trunk: whitespace fix changing multiple spaces into tabs.
This commit is contained in:
Chris PeBenito
parent
a057e0462e
commit
6073ea1e13
@ -1 +1 @@
|
||||
/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
|
||||
/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/ddcprobe -- gen_context(system_u:object_r:ddcprobe_exec_t,s0)
|
||||
/usr/sbin/ddcprobe -- gen_context(system_u:object_r:ddcprobe_exec_t,s0)
|
||||
|
||||
@ -135,11 +135,11 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(kudzu_t)
|
||||
seutil_sigchld_newrole(kudzu_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_db(kudzu_t)
|
||||
udev_read_db(kudzu_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -12,13 +12,13 @@
|
||||
/usr/(.*/)?bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/lib(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/frysk -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gij -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gjarsigner -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gkeytool -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gjarsigner -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gkeytool -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
|
||||
@ -76,7 +76,7 @@ template(`screen_role_template',`
|
||||
manage_dirs_pattern($3, screen_home_t, screen_home_t)
|
||||
manage_files_pattern($3, screen_home_t, screen_home_t)
|
||||
manage_lnk_files_pattern($3, screen_home_t, screen_home_t)
|
||||
relabel_dirs_pattern($3, screen_home_t, screen_home_t)
|
||||
relabel_dirs_pattern($3, screen_home_t, screen_home_t)
|
||||
relabel_files_pattern($3, screen_home_t, screen_home_t)
|
||||
relabel_lnk_files_pattern($3, screen_home_t, screen_home_t)
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@ ifdef(`distro_redhat',`
|
||||
/usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
|
||||
/usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
||||
/usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
||||
/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
||||
/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
|
||||
/usr/lib64/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
||||
|
||||
/usr/sbin/vmware-guest.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
|
||||
|
||||
@ -148,8 +148,8 @@ ifdef(`distro_gentoo',`
|
||||
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
@ -189,7 +189,7 @@ ifdef(`distro_gentoo',`
|
||||
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
@ -221,10 +221,10 @@ ifdef(`distro_redhat', `
|
||||
|
||||
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@ -287,8 +287,8 @@ ifdef(`distro_suse', `
|
||||
/usr/lib64/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
|
||||
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
ifdef(`distro_suse',`
|
||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
@ -1259,11 +1259,11 @@ interface(`fs_read_eventpollfs',`
|
||||
## </param>
|
||||
#
|
||||
interface(`fs_mount_fusefs',`
|
||||
gen_require(`
|
||||
type fusefs_t;
|
||||
')
|
||||
gen_require(`
|
||||
type fusefs_t;
|
||||
')
|
||||
|
||||
allow $1 fusefs_t:filesystem mount;
|
||||
allow $1 fusefs_t:filesystem mount;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -1277,11 +1277,11 @@ interface(`fs_mount_fusefs',`
|
||||
## </param>
|
||||
#
|
||||
interface(`fs_unmount_fusefs',`
|
||||
gen_require(`
|
||||
type fusefs_t;
|
||||
')
|
||||
gen_require(`
|
||||
type fusefs_t;
|
||||
')
|
||||
|
||||
allow $1 fusefs_t:filesystem unmount;
|
||||
allow $1 fusefs_t:filesystem unmount;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -913,9 +913,9 @@ interface(`mls_db_downgrade',`
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`mls_dbus_send_all_levels',`
|
||||
gen_require(`
|
||||
attribute mlsdbussend;
|
||||
')
|
||||
gen_require(`
|
||||
attribute mlsdbussend;
|
||||
')
|
||||
|
||||
typeattribute $1 mlsdbussend;
|
||||
')
|
||||
@ -934,9 +934,9 @@ interface(`mls_dbus_send_all_levels',`
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`mls_dbus_recv_all_levels',`
|
||||
gen_require(`
|
||||
attribute mlsdbusrecv;
|
||||
')
|
||||
gen_require(`
|
||||
attribute mlsdbusrecv;
|
||||
')
|
||||
|
||||
typeattribute $1 mlsdbusrecv;
|
||||
')
|
||||
|
||||
@ -118,7 +118,7 @@ interface(`storage_raw_read_fixed_disk',`
|
||||
interface(`storage_dontaudit_read_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
