rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk: whitespace fix changing multiple spaces into tabs.

Browse Source
This commit is contained in:
Chris PeBenito 2008-12-03 18:33:19 +00:00
parent a057e0462e
commit 6073ea1e13
49 changed files with 118 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/admin/amtu.fc
View File

@ -1 +1 @@
/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)

2
policy/modules/admin/ddcprobe.fc
View File

@ -1,4 +1,4 @@
#
# /usr
#
/usr/sbin/ddcprobe -- gen_context(system_u:object_r:ddcprobe_exec_t,s0)
/usr/sbin/ddcprobe -- gen_context(system_u:object_r:ddcprobe_exec_t,s0)

4
policy/modules/admin/kudzu.te
View File

@ -135,11 +135,11 @@ optional_policy(`
')
optional_policy(`
seutil_sigchld_newrole(kudzu_t)
seutil_sigchld_newrole(kudzu_t)
')
optional_policy(`
udev_read_db(kudzu_t)
udev_read_db(kudzu_t)
')
optional_policy(`

12
policy/modules/apps/java.fc
View File

@ -12,13 +12,13 @@
/usr/(.*/)?bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/lib(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/frysk -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gij -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gjarsigner -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gkeytool -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gjarsigner -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gkeytool -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)

2
policy/modules/apps/screen.if
View File

@ -76,7 +76,7 @@ template(`screen_role_template',`
manage_dirs_pattern($3, screen_home_t, screen_home_t)
manage_files_pattern($3, screen_home_t, screen_home_t)
manage_lnk_files_pattern($3, screen_home_t, screen_home_t)
relabel_dirs_pattern($3, screen_home_t, screen_home_t)
relabel_dirs_pattern($3, screen_home_t, screen_home_t)
relabel_files_pattern($3, screen_home_t, screen_home_t)
relabel_lnk_files_pattern($3, screen_home_t, screen_home_t)

2
policy/modules/apps/vmware.fc
View File

@ -41,7 +41,7 @@ ifdef(`distro_redhat',`
/usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
/usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
/usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
/usr/lib64/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/usr/sbin/vmware-guest.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)

18
policy/modules/kernel/corecommands.fc
View File

@ -148,8 +148,8 @@ ifdef(`distro_gentoo',`
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
@ -189,7 +189,7 @@ ifdef(`distro_gentoo',`
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
@ -221,10 +221,10 @@ ifdef(`distro_redhat', `
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
@ -287,8 +287,8 @@ ifdef(`distro_suse', `
/usr/lib64/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)

16
policy/modules/kernel/filesystem.if
View File

@ -1259,11 +1259,11 @@ interface(`fs_read_eventpollfs',`
## </param>
#
interface(`fs_mount_fusefs',`
gen_require(`
type fusefs_t;
')
gen_require(`
type fusefs_t;
')
allow $1 fusefs_t:filesystem mount;
allow $1 fusefs_t:filesystem mount;
')
########################################
@ -1277,11 +1277,11 @@ interface(`fs_mount_fusefs',`
## </param>
#
interface(`fs_unmount_fusefs',`
gen_require(`
type fusefs_t;
')
gen_require(`
type fusefs_t;
')
allow $1 fusefs_t:filesystem unmount;
allow $1 fusefs_t:filesystem unmount;
')
########################################

12
policy/modules/kernel/mls.if
View File

@ -913,9 +913,9 @@ interface(`mls_db_downgrade',`
## <rolecap/>
#
interface(`mls_dbus_send_all_levels',`
gen_require(`
attribute mlsdbussend;
')
gen_require(`
attribute mlsdbussend;
')
typeattribute $1 mlsdbussend;
')
@ -934,9 +934,9 @@ interface(`mls_dbus_send_all_levels',`
## <rolecap/>
#
interface(`mls_dbus_recv_all_levels',`
gen_require(`
attribute mlsdbusrecv;
')
gen_require(`
attribute mlsdbusrecv;
')
typeattribute $1 mlsdbusrecv;
')

