Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.

Replace type and attributes statements by comma delimiters where possible.
This commit is contained in:
Dominick Grift 2010-09-17 09:49:15 +02:00
parent 25e284d727
commit 6bb4d401ee
22 changed files with 45 additions and 80 deletions

View File

@ -55,8 +55,7 @@ interface(`ajaxterm_initrc_domtrans',`
#
interface(`ajaxterm_admin',`
gen_require(`
type ajaxterm_t;
type ajaxterm_initrc_exec_t;
type ajaxterm_t, ajaxterm_initrc_exec_t;
')
allow $1 ajaxterm_t:process { ptrace signal_perms };

View File

@ -13,8 +13,7 @@
#
template(`apache_content_template',`
gen_require(`
attribute httpd_exec_scripts;
attribute httpd_script_exec_type;
attribute httpd_exec_scripts, httpd_script_exec_type;
type httpd_t, httpd_suexec_t, httpd_log_t;
type httpd_sys_content_t;
')
@ -202,9 +201,8 @@ template(`apache_content_template',`
interface(`apache_role',`
gen_require(`
attribute httpdcontent;
type httpd_user_content_t, httpd_user_htaccess_t;
type httpd_user_script_t, httpd_user_script_exec_t;
type httpd_user_ra_content_t, httpd_user_rw_content_t;
type httpd_user_content_t, httpd_user_htaccess_t, httpd_user_script_t;
type httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t;
')
role $1 types httpd_user_script_t;
@ -985,8 +983,7 @@ interface(`apache_delete_sys_content_rw',`
interface(`apache_domtrans_sys_script',`
gen_require(`
attribute httpdcontent;
type httpd_sys_script_t;
type httpd_sys_content_t;
type httpd_sys_script_t, httpd_sys_content_t;
')
tunable_policy(`httpd_enable_cgi',`
@ -1318,14 +1315,11 @@ interface(`apache_cgi_domain',`
#
interface(`apache_admin',`
gen_require(`
attribute httpdcontent;
attribute httpd_script_exec_type;
attribute httpdcontent, httpd_script_exec_type;
type httpd_t, httpd_config_t, httpd_log_t;
type httpd_modules_t, httpd_lock_t;
type httpd_var_run_t, httpd_php_tmp_t;
type httpd_modules_t, httpd_lock_t, httpd_bool_t;
type httpd_var_run_t, httpd_php_tmp_t, httpd_initrc_exec_t;
type httpd_suexec_tmp_t, httpd_tmp_t;
type httpd_initrc_exec_t, httpd_bool_t;
')
allow $1 httpd_t:process { getattr ptrace signal_perms };

View File

@ -140,10 +140,8 @@ interface(`apcupsd_cgi_script_domtrans',`
#
interface(`apcupsd_admin',`
gen_require(`
type apcupsd_t, apcupsd_tmp_t;
type apcupsd_log_t, apcupsd_lock_t;
type apcupsd_var_run_t;
type apcupsd_initrc_exec_t;
type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
type apcupsd_lock_t, apcupsd_var_run_t, apcupsd_initrc_exec_t;
')
allow $1 apcupsd_t:process { ptrace signal_perms };

View File

@ -151,8 +151,7 @@ interface(`avahi_dontaudit_search_pid',`
#
interface(`avahi_admin',`
gen_require(`
type avahi_t, avahi_var_run_t;
type avahi_initrc_exec_t;
type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
')
allow $1 avahi_t:process { ptrace signal_perms };

View File

@ -380,10 +380,9 @@ interface(`bind_udp_chat_named',`
interface(`bind_admin',`
gen_require(`
type named_t, named_tmp_t, named_log_t;
type named_conf_t, named_var_run_t;
type named_cache_t, named_zone_t;
type named_conf_t, named_var_run_t, named_cache_t;
type named_zone_t, named_initrc_exec_t;
type dnssec_t, ndc_t, named_keytab_t;
type named_initrc_exec_t;
')
allow $1 named_t:process { ptrace signal_perms };

View File

@ -216,9 +216,8 @@ interface(`bluetooth_dontaudit_read_helper_state',`
interface(`bluetooth_admin',`
gen_require(`
type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
type bluetooth_var_lib_t, bluetooth_var_run_t;
type bluetooth_var_lib_t, bluetooth_var_run_t, bluetooth_initrc_exec_t;
type bluetooth_conf_t, bluetooth_conf_rw_t;
type bluetooth_initrc_exec_t;
')
allow $1 bluetooth_t:process { ptrace signal_perms };