|
||||
|
||||
')
|
||||
|
||||
dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
|
||||
@ -164,7 +164,7 @@ interface(`storage_raw_write_fixed_disk',`
|
||||
interface(`storage_dontaudit_write_fixed_disk',`
|
||||
gen_require(`
|
||||
type fixed_disk_device_t;
|
||||
|
||||
|
||||
')
|
||||
|
||||
dontaudit $1 fixed_disk_device_t:blk_file write_blk_file_perms;
|
||||
@ -525,7 +525,7 @@ interface(`storage_dontaudit_getattr_removable_dev',`
|
||||
interface(`storage_dontaudit_read_removable_device',`
|
||||
gen_require(`
|
||||
type removable_device_t;
|
||||
|
||||
|
||||
')
|
||||
|
||||
dontaudit $1 removable_device_t:blk_file { getattr ioctl read };
|
||||
|
||||
@ -11,12 +11,12 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`aide_domtrans',`
|
||||
gen_require(`
|
||||
type aide_t, aide_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type aide_t, aide_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1, aide_exec_t, aide_t)
|
||||
domtrans_pattern($1, aide_exec_t, aide_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -116,7 +116,7 @@ interface(`apcupsd_cgi_script_domtrans',`
|
||||
#
|
||||
interface(`apcupsd_admin',`
|
||||
gen_require(`
|
||||
type apcupsd_t, apcupsd_tmp_t;
|
||||
type apcupsd_t, apcupsd_tmp_t;
|
||||
type apcupsd_log_t, apcupsd_lock_t;
|
||||
type apcupsd_var_run_t, apcupsd_initrc_exec_t;
|
||||
')
|
||||
|
||||
@ -31,9 +31,9 @@ ifdef(`distro_gentoo',`
|
||||
')
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
/etc/named\.rfc1912.zones -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.root\.hints -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.rfc1912.zones -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.root\.hints -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.caching-nameserver\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
|
||||
@ -11,9 +11,9 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`clockspeed_domtrans_cli',`
|
||||
gen_require(`
|
||||
type clockspeed_cli_t, clockspeed_cli_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type clockspeed_cli_t, clockspeed_cli_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, clockspeed_cli_exec_t, clockspeed_cli_t)
|
||||
')
|
||||
|
||||
@ -4,5 +4,5 @@
|
||||
/var/spool/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
|
||||
/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
|
||||
')
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
/var/run/proftpd(/.*)? gen_context(system_u:object_r:ftpd_var_run_t,s0)
|
||||
|
||||
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
|
||||
@ -264,7 +264,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
ntp_domtrans(hald_t)
|
||||
ntp_domtrans(hald_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -11,8 +11,8 @@
|
||||
#
|
||||
/usr/bin/inews -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rnews -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rpost -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/suck -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rpost -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/suck -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
|
||||
/usr/sbin/in\.nnrpd -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/sbin/innd.* -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
|
||||
@ -33,7 +33,7 @@
|
||||
#
|
||||
interface(`kerberos_exec_kadmind',`
|
||||
gen_require(`
|
||||
type kadmind_exec_t;
|
||||
type kadmind_exec_t;
|
||||
')
|
||||
|
||||
can_exec($1, kadmind_exec_t)
|
||||
@ -231,7 +231,7 @@ interface(`kerberos_read_kdc_config',`
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
read_files_pattern($1, krb5kdc_conf_t, krb5kdc_conf_t)
|
||||
read_files_pattern($1, krb5kdc_conf_t, krb5kdc_conf_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
interface(`kerneloops_domtrans',`
|
||||
gen_require(`
|
||||
type kerneloops_t;
|
||||
type kerneloops_exec_t;
|
||||
type kerneloops_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1, kerneloops_exec_t, kerneloops_t)
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
interface(`memcached_domtrans',`
|
||||
gen_require(`
|
||||
type memcached_t;
|
||||
type memcached_exec_t;
|
||||
type memcached_exec_t;
|
||||
')
|
||||
|
||||
domtrans_pattern($1,memcached_exec_t,memcached_t)
|
||||
|
||||
@ -38,8 +38,8 @@ corenet_tcp_bind_all_nodes(memcached_t)
|
||||
corenet_tcp_bind_memcache_port(memcached_t)