8
policy/modules/services/aide.if
View File

@ -11,12 +11,12 @@
## </param>
#
interface(`aide_domtrans',`
gen_require(`
type aide_t, aide_exec_t;
')
gen_require(`
type aide_t, aide_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, aide_exec_t, aide_t)
domtrans_pattern($1, aide_exec_t, aide_t)
')
########################################

2
policy/modules/services/apcupsd.if
View File

@ -116,7 +116,7 @@ interface(`apcupsd_cgi_script_domtrans',`
#
interface(`apcupsd_admin',`
gen_require(`
type apcupsd_t, apcupsd_tmp_t;
type apcupsd_t, apcupsd_tmp_t;
type apcupsd_log_t, apcupsd_lock_t;
type apcupsd_var_run_t, apcupsd_initrc_exec_t;
')

6
policy/modules/services/bind.fc
View File

@ -31,9 +31,9 @@ ifdef(`distro_gentoo',`
')
ifdef(`distro_redhat',`
/etc/named\.rfc1912.zones -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/named\.root\.hints -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/named\.rfc1912.zones -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/named\.root\.hints -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
/etc/named\.caching-nameserver\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)

6
policy/modules/services/clockspeed.if
View File

@ -11,9 +11,9 @@
## </param>
#
interface(`clockspeed_domtrans_cli',`
gen_require(`
type clockspeed_cli_t, clockspeed_cli_exec_t;
')
gen_require(`
type clockspeed_cli_t, clockspeed_cli_exec_t;
')
domtrans_pattern($1, clockspeed_cli_exec_t, clockspeed_cli_t)
')

2
policy/modules/services/exim.fc
View File

@ -4,5 +4,5 @@
/var/spool/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
ifdef(`distro_debian',`
/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
')

2
policy/modules/services/ftp.fc
View File

@ -25,7 +25,7 @@
/var/run/proftpd(/.*)? gen_context(system_u:object_r:ftpd_var_run_t,s0)
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0)
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0)
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)

2
policy/modules/services/hal.te
View File

@ -264,7 +264,7 @@ optional_policy(`
')
optional_policy(`
ntp_domtrans(hald_t)
ntp_domtrans(hald_t)
')
optional_policy(`

4
policy/modules/services/inn.fc
View File

@ -11,8 +11,8 @@
#
/usr/bin/inews -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/bin/rnews -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/bin/rpost -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/bin/suck -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/bin/rpost -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/bin/suck -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/sbin/in\.nnrpd -- gen_context(system_u:object_r:innd_exec_t,s0)
/usr/sbin/innd.* -- gen_context(system_u:object_r:innd_exec_t,s0)

4
policy/modules/services/kerberos.if
View File

@ -33,7 +33,7 @@
#
interface(`kerberos_exec_kadmind',`
gen_require(`
type kadmind_exec_t;
type kadmind_exec_t;
')
can_exec($1, kadmind_exec_t)
@ -231,7 +231,7 @@ interface(`kerberos_read_kdc_config',`
')
files_search_etc($1)
read_files_pattern($1, krb5kdc_conf_t, krb5kdc_conf_t)
read_files_pattern($1, krb5kdc_conf_t, krb5kdc_conf_t)
')
########################################

2
policy/modules/services/kerneloops.if
View File

@ -13,7 +13,7 @@
interface(`kerneloops_domtrans',`
gen_require(`
type kerneloops_t;
type kerneloops_exec_t;
type kerneloops_exec_t;
')
domtrans_pattern($1, kerneloops_exec_t, kerneloops_t)

2
policy/modules/services/memcached.if
View File

@ -13,7 +13,7 @@
interface(`memcached_domtrans',`
gen_require(`
type memcached_t;
type memcached_exec_t;
type memcached_exec_t;
')
domtrans_pattern($1,memcached_exec_t,memcached_t)

