trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
This commit is contained in:
parent
0bfccda4e8
commit
6224fc1485
@ -1,3 +1,5 @@
|
||||
- Several misc changes from the Fedora policy, cherry picked by David
|
||||
Hrdeman.
|
||||
- Large whitespace fix from Dominick Grift.
|
||||
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
|
||||
- Issuing commands to upstart is over a datagram socket, not the initctl
|
||||
|
9
config/appconfig-mcs/unconfined_u_default_contexts
Normal file
9
config/appconfig-mcs/unconfined_u_default_contexts
Normal file
@ -0,0 +1,9 @@
|
||||
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
|
9
config/appconfig-mls/unconfined_u_default_contexts
Normal file
9
config/appconfig-mls/unconfined_u_default_contexts
Normal file
@ -0,0 +1,9 @@
|
||||
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
|
||||
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
|
9
config/appconfig-standard/unconfined_u_default_contexts
Normal file
9
config/appconfig-standard/unconfined_u_default_contexts
Normal file
@ -0,0 +1,9 @@
|
||||
system_r:crond_t unconfined_r:unconfined_t
|
||||
system_r:initrc_t unconfined_r:unconfined_t
|
||||
system_r:local_login_t unconfined_r:unconfined_t
|
||||
system_r:remote_login_t unconfined_r:unconfined_t
|
||||
system_r:rshd_t unconfined_r:unconfined_t
|
||||
system_r:sshd_t unconfined_r:unconfined_t
|
||||
system_r:sysadm_su_t unconfined_r:unconfined_t
|
||||
system_r:unconfined_t unconfined_r:unconfined_t
|
||||
system_r:xdm_t unconfined_r:unconfined_t
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(kismet, 1.0.0)
|
||||
policy_module(kismet, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -26,6 +26,7 @@ logging_log_file(kismet_log_t)
|
||||
#
|
||||
|
||||
allow kismet_t self:capability { net_admin setuid setgid };
|
||||
allow kismet_t self:packet_socket create_socket_perms;
|
||||
|
||||
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
|
||||
allow kismet_t kismet_log_t:dir setattr;
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(slocate, 1.7.0)
|
||||
policy_module(slocate, 1.7.1)
|
||||
|
||||
#################################
|
||||
#
|
||||
@ -47,6 +47,7 @@ files_read_etc_files(locate_t)
|
||||
fs_getattr_all_fs(locate_t)
|
||||
fs_getattr_all_files(locate_t)
|
||||
fs_list_all(locate_t)
|
||||
fs_list_inotifyfs(locate_t)
|
||||
|
||||
# getpwnam
|
||||
auth_use_nsswitch(locate_t)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(secadm, 1.0.0)
|
||||
policy_module(secadm, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -47,6 +47,10 @@ optional_policy(`
|
||||
auditadm_role_change_template(secadm)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
dmesg_exec(secadm_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
|
||||
')
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(apm, 1.7.0)
|
||||
policy_module(apm, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -190,6 +190,10 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
dbus_stub(apmd_t)
|
||||
|
||||
optional_policy(`
|
||||
consolekit_dbus_chat(apmd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
networkmanager_dbus_chat(apmd_t)
|
||||
')
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(openca, 1.1.0)
|
||||
policy_module(openca, 1.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -18,7 +18,7 @@ role system_r types openca_ca_t;
|
||||
|
||||
# /etc/openca standard files
|
||||
type openca_etc_t;
|
||||
files_type(openca_etc_t)
|
||||
files_config_file(openca_etc_t)
|
||||
|
||||
# /etc/openca template files
|
||||
type openca_etc_in_t;
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(portslave, 1.4.0)
|
||||
policy_module(portslave, 1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -12,7 +12,7 @@ init_domain(portslave_t, portslave_exec_t)
|
||||
init_daemon_domain(portslave_t, portslave_exec_t)
|
||||
|
||||
type portslave_etc_t;
|
||||
files_type(portslave_etc_t)
|
||||
files_config_file(portslave_etc_t)
|
||||
|
||||
type portslave_lock_t;
|
||||
files_lock_file(portslave_lock_t)
|
||||
|
Loading…
Reference in New Issue
Block a user