View File

@ -134,8 +134,7 @@ interface(`boinc_manage_var_lib',`
#
interface(`boinc_admin',`
gen_require(`
type boinc_t, boinc_initrc_exec_t;
type boinc_var_lib_t;
type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;
')
allow $1 boinc_t:process { ptrace signal_perms };

View File

@ -57,10 +57,9 @@ interface(`bugzilla_dontaudit_rw_script_stream_sockets',`
#
interface(`bugzilla_admin',`
gen_require(`
type httpd_bugzilla_script_t;
type httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
type httpd_bugzilla_rw_content_t, httpd_bugzilla_tmp_t;
type httpd_bugzilla_script_exec_t, httpd_bugzilla_htaccess_t;
type httpd_bugzilla_script_t, httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
type httpd_bugzilla_rw_content_t, httpd_bugzilla_tmp_t, httpd_bugzilla_script_exec_t;
type httpd_bugzilla_htaccess_t;
')
allow $1 httpd_bugzilla_script_t:process { ptrace signal_perms };

View File

@ -116,8 +116,7 @@ interface(`certmaster_manage_log',`
interface(`certmaster_admin',`
gen_require(`
type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
type certmaster_etc_rw_t, certmaster_var_log_t;
type certmaster_initrc_exec_t;
type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t;
')
allow $1 certmaster_t:process { ptrace signal_perms };

View File

@ -151,10 +151,9 @@ interface(`chronyd_append_keys',`
#
interface(`chronyd_admin',`
gen_require(`
type chronyd_t, chronyd_var_log_t;
type chronyd_var_run_t, chronyd_var_lib_t;
type chronyd_tmpfs_t;
type chronyd_initrc_exec_t, chronyd_keys_t;
type chronyd_t, chronyd_var_log_t, chronyd_var_run_t;
type chronyd_var_lib_t, chronyd_tmpfs_t, chronyd_initrc_exec_t;
type chronyd_keys_t;
')
allow $1 chronyd_t:process { ptrace signal_perms };

View File

@ -152,9 +152,8 @@ interface(`clamav_exec_clamscan',`
interface(`clamav_admin',`
gen_require(`
type clamd_t, clamd_etc_t, clamd_tmp_t;
type clamd_var_log_t, clamd_var_lib_t;
type clamd_var_run_t, clamscan_t, clamscan_tmp_t;
type clamd_initrc_exec_t;
type clamd_var_log_t, clamd_var_lib_t, clamd_var_run_t;
type clamscan_t, clamscan_tmp_t, clamd_initrc_exec_t;
type freshclam_t, freshclam_var_log_t;
')

View File

@ -67,8 +67,7 @@ interface(`cmirrord_read_pid_files',`
#
interface(`cmirrord_rw_shm',`
gen_require(`
type cmirrord_t;
type cmirrord_tmpfs_t;
type cmirrord_t, cmirrord_tmpfs_t;
')
allow $1 cmirrord_t:shm { rw_shm_perms destroy };
@ -98,9 +97,7 @@ interface(`cmirrord_rw_shm',`
#
interface(`cmirrord_admin',`
gen_require(`
type cmirrord_t;
type cmirrord_initrc_exec_t;
type cmirrord_var_run_t;
type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t;
')
allow $1 cmirrord_t:process { ptrace signal_perms };

View File

@ -185,10 +185,8 @@ interface(`cobbler_dontaudit_rw_log',`
interface(`cobblerd_admin',`
gen_require(`
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
type cobbler_etc_t, cobblerd_initrc_exec_t;
type httpd_cobbler_content_t;
type httpd_cobbler_content_ra_t;
type httpd_cobbler_content_rw_t;
type cobbler_etc_t, cobblerd_initrc_exec_t, httpd_cobbler_content_t;
type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t;
')
allow $1 cobblerd_t:process { ptrace signal_perms };

View File

@ -118,8 +118,7 @@ template(`cron_common_crontab_template',`
interface(`cron_role',`
gen_require(`
type cronjob_t, crontab_t, crontab_exec_t;
type user_cron_spool_t;
type crond_t;
type user_cron_spool_t, crond_t;
')
role $1 types { cronjob_t crontab_t };

