trunk: 12 patches from dan.
This commit is contained in:
Chris PeBenito
parent
12cf805e1c
commit
7a5e2d8a37
@ -25,7 +25,7 @@
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/run/(i)?ppp.*pid -- gen_context(system_u:object_r:pppd_var_run_t,s0)
|
||||
/var/run/(i)?ppp.*pid[^/]* -- gen_context(system_u:object_r:pppd_var_run_t,s0)
|
||||
/var/run/pppd[0-9]*\.tdb -- gen_context(system_u:object_r:pppd_var_run_t,s0)
|
||||
/var/run/ppp(/.*)? gen_context(system_u:object_r:pppd_var_run_t,s0)
|
||||
# Fix pptp sockets
|
||||
|
||||
@ -269,3 +269,66 @@ interface(`ppp_pid_filetrans',`
|
||||
|
||||
files_pid_filetrans($1,pppd_var_run_t,file)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an ppp environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the ppp domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`ppp_admin',`
|
||||
gen_require(`
|
||||
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
|
||||
type pppd_etc_t, pppd_script_t, pppd_secret_t;
|
||||
type pppd_etc_rw_t, pppd_var_lib_t, pppd_var_run_t;
|
||||
|
||||
type pptp_t, pptp_log_t, pptp_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 pppd_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, pppd_t)
|
||||
|
||||
files_list_tmp($1)
|
||||
manage_files_pattern($1, pppd_tmp_t, pppd_tmp_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, pppd_log_t, pppd_log_t)
|
||||
|
||||
manage_files_pattern($1, pppd_lock_t, pppd_lock_t)
|
||||
|
||||
files_list_etc($1)
|
||||
manage_files_pattern($1, pppd_etc_t, pppd_etc_t)
|
||||
|
||||
manage_files_pattern($1, pppd_etc_rw_t, pppd_etc_rw_t)
|
||||
|
||||
manage_files_pattern($1, pppd_secret_t, pppd_secret_t)
|
||||
|
||||
files_list_var_lib($1)
|
||||
manage_files_pattern($1, pppd_var_lib_t, pppd_var_lib_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, pppd_var_run_t), pppd_var_run_t
|
||||
|
||||
allow $1 pptp_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, pptp_t)
|
||||
|
||||
manage_files_pattern($1, pptp_log_t, pptp_log_t)
|
||||
|
||||
manage_files_pattern($1, pptp_var_run_t, pptp_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ppp,1.6.0)
|
||||
policy_module(ppp,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -162,6 +162,8 @@ files_read_etc_files(pppd_t)
|
||||
init_read_utmp(pppd_t)
|
||||
init_dontaudit_write_utmp(pppd_t)
|
||||
|
||||
auth_use_nsswitch(pppd_t)
|
||||
|
||||
libs_use_ld_so(pppd_t)
|
||||
libs_use_shared_libs(pppd_t)
|
||||
|
||||
@ -196,14 +198,6 @@ optional_policy(`
|
||||
mta_send_mail(pppd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nis_use_ypbind(pppd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_socket_use(pppd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
postfix_domtrans_master(pppd_t)
|
||||
')
|
||||
@ -221,8 +215,9 @@ optional_policy(`
|
||||
# PPTP Local policy
|
||||
#
|
||||
|
||||
dontaudit pptp_t self:capability sys_tty_config;
|
||||
allow pptp_t self:capability net_raw;
|
||||
dontaudit pptp_t self:capability sys_tty_config;
|
||||
allow pptp_t self:process signal;
|
||||
allow pptp_t self:fifo_file { read write };
|
||||
allow pptp_t self:unix_dgram_socket create_socket_perms;
|
||||
allow pptp_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
||||
|
||||
@ -1 +1,42 @@
|
||||
## <summary>Privacy enhancing web proxy.</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an privoxy environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the privoxy domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`privoxy_admin',`
|
||||
gen_require(`
|
||||
type privoxy_t, privoxy_log_t;
|
||||
type privoxy_etc_rw_t, privoxy_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 privoxy_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, privoxy_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, privoxy_log_t, privoxy_log_t)
|
||||
|
||||
files_list_etc($1)
|
||||
manage_files_pattern($1, privoxy_etc_rw_t, privoxy_etc_rw_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, privoxy_var_run_t, privoxy_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(privoxy,1.5.0)
|
||||
policy_module(privoxy,1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -13,3 +13,49 @@
|
||||
interface(`radius_use',`
|
||||
refpolicywarn(`$0($*) has been deprecated.')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an radius environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the radius domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`radius_admin',`
