrc_t)
|
||||||
|
|
||||||
# unfortunately /sbin/rc does stupid tricks
|
# unfortunately /sbin/rc does stupid tricks
|
||||||
@@ -486,6 +895,10 @@ ifdef(`distro_gentoo',`
|
@@ -486,6 +897,10 @@ ifdef(`distro_gentoo',`
|
||||||
sysnet_setattr_config(initrc_t)
|
sysnet_setattr_config(initrc_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37475,7 +37479,7 @@ index 17eda24..1522b3c 100644
|
|||||||
alsa_read_lib(initrc_t)
|
alsa_read_lib(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -506,7 +919,7 @@ ifdef(`distro_redhat',`
|
@@ -506,7 +921,7 @@ ifdef(`distro_redhat',`
|
||||||
|
|
||||||
# Red Hat systems seem to have a stray
|
# Red Hat systems seem to have a stray
|
||||||
# fd open from the initrd
|
# fd open from the initrd
|
||||||
@ -37484,7 +37488,7 @@ index 17eda24..1522b3c 100644
|
|||||||
files_dontaudit_read_root_files(initrc_t)
|
files_dontaudit_read_root_files(initrc_t)
|
||||||
|
|
||||||
# These seem to be from the initrd
|
# These seem to be from the initrd
|
||||||
@@ -521,6 +934,7 @@ ifdef(`distro_redhat',`
|
@@ -521,6 +936,7 @@ ifdef(`distro_redhat',`
|
||||||
files_create_boot_dirs(initrc_t)
|
files_create_boot_dirs(initrc_t)
|
||||||
files_create_boot_flag(initrc_t)
|
files_create_boot_flag(initrc_t)
|
||||||
files_rw_boot_symlinks(initrc_t)
|
files_rw_boot_symlinks(initrc_t)
|
||||||
@ -37492,7 +37496,7 @@ index 17eda24..1522b3c 100644
|
|||||||
# wants to read /.fonts directory
|
# wants to read /.fonts directory
|
||||||
files_read_default_files(initrc_t)
|
files_read_default_files(initrc_t)
|
||||||
files_mountpoint(initrc_tmp_t)
|
files_mountpoint(initrc_tmp_t)
|
||||||
@@ -541,6 +955,7 @@ ifdef(`distro_redhat',`
|
@@ -541,6 +957,7 @@ ifdef(`distro_redhat',`
|
||||||
miscfiles_rw_localization(initrc_t)
|
miscfiles_rw_localization(initrc_t)
|
||||||
miscfiles_setattr_localization(initrc_t)
|
miscfiles_setattr_localization(initrc_t)
|
||||||
miscfiles_relabel_localization(initrc_t)
|
miscfiles_relabel_localization(initrc_t)
|
||||||
@ -37500,7 +37504,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
miscfiles_read_fonts(initrc_t)
|
miscfiles_read_fonts(initrc_t)
|
||||||
miscfiles_read_hwdata(initrc_t)
|
miscfiles_read_hwdata(initrc_t)
|
||||||
@@ -550,8 +965,44 @@ ifdef(`distro_redhat',`
|
@@ -550,8 +967,44 @@ ifdef(`distro_redhat',`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37545,7 +37549,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -559,14 +1010,31 @@ ifdef(`distro_redhat',`
|
@@ -559,14 +1012,31 @@ ifdef(`distro_redhat',`
|
||||||
rpc_write_exports(initrc_t)
|
rpc_write_exports(initrc_t)
|
||||||
rpc_manage_nfs_state_data(initrc_t)
|
rpc_manage_nfs_state_data(initrc_t)
|
||||||
')
|
')
|
||||||
@ -37577,7 +37581,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -577,6 +1045,39 @@ ifdef(`distro_suse',`
|
@@ -577,6 +1047,39 @@ ifdef(`distro_suse',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -37617,7 +37621,7 @@ index 17eda24..1522b3c 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -589,6 +1090,8 @@ optional_policy(`
|
@@ -589,6 +1092,8 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_read_config(initrc_t)
|
apache_read_config(initrc_t)
|
||||||
apache_list_modules(initrc_t)
|
apache_list_modules(initrc_t)
|
||||||
@ -37626,7 +37630,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -610,6 +1113,7 @@ optional_policy(`
|
@@ -610,6 +1115,7 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cgroup_stream_connect_cgred(initrc_t)
|
cgroup_stream_connect_cgred(initrc_t)
|
||||||
@ -37634,7 +37638,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -626,6 +1130,17 @@ optional_policy(`
|
@@ -626,6 +1132,17 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37652,7 +37656,7 @@ index 17eda24..1522b3c 100644
|
|||||||
dev_getattr_printer_dev(initrc_t)