|
||||
corenet_udp_bind_memcache_port(memcached_t)
|
||||
|
||||
manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
|
||||
manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
|
||||
manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
|
||||
manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
|
||||
files_pid_filetrans(memcached_t,memcached_var_run_t, { file dir })
|
||||
|
||||
files_read_etc_files(memcached_t)
|
||||
|
||||
@ -199,7 +199,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(nrpe_t)
|
||||
seutil_sigchld_newrole(nrpe_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -207,5 +207,5 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_db(nrpe_t)
|
||||
udev_read_db(nrpe_t)
|
||||
')
|
||||
|
||||
@ -193,11 +193,11 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(yppasswdd_t)
|
||||
seutil_sigchld_newrole(yppasswdd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_db(yppasswdd_t)
|
||||
udev_read_db(yppasswdd_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
/etc/nsd/secondary(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
|
||||
|
||||
/usr/sbin/nsd -- gen_context(system_u:object_r:nsd_exec_t,s0)
|
||||
/usr/sbin/nsdc -- gen_context(system_u:object_r:nsd_exec_t,s0)
|
||||
/usr/sbin/nsdc -- gen_context(system_u:object_r:nsd_exec_t,s0)
|
||||
/usr/sbin/nsd-notify -- gen_context(system_u:object_r:nsd_exec_t,s0)
|
||||
/usr/sbin/zonec -- gen_context(system_u:object_r:nsd_exec_t,s0)
|
||||
|
||||
|
||||
@ -57,8 +57,8 @@ interface(`postgresql_role',`
|
||||
|
||||
allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete };
|
||||
allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };
|
||||
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
|
||||
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
|
||||
|
||||
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
|
||||
type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
|
||||
@ -296,7 +296,7 @@ interface(`postgresql_stream_connect',`
|
||||
files_search_pids($1)
|
||||
allow $1 postgresql_t:unix_stream_socket connectto;
|
||||
allow $1 postgresql_var_run_t:sock_file write;
|
||||
# Some versions of postgresql put the sock file in /tmp
|
||||
# Some versions of postgresql put the sock file in /tmp
|
||||
allow $1 postgresql_tmp_t:sock_file write;
|
||||
')
|
||||
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
/etc/postgrey(/.*)? gen_context(system_u:object_r:postgrey_etc_t,s0)
|
||||
/etc/rc\.d/init\.d/postgrey -- gen_context(system_u:object_r:postgrey_initrc_exec_t,s0)
|
||||
|
||||
|
||||
/usr/sbin/postgrey -- gen_context(system_u:object_r:postgrey_exec_t,s0)
|
||||
|
||||
/var/lib/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_lib_t,s0)
|
||||
|
||||
@ -11,9 +11,9 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`postgrey_stream_connect',`
|
||||
gen_require(`
|
||||
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
|
||||
')
|
||||
gen_require(`
|
||||
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
|
||||
')
|
||||
|
||||
stream_connect_pattern($1, postgrey_var_run_t, postgrey_var_run_t, postgrey_t)
|
||||
stream_connect_pattern($1, postgrey_spool_t, postgrey_spool_t, postgrey_t)
|
||||
@ -31,9 +31,9 @@ interface(`postgrey_stream_connect',`
|
||||
## </param>
|
||||
#
|
||||
interface(`postgrey_search_spool',`
|
||||
gen_require(`
|
||||
type postgrey_spool_t;
|
||||
')
|
||||
gen_require(`
|
||||
type postgrey_spool_t;
|
||||
')
|
||||
|
||||
allow $1 postgrey_spool_t:dir search_dir_perms;
|
||||
')
|
||||
|
||||
@ -291,11 +291,11 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(pptp_t)
|
||||
seutil_sigchld_newrole(pptp_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_db(pptp_t)
|
||||
udev_read_db(pptp_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0)
|
||||
|
||||
/etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
|
||||
/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
|
||||
/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
|
||||
|
||||
/usr/sbin/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0)
|
||||
/usr/sbin/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0)
|
||||
|
||||
@ -12,5 +12,5 @@
|
||||
/var/log/clumond\.log -- gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0)
|
||||
|
||||
/var/run/clumond\.sock -s gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
|
||||
