fixes for module compiling
This commit is contained in:
Chris PeBenito
parent
3c8c1b2b8f
commit
71fe0fa4c5
@ -76,6 +76,13 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(BASE_TE_FILES)
|
|||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
# define all available object classes
|
# define all available object classes
|
||||||
$(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@
|
$(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@
|
||||||
|
# per-userdomain templates
|
||||||
|
$(QUIET) echo "define(\`per_userdomain_templates',\`" >> $@
|
||||||
|
$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
|
||||||
|
echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
|
||||||
|
>> $@ ;\
|
||||||
|
done
|
||||||
|
$(QUIET) echo "')" >> $@
|
||||||
# define foo.te
|
# define foo.te
|
||||||
$(QUIET) for i in $(notdir $(BASE_TE_FILES)); do \
|
$(QUIET) for i in $(notdir $(BASE_TE_FILES)); do \
|
||||||
echo "define(\`$$i')" >> $@ ;\
|
echo "define(\`$$i')" >> $@ ;\
|
||||||
|
|||||||
@ -77,7 +77,7 @@ interface(`logrotate_exec',`
|
|||||||
interface(`logrotate_dontaudit_use_fd',`
|
interface(`logrotate_dontaudit_use_fd',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type logrotate_t;
|
type logrotate_t;
|
||||||
class fd;
|
class fd use;
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 logrotate_t:fd use;
|
dontaudit $1 logrotate_t:fd use;
|
||||||
|
|||||||
@ -29,6 +29,10 @@
|
|||||||
#
|
#
|
||||||
template(`su_per_userdomain_template',`
|
template(`su_per_userdomain_template',`
|
||||||
|
|
||||||
|
gen_require(`
|
||||||
|
type su_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
type $1_su_t;
|
type $1_su_t;
|
||||||
domain_entry_file($1_su_t,su_exec_t)
|
domain_entry_file($1_su_t,su_exec_t)
|
||||||
domain_type($1_su_t)
|
domain_type($1_su_t)
|
||||||
|
|||||||
@ -29,6 +29,10 @@
|
|||||||
#
|
#
|
||||||
template(`sudo_per_userdomain_template',`
|
template(`sudo_per_userdomain_template',`
|
||||||
|
|
||||||
|
gen_require(`
|
||||||
|
type sudo_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
|
|||||||
@ -186,8 +186,8 @@ ifdef(`distro_redhat',`
|
|||||||
mount_domtrans(bootloader_t)
|
mount_domtrans(bootloader_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`filesystemtools.te',`
|
optional_policy(`fstools.te',`
|
||||||
filesystemtools_execute(bootloader_t)
|
fstools_exec(bootloader_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`lvm.te',`
|
optional_policy(`lvm.te',`
|
||||||
|
|||||||
@ -593,6 +593,8 @@ interface(`storage_unconfined',`
|
|||||||
gen_require(`
|
gen_require(`
|
||||||
type fixed_disk_device_t, removable_device_t;
|
type fixed_disk_device_t, removable_device_t;
|
||||||
type lvm_vg_t, scsi_generic_device_t, tape_device_t;
|
type lvm_vg_t, scsi_generic_device_t, tape_device_t;
|
||||||
|
attribute fixed_disk_raw_read, fixed_disk_raw_write;
|
||||||
|
attribute scsi_generic_read, scsi_generic_write;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 { fixed_disk_device_t removable_device_t }:blk_file *;
|
allow $1 { fixed_disk_device_t removable_device_t }:blk_file *;
|
||||||
|
|||||||
@ -27,7 +27,7 @@ interface(`mysql_signal',`
|
|||||||
#
|
#
|
||||||
interface(`mysql_stream_connect',`
|
interface(`mysql_stream_connect',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysqld_t;
|
type mysqld_t, mysqld_var_run_t;
|
||||||
class unix_stream_socket connectto;
|
class unix_stream_socket connectto;
|
||||||
class dir search;
|
class dir search;
|
||||||
class sock_file write;
|
class sock_file write;
|
||||||
|
|||||||