|
dev_getattr_printer_dev(initrc_t)
|
||||||
|
|
||||||
cups_read_log(initrc_t)
|
cups_read_log(initrc_t)
|
||||||
@@ -642,9 +1157,13 @@ optional_policy(`
|
@@ -642,9 +1159,13 @@ optional_policy(`
|
||||||
dbus_connect_system_bus(initrc_t)
|
dbus_connect_system_bus(initrc_t)
|
||||||
dbus_system_bus_client(initrc_t)
|
dbus_system_bus_client(initrc_t)
|
||||||
dbus_read_config(initrc_t)
|
dbus_read_config(initrc_t)
|
||||||
@ -37666,7 +37670,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -657,15 +1176,11 @@ optional_policy(`
|
@@ -657,15 +1178,11 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37684,7 +37688,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -686,6 +1201,15 @@ optional_policy(`
|
@@ -686,6 +1203,15 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37700,7 +37704,7 @@ index 17eda24..1522b3c 100644
|
|||||||
inn_exec_config(initrc_t)
|
inn_exec_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -726,6 +1250,7 @@ optional_policy(`
|
@@ -726,6 +1252,7 @@ optional_policy(`
|
||||||
lpd_list_spool(initrc_t)
|
lpd_list_spool(initrc_t)
|
||||||
|
|
||||||
lpd_read_config(initrc_t)
|
lpd_read_config(initrc_t)
|
||||||
@ -37708,7 +37712,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -743,7 +1268,13 @@ optional_policy(`
|
@@ -743,7 +1270,13 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37723,7 +37727,7 @@ index 17eda24..1522b3c 100644
|
|||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -766,6 +1297,10 @@ optional_policy(`
|
@@ -766,6 +1299,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37734,7 +37738,7 @@ index 17eda24..1522b3c 100644
|
|||||||
postgresql_manage_db(initrc_t)
|
postgresql_manage_db(initrc_t)
|
||||||
postgresql_read_config(initrc_t)
|
postgresql_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -775,10 +1310,20 @@ optional_policy(`
|
@@ -775,10 +1312,20 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37755,7 +37759,7 @@ index 17eda24..1522b3c 100644
|
|||||||
quota_manage_flags(initrc_t)
|
quota_manage_flags(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -787,6 +1332,10 @@ optional_policy(`
|
@@ -787,6 +1334,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37766,7 +37770,7 @@ index 17eda24..1522b3c 100644
|
|||||||
fs_write_ramfs_sockets(initrc_t)
|
fs_write_ramfs_sockets(initrc_t)
|
||||||
fs_search_ramfs(initrc_t)
|
fs_search_ramfs(initrc_t)
|
||||||
|
|
||||||
@@ -808,8 +1357,6 @@ optional_policy(`
|
@@ -808,8 +1359,6 @@ optional_policy(`
|
||||||
# bash tries ioctl for some reason
|
# bash tries ioctl for some reason
|
||||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||||
|
|
||||||
@ -37775,7 +37779,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -818,6 +1365,10 @@ optional_policy(`
|
@@ -818,6 +1367,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37786,7 +37790,7 @@ index 17eda24..1522b3c 100644
|
|||||||
# shorewall-init script run /var/lib/shorewall/firewall
|
# shorewall-init script run /var/lib/shorewall/firewall
|
||||||
shorewall_lib_domtrans(initrc_t)
|
shorewall_lib_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -827,10 +1378,12 @@ optional_policy(`
|
@@ -827,10 +1380,12 @@ optional_policy(`
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -37799,7 +37803,7 @@ index 17eda24..1522b3c 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_dontaudit_read_server_keys(initrc_t)
|
ssh_dontaudit_read_server_keys(initrc_t)
|
||||||
@@ -857,21 +1410,62 @@ optional_policy(`
|
@@ -857,21 +1412,62 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37863,7 +37867,7 @@ index 17eda24..1522b3c 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -887,6 +1481,10 @@ optional_policy(`
|
@@ -887,6 +1483,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -37874,7 +37878,7 @@ index 17eda24..1522b3c 100644