4
policy/modules/services/memcached.te
View File

@ -38,8 +38,8 @@ corenet_tcp_bind_all_nodes(memcached_t)
corenet_tcp_bind_memcache_port(memcached_t)
corenet_udp_bind_memcache_port(memcached_t)
manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
files_pid_filetrans(memcached_t,memcached_var_run_t, { file dir })
files_read_etc_files(memcached_t)

4
policy/modules/services/nagios.te
View File

@ -199,7 +199,7 @@ optional_policy(`
')
optional_policy(`
seutil_sigchld_newrole(nrpe_t)
seutil_sigchld_newrole(nrpe_t)
')
optional_policy(`
@ -207,5 +207,5 @@ optional_policy(`
')
optional_policy(`
udev_read_db(nrpe_t)
udev_read_db(nrpe_t)
')

4
policy/modules/services/nis.te
View File

@ -193,11 +193,11 @@ optional_policy(`
')
optional_policy(`
seutil_sigchld_newrole(yppasswdd_t)
seutil_sigchld_newrole(yppasswdd_t)
')
optional_policy(`
udev_read_db(yppasswdd_t)
udev_read_db(yppasswdd_t)
')
########################################

2
policy/modules/services/nsd.fc
View File

@ -5,7 +5,7 @@
/etc/nsd/secondary(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
/usr/sbin/nsd -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsdc -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsdc -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsd-notify -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/zonec -- gen_context(system_u:object_r:nsd_exec_t,s0)

6
policy/modules/services/postgresql.if
View File

@ -57,8 +57,8 @@ interface(`postgresql_role',`
allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete };
allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
@ -296,7 +296,7 @@ interface(`postgresql_stream_connect',`
files_search_pids($1)
allow $1 postgresql_t:unix_stream_socket connectto;
allow $1 postgresql_var_run_t:sock_file write;
# Some versions of postgresql put the sock file in /tmp
# Some versions of postgresql put the sock file in /tmp
allow $1 postgresql_tmp_t:sock_file write;
')

1
policy/modules/services/postgrey.fc
View File

@ -2,7 +2,6 @@
/etc/postgrey(/.*)? gen_context(system_u:object_r:postgrey_etc_t,s0)
/etc/rc\.d/init\.d/postgrey -- gen_context(system_u:object_r:postgrey_initrc_exec_t,s0)
/usr/sbin/postgrey -- gen_context(system_u:object_r:postgrey_exec_t,s0)
/var/lib/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_lib_t,s0)

12
policy/modules/services/postgrey.if
View File

@ -11,9 +11,9 @@
## </param>
#
interface(`postgrey_stream_connect',`
gen_require(`
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
')
gen_require(`
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
')
stream_connect_pattern($1, postgrey_var_run_t, postgrey_var_run_t, postgrey_t)
stream_connect_pattern($1, postgrey_spool_t, postgrey_spool_t, postgrey_t)
@ -31,9 +31,9 @@ interface(`postgrey_stream_connect',`
## </param>
#
interface(`postgrey_search_spool',`
gen_require(`
type postgrey_spool_t;
')
gen_require(`
type postgrey_spool_t;
')
allow $1 postgrey_spool_t:dir search_dir_perms;
')

4
policy/modules/services/ppp.te
View File

@ -291,11 +291,11 @@ optional_policy(`
')
optional_policy(`
seutil_sigchld_newrole(pptp_t)
seutil_sigchld_newrole(pptp_t)
')
optional_policy(`
udev_read_db(pptp_t)
udev_read_db(pptp_t)
')
optional_policy(`

2
policy/modules/services/radius.fc
View File

@ -4,7 +4,7 @@
/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0)
/etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
/usr/sbin/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0)
/usr/sbin/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0)

4
policy/modules/services/ricci.fc
View File

@ -12,5 +12,5 @@
/var/log/clumond\.log -- gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0)
/var/run/clumond\.sock -s gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
/var/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
/var/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0)
/var/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
/var/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0)

