trunk: 8 patches from dan.

This commit is contained in:
Chris PeBenito 2007-11-15 16:54:18 +00:00
parent 2999cea1f2
commit 6c91189762
9 changed files with 50 additions and 9 deletions

View File

@ -1,5 +1,5 @@
policy_module(vbetool,1.2.0) policy_module(vbetool,1.2.1)
######################################## ########################################
# #
@ -33,4 +33,5 @@ miscfiles_read_localization(vbetool_t)
optional_policy(` optional_policy(`
hal_rw_pid_files(vbetool_t) hal_rw_pid_files(vbetool_t)
hal_write_log(vbetool_t) hal_write_log(vbetool_t)
hal_dontaudit_append_lib_files(vbetool_t)
') ')

View File

@ -1,5 +1,5 @@
policy_module(asterisk,1.3.1) policy_module(asterisk,1.3.2)
######################################## ########################################
# #
@ -98,6 +98,7 @@ corenet_sendrecv_asterisk_server_packets(asterisk_t)
# for VOIP voice channels. # for VOIP voice channels.
corenet_tcp_bind_generic_port(asterisk_t) corenet_tcp_bind_generic_port(asterisk_t)
corenet_udp_bind_generic_port(asterisk_t) corenet_udp_bind_generic_port(asterisk_t)
corenet_dontaudit_udp_bind_all_ports(asterisk_t)
corenet_sendrecv_generic_server_packets(asterisk_t) corenet_sendrecv_generic_server_packets(asterisk_t)
dev_read_sysfs(asterisk_t) dev_read_sysfs(asterisk_t)

View File

@ -1,5 +1,5 @@
policy_module(cpucontrol,1.2.1) policy_module(cpucontrol,1.2.2)
######################################## ########################################
# #
@ -62,6 +62,10 @@ optional_policy(`
nscd_socket_use(cpucontrol_t) nscd_socket_use(cpucontrol_t)
') ')
optional_policy(`
rhgb_use_ptys(cpucontrol_t)
')
optional_policy(` optional_policy(`
seutil_sigchld_newrole(cpucontrol_t) seutil_sigchld_newrole(cpucontrol_t)
') ')

View File

@ -1,5 +1,5 @@
policy_module(cvs,1.5.0) policy_module(cvs,1.5.1)
######################################## ########################################
# #
@ -16,6 +16,7 @@ gen_tunable(allow_cvs_read_shadow,false)
type cvs_t; type cvs_t;
type cvs_exec_t; type cvs_exec_t;
inetd_tcp_service_domain(cvs_t,cvs_exec_t) inetd_tcp_service_domain(cvs_t,cvs_exec_t)
application_executable_file(cvs_exec_t)
role system_r types cvs_t; role system_r types cvs_t;
type cvs_data_t; # customizable type cvs_data_t; # customizable
@ -81,6 +82,7 @@ libs_use_ld_so(cvs_t)
libs_use_shared_libs(cvs_t) libs_use_shared_libs(cvs_t)
logging_send_syslog_msg(cvs_t) logging_send_syslog_msg(cvs_t)
logging_send_audit_msgs(cvs_t)
miscfiles_read_localization(cvs_t) miscfiles_read_localization(cvs_t)

View File

@ -1,5 +1,5 @@
policy_module(fetchmail,1.4.1) policy_module(fetchmail,1.4.2)
######################################## ########################################
# #
@ -85,6 +85,10 @@ sysnet_read_config(fetchmail_t)
userdom_dontaudit_use_unpriv_user_fds(fetchmail_t) userdom_dontaudit_use_unpriv_user_fds(fetchmail_t)
userdom_dontaudit_search_sysadm_home_dirs(fetchmail_t) userdom_dontaudit_search_sysadm_home_dirs(fetchmail_t)
optional_policy(`
procmail_domtrans(fetchmail_t)
')
optional_policy(` optional_policy(`
seutil_sigchld_newrole(fetchmail_t) seutil_sigchld_newrole(fetchmail_t)
') ')

View File

@ -61,3 +61,22 @@ interface(`munin_search_lib',`
allow $1 munin_var_lib_t:dir search_dir_perms; allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1) files_search_var_lib($1)
') ')
#######################################
## <summary>
## Do not audit attempts to search
## munin library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_dontaudit_search_lib',`
gen_require(`
type munin_var_lib_t;
')
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
')

View File

@ -1,5 +1,5 @@
policy_module(munin,1.3.1) policy_module(munin,1.3.2)
######################################## ########################################
# #

View File

@ -1,5 +1,5 @@
policy_module(portmap,1.5.1) policy_module(portmap,1.5.2)
######################################## ########################################
# #
@ -66,7 +66,7 @@ corenet_udp_bind_generic_port(portmap_t)
corenet_tcp_bind_reserved_port(portmap_t) corenet_tcp_bind_reserved_port(portmap_t)
corenet_udp_bind_reserved_port(portmap_t) corenet_udp_bind_reserved_port(portmap_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_t) corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_t)
corenet_dontaudit_udp_bind_all_reserved_ports(portmap_t) corenet_dontaudit_udp_bind_all_ports(portmap_t)
dev_read_sysfs(portmap_t) dev_read_sysfs(portmap_t)

View File

@ -1,5 +1,5 @@
policy_module(udev,1.8.1) policy_module(udev,1.8.2)
######################################## ########################################
# #
@ -132,6 +132,7 @@ auth_use_nsswitch(udev_t)
init_read_utmp(udev_t) init_read_utmp(udev_t)
init_dontaudit_write_utmp(udev_t) init_dontaudit_write_utmp(udev_t)
init_getattr_initctl(udev_t)
libs_use_ld_so(udev_t) libs_use_ld_so(udev_t)
libs_use_shared_libs(udev_t) libs_use_shared_libs(udev_t)
@ -183,6 +184,11 @@ ifdef(`distro_redhat',`
netutils_domtrans(udev_t) netutils_domtrans(udev_t)
') ')
optional_policy(`
alsa_domtrans(udev_t)
alsa_read_rw_config(udev_t)
')
optional_policy(` optional_policy(`
brctl_domtrans(udev_t) brctl_domtrans(udev_t)
') ')
@ -219,6 +225,10 @@ optional_policy(`
pcscd_domtrans(udev_t) pcscd_domtrans(udev_t)
') ')
optional_policy(`
raid_domtrans_mdadm(udev_t)
')
optional_policy(` optional_policy(`
kernel_write_xen_state(udev_t) kernel_write_xen_state(udev_t)
kernel_read_xen_state(udev_t) kernel_read_xen_state(udev_t)