|
|||||||
# Set device ownerships/modes.
|
# Set device ownerships/modes.
|
||||||
xserver_setattr_console_pipes(initrc_t)
|
xserver_setattr_console_pipes(initrc_t)
|
||||||
|
|
||||||
@@ -897,3 +1495,218 @@ optional_policy(`
|
@@ -897,3 +1497,218 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@ -39558,7 +39562,7 @@ index 808ba93..57a68da 100644
|
|||||||
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
|
+ files_etc_filetrans($1, ld_so_cache_t, file, "ld.so.preload~")
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
|
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
|
||||||
index 54f8fa5..1584203 100644
|
index 54f8fa5..544b8e3 100644
|
||||||
--- a/policy/modules/system/libraries.te
|
--- a/policy/modules/system/libraries.te
|
||||||
+++ b/policy/modules/system/libraries.te
|
+++ b/policy/modules/system/libraries.te
|
||||||
@@ -32,14 +32,14 @@ files_tmp_file(ldconfig_tmp_t)
|
@@ -32,14 +32,14 @@ files_tmp_file(ldconfig_tmp_t)
|
||||||
@ -39652,10 +39656,14 @@ index 54f8fa5..1584203 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
|
unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
|
||||||
')
|
')
|
||||||
@@ -131,6 +150,14 @@ optional_policy(`
|
@@ -131,6 +150,18 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
+ glusterd_dontaudit_read_lib_dirs(ldconfig_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
+ gnome_append_generic_cache_files(ldconfig_t)
|
+ gnome_append_generic_cache_files(ldconfig_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
@ -39667,7 +39675,7 @@ index 54f8fa5..1584203 100644
|
|||||||
puppet_rw_tmp(ldconfig_t)
|
puppet_rw_tmp(ldconfig_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -141,6 +168,3 @@ optional_policy(`
|
@@ -141,6 +172,3 @@ optional_policy(`
|
||||||
rpm_manage_script_tmp_files(ldconfig_t)
|
rpm_manage_script_tmp_files(ldconfig_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -31640,10 +31640,10 @@ index 5cd0909..bd3c3d2 100644
|
|||||||
+corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
|
+corenet_tcp_connect_glance_registry_port(glance_scrubber_t)
|
||||||
diff --git a/glusterd.fc b/glusterd.fc
|
diff --git a/glusterd.fc b/glusterd.fc
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..cbd6aa4
|
index 0000000..52b4110
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/glusterd.fc
|
+++ b/glusterd.fc
|
||||||
@@ -0,0 +1,20 @@
|
@@ -0,0 +1,22 @@
|
||||||
+/etc/rc\.d/init\.d/gluster.* -- gen_context(system_u:object_r:glusterd_initrc_exec_t,s0)
|
+/etc/rc\.d/init\.d/gluster.* -- gen_context(system_u:object_r:glusterd_initrc_exec_t,s0)
|
||||||
+
|
+
|
||||||
+/etc/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_conf_t,s0)
|
+/etc/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_conf_t,s0)
|
||||||
@ -31659,17 +31659,19 @@ index 0000000..cbd6aa4
|
|||||||
+/var/lib/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_lib_t,s0)
|
+/var/lib/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_lib_t,s0)
|
||||||
+
|
+
|
||||||
+/var/log/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_log_t,s0)
|
+/var/log/glusterfs(/.*)? gen_context(system_u:object_r:glusterd_log_t,s0)
|
||||||
|
+/var/log/ganesha.log -- gen_context(system_u:object_r:glusterd_log_t,s0)
|
||||||
+
|
+
|
||||||
+/var/run/gluster(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
+/var/run/gluster(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
||||||
+/var/run/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