View File

@ -316,12 +316,10 @@ interface(`cups_stream_connect_ptal',`
interface(`cups_admin',`
gen_require(`
type cupsd_t, cupsd_tmp_t, cupsd_lpd_tmp_t;
type cupsd_etc_t, cupsd_log_t;
type cupsd_config_var_run_t, cupsd_lpd_var_run_t;
type cupsd_var_run_t, ptal_etc_t;
type ptal_var_run_t, hplip_var_run_t;
type cupsd_initrc_exec_t;
type hplip_etc_t;
type cupsd_etc_t, cupsd_log_t, hplip_etc_t;
type cupsd_config_var_run_t, cupsd_lpd_var_run_t, cupsd_initrc_exec_t;
type cupsd_var_run_t, ptal_etc_t, hplip_var_run_t;
type ptal_var_run_t;
')
allow $1 cupsd_t:process { ptrace signal_perms };

View File

@ -58,9 +58,8 @@ interface(`cvs_exec',`
#
interface(`cvs_admin',`
gen_require(`
type cvs_t, cvs_tmp_t;
type cvs_t, cvs_tmp_t, cvs_initrc_exec_t;
type cvs_data_t, cvs_var_run_t;
type cvs_initrc_exec_t;
')
allow $1 cvs_t:process { ptrace signal_perms };

View File

@ -41,9 +41,7 @@ interface(`dbus_stub',`
template(`dbus_role_template',`
gen_require(`
class dbus { send_msg acquire_svc };
attribute dbusd_unconfined;
attribute session_bus_type;
attribute dbusd_unconfined, session_bus_type;
type system_dbusd_t, session_dbusd_tmp_t, dbusd_exec_t, dbusd_etc_t;
type $1_t;
')

View File

@ -64,8 +64,8 @@ interface(`ddclient_run',`
interface(`ddclient_admin',`
gen_require(`
type ddclient_t, ddclient_etc_t, ddclient_log_t;
type ddclient_var_t, ddclient_var_lib_t;
type ddclient_var_run_t, ddclient_initrc_exec_t;
type ddclient_var_t, ddclient_var_lib_t, ddclient_initrc_exec_t;
type ddclient_var_run_t;
')
allow $1 ddclient_t:process { ptrace signal_perms };

View File

@ -95,13 +95,9 @@ interface(`dovecot_dontaudit_unlink_lib_files',`
interface(`dovecot_admin',`
gen_require(`
type dovecot_t, dovecot_etc_t, dovecot_auth_tmp_t;
type dovecot_spool_t, dovecot_var_lib_t;
type dovecot_var_run_t, dovecot_tmp_t;
type dovecot_var_log_t;
type dovecot_cert_t, dovecot_passwd_t;
type dovecot_initrc_exec_t;
type dovecot_keytab_t;
type dovecot_spool_t, dovecot_var_lib_t, dovecot_var_log_t;
type dovecot_var_run_t, dovecot_tmp_t, dovecot_keytab_t;
type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t;
')
allow $1 dovecot_t:process { ptrace signal_perms };

View File

@ -175,8 +175,8 @@ interface(`fail2ban_dontaudit_leaks',`
#
interface(`fail2ban_admin',`
gen_require(`
type fail2ban_t, fail2ban_log_t;
type fail2ban_var_run_t, fail2ban_initrc_exec_t;
type fail2ban_t, fail2ban_log_t, fail2ban_initrc_exec_t;
type fail2ban_var_run_t;
')
allow $1 fail2ban_t:process { ptrace signal_perms };

View File

@ -171,9 +171,8 @@ interface(`ftp_dyntrans_sftpd',`
interface(`ftp_admin',`
gen_require(`
type ftpd_t, ftpdctl_t, ftpd_tmp_t;
type ftpd_etc_t, ftpd_lock_t;
type ftpd_etc_t, ftpd_lock_t, ftpd_initrc_exec_t;
type ftpd_var_run_t, xferlog_t;
type ftpd_initrc_exec_t;
')
allow $1 ftpd_t:process { ptrace signal_perms };

View File

@ -25,8 +25,7 @@
#
interface(`git_session_role',`
gen_require(`
type git_session_t, gitd_exec_t;
type git_session_content_t;
type git_session_t, gitd_exec_t, git_session_content_t;
')
########################################
@ -61,8 +60,7 @@ interface(`git_session_role',`
template(`git_content_template',`
gen_require(`
attribute git_system_content;
attribute git_content;
attribute git_system_content, git_content;
')
########################################