@ -118,10 +118,10 @@ ifdef(`targeted_policy', `
|
|||||||
files_dontaudit_read_root_file(ntpd_t)
|
files_dontaudit_read_root_file(ntpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`crond.te',`
|
optional_policy(`cron.te',`
|
||||||
# for cron jobs
|
# for cron jobs
|
||||||
# system_crond_t is not right, cron is not doing what it should
|
# system_crond_t is not right, cron is not doing what it should
|
||||||
cron_system_entry(ntpdate_t,ntpd_exec_t)
|
cron_system_entry(ntpd_t,ntpd_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`firstboot.te',`
|
optional_policy(`firstboot.te',`
|
||||||
|
|||||||
@ -463,7 +463,7 @@ interface(`files_dontaudit_search_all_dirs',`
|
|||||||
interface(`files_relabelto_all_file_type_fs',`
|
interface(`files_relabelto_all_file_type_fs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute file_type;
|
attribute file_type;
|
||||||
filesystem relabelto;
|
class filesystem relabelto;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 file_type:filesystem relabelto;
|
allow $1 file_type:filesystem relabelto;
|
||||||
@ -476,7 +476,7 @@ interface(`files_relabelto_all_file_type_fs',`
|
|||||||
interface(`files_mount_all_file_type_fs',`
|
interface(`files_mount_all_file_type_fs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute file_type;
|
attribute file_type;
|
||||||
filesystem mount;
|
class filesystem mount;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 file_type:filesystem mount;
|
allow $1 file_type:filesystem mount;
|
||||||
@ -489,7 +489,7 @@ interface(`files_mount_all_file_type_fs',`
|
|||||||
interface(`files_unmount_all_file_type_fs',`
|
interface(`files_unmount_all_file_type_fs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute file_type;
|
attribute file_type;
|
||||||
filesystem unmount;
|
class filesystem unmount;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 file_type:filesystem unmount;
|
allow $1 file_type:filesystem unmount;
|
||||||
|
|||||||
@ -100,7 +100,7 @@ interface(`modutils_run_insmod',`
|
|||||||
#
|
#
|
||||||
interface(`modutils_exec_insmod',`
|
interface(`modutils_exec_insmod',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type insmod_t;
|
type insmod_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
corecmd_search_sbin($1)
|
corecmd_search_sbin($1)
|
||||||
|
|||||||
@ -119,9 +119,9 @@ optional_policy(`rpm.te',`
|
|||||||
rpm_rw_pipe(insmod_t)
|
rpm_rw_pipe(insmod_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`xserver.te',`
|
#optional_policy(`xserver.te',`
|
||||||
xserver_getattr_log(insmod_t)
|
# xserver_getattr_log(insmod_t)
|
||||||
')
|
#')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|||||||
@ -140,7 +140,7 @@ interface(`seutil_exec_loadpol',`
|
|||||||
interface(`seutil_read_loadpol',`
|
interface(`seutil_read_loadpol',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type load_policy_exec_t;
|
type load_policy_exec_t;
|
||||||
class file r_file_perms
|
class file r_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
corecmd_search_sbin($1)
|
corecmd_search_sbin($1)
|
||||||
|
|||||||
@ -165,9 +165,9 @@ optional_policy(`sysnetwork.te',`
|
|||||||
sysnet_domtrans_dhcpc(udev_t)
|
sysnet_domtrans_dhcpc(udev_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`xserver.te',`
|
#optional_policy(`xserver.te',`
|
||||||
xserver_read_xdm_pid(udev_t)
|
# xserver_read_xdm_pid(udev_t)
|
||||||
')
|
#')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
dontaudit udev_t ttyfile:chr_file unlink;
|
dontaudit udev_t ttyfile:chr_file unlink;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user