trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
This commit is contained in:
parent
0bfccda4e8
commit
6224fc1485
@ -1,3 +1,5 @@
|
|||||||
|
- Several misc changes from the Fedora policy, cherry picked by David
|
||||||
|
Hrdeman.
|
||||||
- Large whitespace fix from Dominick Grift.
|
- Large whitespace fix from Dominick Grift.
|
||||||
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
|
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
|
||||||
- Issuing commands to upstart is over a datagram socket, not the initctl
|
- Issuing commands to upstart is over a datagram socket, not the initctl
|
||||||
|
9
config/appconfig-mcs/unconfined_u_default_contexts
Normal file
9
config/appconfig-mcs/unconfined_u_default_contexts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
|
9
config/appconfig-mls/unconfined_u_default_contexts
Normal file
9
config/appconfig-mls/unconfined_u_default_contexts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
|
||||||
|
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
|
9
config/appconfig-standard/unconfined_u_default_contexts
Normal file
9
config/appconfig-standard/unconfined_u_default_contexts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
system_r:crond_t unconfined_r:unconfined_t
|
||||||
|
system_r:initrc_t unconfined_r:unconfined_t
|
||||||
|
system_r:local_login_t unconfined_r:unconfined_t
|
||||||
|
system_r:remote_login_t unconfined_r:unconfined_t
|
||||||
|
system_r:rshd_t unconfined_r:unconfined_t
|
||||||
|
system_r:sshd_t unconfined_r:unconfined_t
|
||||||
|
system_r:sysadm_su_t unconfined_r:unconfined_t
|
||||||
|
system_r:unconfined_t unconfined_r:unconfined_t
|
||||||
|
system_r:xdm_t unconfined_r:unconfined_t
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(kismet, 1.0.0)
|
policy_module(kismet, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -26,6 +26,7 @@ logging_log_file(kismet_log_t)
|
|||||||
#
|
#
|
||||||
|
|
||||||
allow kismet_t self:capability { net_admin setuid setgid };
|
allow kismet_t self:capability { net_admin setuid setgid };
|
||||||
|
allow kismet_t self:packet_socket create_socket_perms;
|
||||||
|
|
||||||
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
|
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
|
||||||
allow kismet_t kismet_log_t:dir setattr;
|
allow kismet_t kismet_log_t:dir setattr;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(slocate, 1.7.0)
|
policy_module(slocate, 1.7.1)
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
#
|
#
|
||||||
@ -47,6 +47,7 @@ files_read_etc_files(locate_t)
|
|||||||
fs_getattr_all_fs(locate_t)
|
fs_getattr_all_fs(locate_t)
|
||||||
fs_getattr_all_files(locate_t)
|
fs_getattr_all_files(locate_t)
|
||||||
fs_list_all(locate_t)
|
fs_list_all(locate_t)
|
||||||
|
fs_list_inotifyfs(locate_t)
|
||||||
|
|
||||||
# getpwnam
|
# getpwnam
|
||||||
auth_use_nsswitch(locate_t)
|
auth_use_nsswitch(locate_t)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(secadm, 1.0.0)
|
policy_module(secadm, 1.0.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -47,6 +47,10 @@ optional_policy(`
|
|||||||
auditadm_role_change_template(secadm)
|
auditadm_role_change_template(secadm)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
dmesg_exec(secadm_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
|
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
|
||||||
')
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(apm, 1.7.0)
|
policy_module(apm, 1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -190,6 +190,10 @@ optional_policy(`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_stub(apmd_t)
|
dbus_stub(apmd_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
consolekit_dbus_chat(apmd_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
networkmanager_dbus_chat(apmd_t)
|
networkmanager_dbus_chat(apmd_t)
|
||||||
')
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(openca, 1.1.0)
|
policy_module(openca, 1.1.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -18,7 +18,7 @@ role system_r types openca_ca_t;
|
|||||||
|
|
||||||
# /etc/openca standard files
|
# /etc/openca standard files
|
||||||
type openca_etc_t;
|
type openca_etc_t;
|
||||||
files_type(openca_etc_t)
|
files_config_file(openca_etc_t)
|
||||||
|
|
||||||
# /etc/openca template files
|
# /etc/openca template files
|
||||||
type openca_etc_in_t;
|
type openca_etc_in_t;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(portslave, 1.4.0)
|
policy_module(portslave, 1.4.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -12,7 +12,7 @@ init_domain(portslave_t, portslave_exec_t)
|
|||||||
init_daemon_domain(portslave_t, portslave_exec_t)
|
init_daemon_domain(portslave_t, portslave_exec_t)
|
||||||
|
|
||||||
type portslave_etc_t;
|
type portslave_etc_t;
|
||||||
files_type(portslave_etc_t)
|
files_config_file(portslave_etc_t)
|
||||||
|
|
||||||
type portslave_lock_t;
|
type portslave_lock_t;
|
||||||
files_lock_file(portslave_lock_t)
|
files_lock_file(portslave_lock_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user