/var/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
|
||||
/var/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0)
|
||||
/var/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
|
||||
/var/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0)
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/bin/roundup-server -- gen_context(system_u:object_r:roundup_exec_t,s0)
|
||||
/usr/bin/roundup-server -- gen_context(system_u:object_r:roundup_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lib/roundup(/.*)? -- gen_context(system_u:object_r:roundup_var_lib_t,s0)
|
||||
/var/lib/roundup(/.*)? -- gen_context(system_u:object_r:roundup_var_lib_t,s0)
|
||||
|
||||
@ -66,7 +66,7 @@ can_exec(rpcd_t, rpcd_exec_t)
|
||||
kernel_read_system_state(rpcd_t)
|
||||
kernel_read_network_state(rpcd_t)
|
||||
# for rpc.rquotad
|
||||
kernel_read_sysctl(rpcd_t)
|
||||
kernel_read_sysctl(rpcd_t)
|
||||
kernel_rw_fs_sysctls(rpcd_t)
|
||||
|
||||
corecmd_exec_bin(rpcd_t)
|
||||
|
||||
@ -438,7 +438,7 @@ interface(`samba_stream_connect_winbind',`
|
||||
|
||||
ifndef(`distro_redhat',`
|
||||
gen_require(`
|
||||
type winbind_tmp_t;
|
||||
type winbind_tmp_t;
|
||||
')
|
||||
|
||||
# the default for the socket is (poorly named):
|
||||
|
||||
@ -112,5 +112,5 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
rpm_read_db(setroubleshootd_t)
|
||||
rpm_dontaudit_manage_db(setroubleshootd_t)
|
||||
rpm_use_script_fds(setroubleshootd_t)
|
||||
rpm_use_script_fds(setroubleshootd_t)
|
||||
')
|
||||
|
||||
@ -86,7 +86,7 @@ userdom_dontaudit_use_unpriv_user_fds(fsdaemon_t)
|
||||
userdom_dontaudit_search_user_home_dirs(fsdaemon_t)
|
||||
|
||||
optional_policy(`
|
||||
mta_send_mail(fsdaemon_t)
|
||||
mta_send_mail(fsdaemon_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -93,11 +93,11 @@ ifdef(`distro_gentoo', `
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(stunnel_t)
|
||||
seutil_sigchld_newrole(stunnel_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_db(stunnel_t)
|
||||
udev_read_db(stunnel_t)
|
||||
')
|
||||
',`
|
||||
allow stunnel_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
||||
@ -108,7 +108,7 @@ ifdef(`distro_gentoo', `
|
||||
files_search_home(stunnel_t)
|
||||
|
||||
optional_policy(`
|
||||
kerberos_use(stunnel_t)
|
||||
kerberos_use(stunnel_t)
|
||||
')
|
||||
')
|
||||
|
||||
|
||||
@ -100,9 +100,9 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(tftpd_t)
|
||||
seutil_sigchld_newrole(tftpd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_db(tftpd_t)
|
||||
udev_read_db(tftpd_t)
|
||||
')
|
||||
|
||||
@ -173,7 +173,7 @@ interface(`virt_read_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
|
||||
read_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -193,7 +193,7 @@ interface(`virt_manage_lib_files',`
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
manage_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
|
||||
manage_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -213,7 +213,7 @@ interface(`virt_read_log',`
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
read_files_pattern($1, virt_log_t, virt_log_t)
|
||||
read_files_pattern($1, virt_log_t, virt_log_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -233,7 +233,7 @@ interface(`virt_append_log',`
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
append_files_pattern($1, virt_log_t, virt_log_t)
|
||||
append_files_pattern($1, virt_log_t, virt_log_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -251,9 +251,9 @@ interface(`virt_manage_log',`
|
||||
type virt_log_t;
|
||||
')
|
||||
|
||||
manage_dirs_pattern($1, virt_log_t, virt_log_t)
|
||||
manage_files_pattern($1, virt_log_t, virt_log_t)
|
||||
manage_lnk_files_pattern($1, virt_log_t, virt_log_t)
|
||||
manage_dirs_pattern($1, virt_log_t, virt_log_t)
|
||||
manage_files_pattern($1, virt_log_t, virt_log_t)
|
||||
manage_lnk_files_pattern($1, virt_log_t, virt_log_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -62,7 +62,7 @@ ifdef(`distro_redhat',`
|
||||
/usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
|
||||
/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
|
||||
/usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
||||
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
||||
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
ifdef(`distro_debian', `
|
||||
/usr/sbin/gdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