6
policy/modules/services/roundup.fc
View File

@ -1,11 +1,11 @@
/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0)
/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0)
#
# /usr
#
/usr/bin/roundup-server -- gen_context(system_u:object_r:roundup_exec_t,s0)
/usr/bin/roundup-server -- gen_context(system_u:object_r:roundup_exec_t,s0)
#
# /var
#
/var/lib/roundup(/.*)? -- gen_context(system_u:object_r:roundup_var_lib_t,s0)
/var/lib/roundup(/.*)? -- gen_context(system_u:object_r:roundup_var_lib_t,s0)

2
policy/modules/services/samba.if
View File

@ -438,7 +438,7 @@ interface(`samba_stream_connect_winbind',`
ifndef(`distro_redhat',`
gen_require(`
type winbind_tmp_t;
type winbind_tmp_t;
')
# the default for the socket is (poorly named):

2
policy/modules/services/setroubleshoot.te
View File

@ -112,5 +112,5 @@ optional_policy(`
optional_policy(`
rpm_read_db(setroubleshootd_t)
rpm_dontaudit_manage_db(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
')

2
policy/modules/services/smartmon.te
View File

@ -86,7 +86,7 @@ userdom_dontaudit_use_unpriv_user_fds(fsdaemon_t)
userdom_dontaudit_search_user_home_dirs(fsdaemon_t)
optional_policy(`
mta_send_mail(fsdaemon_t)
mta_send_mail(fsdaemon_t)
')
optional_policy(`

6
policy/modules/services/stunnel.te
View File

@ -93,11 +93,11 @@ ifdef(`distro_gentoo', `
')
optional_policy(`
seutil_sigchld_newrole(stunnel_t)
seutil_sigchld_newrole(stunnel_t)
')
optional_policy(`
udev_read_db(stunnel_t)
udev_read_db(stunnel_t)
')
',`
allow stunnel_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
@ -108,7 +108,7 @@ ifdef(`distro_gentoo', `
files_search_home(stunnel_t)
optional_policy(`
kerberos_use(stunnel_t)
kerberos_use(stunnel_t)
')
')

4
policy/modules/services/tftp.te
View File

@ -100,9 +100,9 @@ optional_policy(`
')
optional_policy(`
seutil_sigchld_newrole(tftpd_t)
seutil_sigchld_newrole(tftpd_t)
')
optional_policy(`
udev_read_db(tftpd_t)
udev_read_db(tftpd_t)
')

14
policy/modules/services/virt.if
View File

@ -173,7 +173,7 @@ interface(`virt_read_lib_files',`
')
files_search_var_lib($1)
read_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
read_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
')
########################################
@ -193,7 +193,7 @@ interface(`virt_manage_lib_files',`
')
files_search_var_lib($1)
manage_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
manage_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
')
########################################
@ -213,7 +213,7 @@ interface(`virt_read_log',`
')
logging_search_logs($1)
read_files_pattern($1, virt_log_t, virt_log_t)
read_files_pattern($1, virt_log_t, virt_log_t)
')
########################################
@ -233,7 +233,7 @@ interface(`virt_append_log',`
')
logging_search_logs($1)
append_files_pattern($1, virt_log_t, virt_log_t)
append_files_pattern($1, virt_log_t, virt_log_t)
')
########################################
@ -251,9 +251,9 @@ interface(`virt_manage_log',`
type virt_log_t;
')
manage_dirs_pattern($1, virt_log_t, virt_log_t)
manage_files_pattern($1, virt_log_t, virt_log_t)
manage_lnk_files_pattern($1, virt_log_t, virt_log_t)
manage_dirs_pattern($1, virt_log_t, virt_log_t)
manage_files_pattern($1, virt_log_t, virt_log_t)
manage_lnk_files_pattern($1, virt_log_t, virt_log_t)
')
########################################