+/var/run/glusterd(/.*)? gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
||||||
+/var/run/glusterd.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
+/var/run/glusterd.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
||||||
+/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
+/var/run/glusterd.* -s gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
||||||
|
+/var/run/ganesha.* -- gen_context(system_u:object_r:glusterd_var_run_t,s0)
|
||||||
diff --git a/glusterd.if b/glusterd.if
|
diff --git a/glusterd.if b/glusterd.if
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..fc9bf19
|
index 0000000..764ae00
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/glusterd.if
|
+++ b/glusterd.if
|
||||||
@@ -0,0 +1,243 @@
|
@@ -0,0 +1,261 @@
|
||||||
+
|
+
|
||||||
+## <summary>policy for glusterd</summary>
|
+## <summary>policy for glusterd</summary>
|
||||||
+
|
+
|
||||||
@ -31830,6 +31832,24 @@ index 0000000..fc9bf19
|
|||||||
+
|
+
|
||||||
+######################################
|
+######################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Dontaudit Read /var/lib/glusterd files.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`glusterd_dontaudit_read_lib_dirs',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type glusterd_var_lib_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ dontaudit $1 glusterd_var_lib_t:dir list_dir_perms;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+######################################
|
||||||
|
+## <summary>
|
||||||
+## Read and write /var/lib/glusterd files.
|
+## Read and write /var/lib/glusterd files.
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -31915,10 +31935,10 @@ index 0000000..fc9bf19
|
|||||||
+
|
+
|
||||||
diff --git a/glusterd.te b/glusterd.te
|
diff --git a/glusterd.te b/glusterd.te
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..afabf8c
|
index 0000000..59e84ca
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/glusterd.te
|
+++ b/glusterd.te
|
||||||
@@ -0,0 +1,297 @@
|
@@ -0,0 +1,295 @@
|
||||||
+policy_module(glusterd, 1.1.3)
|
+policy_module(glusterd, 1.1.3)
|
||||||
+
|
+
|
||||||
+## <desc>
|
+## <desc>
|
||||||
@ -32002,10 +32022,8 @@ index 0000000..afabf8c
|
|||||||
+allow glusterd_t glusterd_tmp_t:dir mounton;
|
+allow glusterd_t glusterd_tmp_t:dir mounton;
|
||||||
+
|
+
|
||||||
+manage_dirs_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
|
+manage_dirs_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
|
||||||
+append_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
|
+manage_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
|
||||||
+create_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
|
+logging_log_filetrans(glusterd_t, glusterd_log_t, { file dir })
|
||||||
+setattr_files_pattern(glusterd_t, glusterd_log_t, glusterd_log_t)
|
|
||||||
+logging_log_filetrans(glusterd_t, glusterd_log_t, dir)
|
|
||||||
+
|
+
|
||||||
+manage_dirs_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
|
+manage_dirs_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
|
||||||
+manage_files_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
|
+manage_files_pattern(glusterd_t, glusterd_var_run_t, glusterd_var_run_t)
|
||||||
@ -45368,7 +45386,7 @@ index dd8e01a..9cd6b0b 100644
|
|||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
diff --git a/logrotate.te b/logrotate.te
|
diff --git a/logrotate.te b/logrotate.te
|
||||||
index be0ab84..3c99496 100644
|
