trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.

This commit is contained in:
Chris PeBenito 2008-07-24 23:56:03 +00:00
parent 0bfccda4e8
commit 6224fc1485
10 changed files with 47 additions and 8 deletions

View File

@ -1,3 +1,5 @@
- Several misc changes from the Fedora policy, cherry picked by David
Hrdeman.
- Large whitespace fix from Dominick Grift. - Large whitespace fix from Dominick Grift.
- Pam_mount fix for local login from Stefan Schulze Frielinghaus. - Pam_mount fix for local login from Stefan Schulze Frielinghaus.
- Issuing commands to upstart is over a datagram socket, not the initctl - Issuing commands to upstart is over a datagram socket, not the initctl

View File

@ -0,0 +1,9 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0

View File

@ -0,0 +1,9 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0

View File

@ -0,0 +1,9 @@
system_r:crond_t unconfined_r:unconfined_t
system_r:initrc_t unconfined_r:unconfined_t
system_r:local_login_t unconfined_r:unconfined_t
system_r:remote_login_t unconfined_r:unconfined_t
system_r:rshd_t unconfined_r:unconfined_t
system_r:sshd_t unconfined_r:unconfined_t
system_r:sysadm_su_t unconfined_r:unconfined_t
system_r:unconfined_t unconfined_r:unconfined_t
system_r:xdm_t unconfined_r:unconfined_t

View File

@ -1,5 +1,5 @@
policy_module(kismet, 1.0.0) policy_module(kismet, 1.0.1)
######################################## ########################################
# #
@ -26,6 +26,7 @@ logging_log_file(kismet_log_t)
# #
allow kismet_t self:capability { net_admin setuid setgid }; allow kismet_t self:capability { net_admin setuid setgid };
allow kismet_t self:packet_socket create_socket_perms;
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t) manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
allow kismet_t kismet_log_t:dir setattr; allow kismet_t kismet_log_t:dir setattr;

View File

@ -1,5 +1,5 @@
policy_module(slocate, 1.7.0) policy_module(slocate, 1.7.1)
################################# #################################
# #
@ -47,6 +47,7 @@ files_read_etc_files(locate_t)
fs_getattr_all_fs(locate_t) fs_getattr_all_fs(locate_t)
fs_getattr_all_files(locate_t) fs_getattr_all_files(locate_t)
fs_list_all(locate_t) fs_list_all(locate_t)
fs_list_inotifyfs(locate_t)
# getpwnam # getpwnam
auth_use_nsswitch(locate_t) auth_use_nsswitch(locate_t)

View File

@ -1,5 +1,5 @@
policy_module(secadm, 1.0.0) policy_module(secadm, 1.0.1)
######################################## ########################################
# #
@ -47,6 +47,10 @@ optional_policy(`
auditadm_role_change_template(secadm) auditadm_role_change_template(secadm)
') ')
optional_policy(`
dmesg_exec(secadm_t)
')
optional_policy(` optional_policy(`
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t }) netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
') ')

View File

@ -1,5 +1,5 @@
policy_module(apm, 1.7.0) policy_module(apm, 1.7.1)
######################################## ########################################
# #
@ -190,6 +190,10 @@ optional_policy(`
optional_policy(` optional_policy(`
dbus_stub(apmd_t) dbus_stub(apmd_t)
optional_policy(`
consolekit_dbus_chat(apmd_t)
')
optional_policy(` optional_policy(`
networkmanager_dbus_chat(apmd_t) networkmanager_dbus_chat(apmd_t)
') ')

View File

@ -1,5 +1,5 @@
policy_module(openca, 1.1.0) policy_module(openca, 1.1.1)
######################################## ########################################
# #
@ -18,7 +18,7 @@ role system_r types openca_ca_t;
# /etc/openca standard files # /etc/openca standard files
type openca_etc_t; type openca_etc_t;
files_type(openca_etc_t) files_config_file(openca_etc_t)
# /etc/openca template files # /etc/openca template files
type openca_etc_in_t; type openca_etc_in_t;

View File

@ -1,5 +1,5 @@
policy_module(portslave, 1.4.0) policy_module(portslave, 1.4.1)
######################################## ########################################
# #
@ -12,7 +12,7 @@ init_domain(portslave_t, portslave_exec_t)
init_daemon_domain(portslave_t, portslave_exec_t) init_daemon_domain(portslave_t, portslave_exec_t)
type portslave_etc_t; type portslave_etc_t;
files_type(portslave_etc_t) files_config_file(portslave_etc_t)
type portslave_lock_t; type portslave_lock_t;
files_lock_file(portslave_lock_t) files_lock_file(portslave_lock_t)