4
policy/modules/services/xserver.fc
View File

@ -62,7 +62,7 @@ ifdef(`distro_redhat',`
/usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
/usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
ifdef(`distro_debian', `
/usr/sbin/gdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
@ -75,7 +75,7 @@ ifdef(`distro_debian', `
/usr/X11R6/bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
/usr/X11R6/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
/usr/X11R6/bin/X -- gen_context(system_u:object_r:xserver_exec_t,s0)
/usr/X11R6/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
/usr/X11R6/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
/usr/X11R6/bin/XFree86 -- gen_context(system_u:object_r:xserver_exec_t,s0)
/usr/X11R6/bin/Xipaq -- gen_context(system_u:object_r:xserver_exec_t,s0)
/usr/X11R6/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)

2
policy/modules/services/zebra.fc
View File

@ -12,7 +12,7 @@
/etc/zebra(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0)
/usr/sbin/ospf.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
/var/log/quagga(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
/var/log/zebra(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)

2
policy/modules/system/init.fc
View File

@ -28,7 +28,7 @@ ifdef(`distro_gentoo',`
ifdef(`distro_gentoo', `
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0)
/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0)
/sbin/runscript\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0)
/sbin/runsvcscript\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0)
/sbin/svcinit -- gen_context(system_u:object_r:initrc_exec_t,s0)

12
policy/modules/system/libraries.fc
View File

@ -43,7 +43,7 @@ ifdef(`distro_redhat',`
/lib64/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
ifdef(`distro_debian',`
/lib32 -l gen_context(system_u:object_r:lib_t,s0)
@ -116,7 +116,7 @@ ifdef(`distro_redhat',`
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -125,7 +125,7 @@ ifdef(`distro_redhat',`
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -137,7 +137,7 @@ ifdef(`distro_redhat',`
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -205,7 +205,7 @@ HOME_DIR/.*/\.gstreamer-.*/plugins/*\.so.* -- gen_context(system_u:object_r:text
/usr/lib(64)?/.*/program/librecentfile\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Fedora Extras packages: ladspa, imlib2, ocaml
@ -264,7 +264,7 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_
# vmware
/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Java, Sun Microsystems (JPackage SRPM)

6
policy/modules/system/netlabel.if
View File

@ -11,9 +11,9 @@
## </param>
#
interface(`netlabel_domtrans_mgmt',`
gen_require(`
type netlabel_mgmt_t, netlabel_mgmt_exec_t;
')
gen_require(`
type netlabel_mgmt_t, netlabel_mgmt_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1,netlabel_mgmt_exec_t,netlabel_mgmt_t)

2
policy/modules/system/selinuxutil.if
View File

@ -658,7 +658,7 @@ interface(`seutil_rw_config',`
## <rolecap/>
#
interface(`seutil_manage_selinux_config',`
refpolicywarn(`$0($*) has been deprecated. Please use seutil_manage_config() instead.')
refpolicywarn(`$0($*) has been deprecated. Please use seutil_manage_config() instead.')
seutil_manage_config($1)
')

2
policy/modules/system/udev.fc
View File

@ -13,7 +13,7 @@
/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)

2
policy/modules/system/userdomain.if
View File

@ -993,7 +993,7 @@ template(`userdom_unpriv_user_template', `
')
# Allow users to run TCP servers (bind to ports and accept connection from
# the same domain and outside users) disabling this forces FTP passive mode
# the same domain and outside users) disabling this forces FTP passive mode
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)

2
policy/modules/system/xen.fc
View File

@ -26,7 +26,7 @@ ifdef(`distro_debian',`
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)

6
policy/modules/system/xen.if
View File

@ -129,9 +129,9 @@ interface(`xen_manage_log',`
## </param>
#
interface(`xen_dontaudit_rw_unix_stream_sockets',`
gen_require(`
type xend_t;
')
gen_require(`
type xend_t;
')
dontaudit $1 xend_t:unix_stream_socket { read write };
')