index be0ab84..688605e 100644
|
||||||
--- a/logrotate.te
|
--- a/logrotate.te
|
||||||
+++ b/logrotate.te
|
+++ b/logrotate.te
|
||||||
@@ -5,16 +5,22 @@ policy_module(logrotate, 1.15.0)
|
@@ -5,16 +5,22 @@ policy_module(logrotate, 1.15.0)
|
||||||
@ -45493,7 +45511,7 @@ index be0ab84..3c99496 100644
|
|||||||
files_manage_generic_spool(logrotate_t)
|
files_manage_generic_spool(logrotate_t)
|
||||||
files_manage_generic_spool_dirs(logrotate_t)
|
files_manage_generic_spool_dirs(logrotate_t)
|
||||||
files_getattr_generic_locks(logrotate_t)
|
files_getattr_generic_locks(logrotate_t)
|
||||||
@@ -95,32 +126,52 @@ mls_process_write_to_clearance(logrotate_t)
|
@@ -95,32 +126,54 @@ mls_process_write_to_clearance(logrotate_t)
|
||||||
selinux_get_fs_mount(logrotate_t)
|
selinux_get_fs_mount(logrotate_t)
|
||||||
selinux_get_enforce_mode(logrotate_t)
|
selinux_get_enforce_mode(logrotate_t)
|
||||||
|
|
||||||
@ -45524,6 +45542,8 @@ index be0ab84..3c99496 100644
|
|||||||
+miscfiles_read_hwdata(logrotate_t)
|
+miscfiles_read_hwdata(logrotate_t)
|
||||||
|
|
||||||
-userdom_use_user_terminals(logrotate_t)
|
-userdom_use_user_terminals(logrotate_t)
|
||||||
|
+term_dontaudit_use_unallocated_ttys(logrotate_t)
|
||||||
|
+
|
||||||
+userdom_use_inherited_user_terminals(logrotate_t)
|
+userdom_use_inherited_user_terminals(logrotate_t)
|
||||||
userdom_list_user_home_dirs(logrotate_t)
|
userdom_list_user_home_dirs(logrotate_t)
|
||||||
userdom_use_unpriv_users_fds(logrotate_t)
|
userdom_use_unpriv_users_fds(logrotate_t)
|
||||||
@ -45552,7 +45572,7 @@ index be0ab84..3c99496 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -135,16 +186,17 @@ optional_policy(`
|
@@ -135,16 +188,17 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_read_config(logrotate_t)
|
apache_read_config(logrotate_t)
|
||||||
@ -45572,7 +45592,7 @@ index be0ab84..3c99496 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -170,6 +222,11 @@ optional_policy(`
|
@@ -170,6 +224,11 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -45584,7 +45604,7 @@ index be0ab84..3c99496 100644
|
|||||||
fail2ban_stream_connect(logrotate_t)
|
fail2ban_stream_connect(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -178,7 +235,7 @@ optional_policy(`
|
@@ -178,7 +237,7 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -45593,7 +45613,7 @@ index be0ab84..3c99496 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -198,17 +255,18 @@ optional_policy(`
|
@@ -198,17 +257,18 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -45615,7 +45635,7 @@ index be0ab84..3c99496 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -216,6 +274,14 @@ optional_policy(`
|
@@ -216,6 +276,14 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -45630,7 +45650,7 @@ index be0ab84..3c99496 100644
|
|||||||
samba_exec_log(logrotate_t)
|
samba_exec_log(logrotate_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -228,26 +294,43 @@ optional_policy(`
|
@@ -228,26 +296,43 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -117642,7 +117662,7 @@ index dd63de0..38ce620 100644
|
|||||||
- admin_pattern($1, zabbix_tmpfs_t)
|
- admin_pattern($1, zabbix_tmpfs_t)
|
||||||
')
|
')
|
||||||
diff --git a/zabbix.te b/zabbix.te
|
diff --git a/zabbix.te b/zabbix.te
|
||||||
index 7f496c6..b23f29d 100644
|
index 7f496c6..fccb7b1 100644
|
||||||
--- a/zabbix.te
|
--- a/zabbix.te
|
||||||
+++ b/zabbix.te
|
+++ b/zabbix.te
|
||||||
@@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
|