|
||||
@ -75,7 +75,7 @@ ifdef(`distro_debian', `
|
||||
/usr/X11R6/bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
|
||||
/usr/X11R6/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
|
||||
/usr/X11R6/bin/X -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
/usr/X11R6/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
||||
/usr/X11R6/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
||||
/usr/X11R6/bin/XFree86 -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
/usr/X11R6/bin/Xipaq -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
/usr/X11R6/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
/etc/zebra(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0)
|
||||
|
||||
/usr/sbin/ospf.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
|
||||
/var/log/quagga(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
|
||||
/var/log/zebra(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
|
||||
|
||||
@ -28,7 +28,7 @@ ifdef(`distro_gentoo',`
|
||||
|
||||
ifdef(`distro_gentoo', `
|
||||
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runsvcscript\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/svcinit -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
||||
@ -43,7 +43,7 @@ ifdef(`distro_redhat',`
|
||||
/lib64/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
|
||||
|
||||
/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
/lib32 -l gen_context(system_u:object_r:lib_t,s0)
|
||||
@ -116,7 +116,7 @@ ifdef(`distro_redhat',`
|
||||
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -125,7 +125,7 @@ ifdef(`distro_redhat',`
|
||||
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -137,7 +137,7 @@ ifdef(`distro_redhat',`
|
||||
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
|
||||
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -205,7 +205,7 @@ HOME_DIR/.*/\.gstreamer-.*/plugins/*\.so.* -- gen_context(system_u:object_r:text
|
||||
/usr/lib(64)?/.*/program/librecentfile\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
# Fedora Extras packages: ladspa, imlib2, ocaml
|
||||
@ -264,7 +264,7 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_
|
||||
|
||||
# vmware
|
||||
/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
# Java, Sun Microsystems (JPackage SRPM)
|
||||
|
||||
@ -11,9 +11,9 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`netlabel_domtrans_mgmt',`
|
||||
gen_require(`
|
||||
type netlabel_mgmt_t, netlabel_mgmt_exec_t;
|
||||
')
|
||||
gen_require(`
|
||||
type netlabel_mgmt_t, netlabel_mgmt_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1,netlabel_mgmt_exec_t,netlabel_mgmt_t)
|
||||
|
||||
@ -658,7 +658,7 @@ interface(`seutil_rw_config',`
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`seutil_manage_selinux_config',`
|
||||
refpolicywarn(`$0($*) has been deprecated. Please use seutil_manage_config() instead.')
|
||||
refpolicywarn(`$0($*) has been deprecated. Please use seutil_manage_config() instead.')
|
||||
seutil_manage_config($1)
|
||||
')
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
|
||||
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
|
||||
@ -993,7 +993,7 @@ template(`userdom_unpriv_user_template', `
|
||||
')
|
||||
|
||||
# Allow users to run TCP servers (bind to ports and accept connection from
|
||||
# the same domain and outside users) disabling this forces FTP passive mode
|
||||
# the same domain and outside users) disabling this forces FTP passive mode
|
||||
# and may change other protocols
|
||||
tunable_policy(`user_tcp_server',`
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
|
||||
@ -26,7 +26,7 @@ ifdef(`distro_debian',`
|
||||
|
||||
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
|
||||
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
|
||||
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
|
||||
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
|
||||
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
|
||||
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
|
||||
|
||||
|
||||
@ -129,9 +129,9 @@ interface(`xen_manage_log',`
|
||||
## </param>
|
||||
#
|
||||
interface(`xen_dontaudit_rw_unix_stream_sockets',`
|
||||
gen_require(`
|
||||
type xend_t;
|
||||
')
|
||||
gen_require(`
|
||||
type xend_t;
|
||||
')
|
||||
|
||||
dontaudit $1 xend_t:unix_stream_socket { read write };
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user