@@ -6,27 +6,32 @@ policy_module(zabbix, 1.6.0)
|
||||||
@ -117860,7 +117880,7 @@ index 7f496c6..b23f29d 100644
|
|||||||
|
|
||||||
corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
|
corenet_sendrecv_zabbix_agent_server_packets(zabbix_agent_t)
|
||||||
corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
|
corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
|
||||||
@@ -170,6 +185,26 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
|
@@ -170,6 +185,30 @@ corenet_sendrecv_ssh_client_packets(zabbix_agent_t)
|
||||||
corenet_tcp_connect_ssh_port(zabbix_agent_t)
|
corenet_tcp_connect_ssh_port(zabbix_agent_t)
|
||||||
corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
|
corenet_tcp_sendrecv_ssh_port(zabbix_agent_t)
|
||||||
|
|
||||||
@ -117880,6 +117900,10 @@ index 7f496c6..b23f29d 100644
|
|||||||
+corenet_tcp_connect_pop_port(zabbix_agent_t)
|
+corenet_tcp_connect_pop_port(zabbix_agent_t)
|
||||||
+corenet_tcp_sendrecv_pop_port(zabbix_agent_t)
|
+corenet_tcp_sendrecv_pop_port(zabbix_agent_t)
|
||||||
+
|
+
|
||||||
|
+corenet_sendrecv_postgresql_client_packets(zabbix_agent_t)
|
||||||
|
+corenet_tcp_connect_postgresql_port(zabbix_agent_t)
|
||||||
|
+corenet_tcp_sendrecv_postgresql_port(zabbix_agent_t)
|
||||||
|
+
|
||||||
+corenet_sendrecv_smtp_client_packets(zabbix_agent_t)
|
+corenet_sendrecv_smtp_client_packets(zabbix_agent_t)
|
||||||
+corenet_tcp_connect_smtp_port(zabbix_agent_t)
|
+corenet_tcp_connect_smtp_port(zabbix_agent_t)
|
||||||
+corenet_tcp_sendrecv_smtp_port(zabbix_agent_t)
|
+corenet_tcp_sendrecv_smtp_port(zabbix_agent_t)
|
||||||
@ -117887,7 +117911,7 @@ index 7f496c6..b23f29d 100644
|
|||||||
corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
|
corenet_sendrecv_zabbix_client_packets(zabbix_agent_t)
|
||||||
corenet_tcp_connect_zabbix_port(zabbix_agent_t)
|
corenet_tcp_connect_zabbix_port(zabbix_agent_t)
|
||||||
corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
|
corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
|
||||||
@@ -177,21 +212,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
|
@@ -177,21 +216,49 @@ corenet_tcp_sendrecv_zabbix_port(zabbix_agent_t)
|
||||||
dev_getattr_all_blk_files(zabbix_agent_t)
|
dev_getattr_all_blk_files(zabbix_agent_t)
|
||||||
dev_getattr_all_chr_files(zabbix_agent_t)
|
dev_getattr_all_chr_files(zabbix_agent_t)
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 189%{?dist}
|
Release: 190%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -647,6 +647,12 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 16 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-190
|
||||||
|
- Label /var/log/ganesha.log as gluster_log_t Allow glusterd_t domain to create glusterd_log_t files. Label /var/run/ganesha.pid as gluster_var_run_t.
|
||||||
|
- Allow zabbix to connect to postgresql port
|
||||||
|
- Label /usr/libexec/openssh/sshd-keygen as sshd_keygen_exec_t. BZ(1335149)
|
||||||
|
- Allow systemd to read efivarfs. Resolve: #121
|
||||||
|
|
||||||
* Tue May 10 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-189
|
* Tue May 10 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-189
|
||||||
- Revert temporary fix: Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed
|
- Revert temporary fix: Replace generating man/html pages with pages from actual build. This is due to broken userspace with python3 in F23/Rawhide. Please Revert when userspace will be fixed
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user