|
||||
gen_require(`
|
||||
type radius_t, radius_etc_t, radius_log_t;
|
||||
type radius_etc_rw_t, radius_var_lib_t, radius_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 radius_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, radius_t)
|
||||
|
||||
files_list_etc($1)
|
||||
manage_files_pattern($1, radius_etc_t, radius_etc_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, radius_log_t, radius_log_t)
|
||||
|
||||
manage_files_pattern($1, radius_etc_rw_t, radius_etc_rw_t)
|
||||
|
||||
files_list_var_lib($1)
|
||||
manage_files_pattern($1, radius_var_lib_t, radius_var_lib_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, radius_var_run_t, radius_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(radius,1.6.0)
|
||||
policy_module(radius,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -1 +1,39 @@
|
||||
## <summary>IPv6 router advertisement daemon</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an radvd environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the radvd domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`radvd_admin',`
|
||||
gen_require(`
|
||||
type radvd_t, radvd_etc_t;
|
||||
type radvd_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 radvd_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, radvd_t)
|
||||
|
||||
files_list_etc($1)
|
||||
manage_files_pattern($1, radvd_etc_t, radvd_etc_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, radvd_var_run_t, radvd_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(radvd,1.6.0)
|
||||
policy_module(radvd,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -18,3 +18,20 @@ interface(`remotelogin_domtrans',`
|
||||
auth_domtrans_login_program($1,remote_login_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## allow Domain to signal remote login domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The type of the process performing this action.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`remotelogin_signal',`
|
||||
gen_require(`
|
||||
type remote_login_t;
|
||||
')
|
||||
|
||||
allow $1 remote_login_t:process signal;
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(remotelogin,1.4.0)
|
||||
policy_module(remotelogin,1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -115,3 +115,40 @@ interface(`rwho_manage_spool_files',`
|
||||
manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
|
||||
files_search_spool($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an rwho environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the rwho domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`rwho_admin',`
|
||||
gen_require(`
|
||||
type rwho_t, rwho_log_t, rwho_spool_t;
|
||||
')
|
||||
|
||||
allow $1 rwho_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, rwho_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, rwho_log_t, rwho_log_t)
|
||||
|
||||
files_list_spool($1)
|
||||
manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(rwho,1.3.0)
|
||||
policy_module(rwho,1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -18,3 +18,42 @@ interface(`sasl_connect',`
|
||||
files_search_pids($1)
|
||||
stream_connect_pattern($1,saslauthd_var_run_t,saslauthd_var_run_t,saslauthd_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an sasl environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the sasl domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`sasl_admin',`
|
||||
gen_require(`
|
||||
type sasl_t;
|
||||
type sasl_tmp_t;
|
||||
type sasl_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 sasl_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, sasl_t)
|
||||
|
||||
files_list_tmp($1)
|
||||
manage_files_pattern($1, sasl_tmp_t, sasl_tmp_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, sasl_var_run_t, sasl_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(sasl,1.7.0)
|
||||
policy_module(sasl,1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -17,3 +17,40 @@ interface(`smartmon_read_tmp_files',`
|
||||
|
||||
allow $1 fsdaemon_tmp_t:file { getattr ioctl read };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an smartmon environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the smartmon domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`smartmon_admin',`
|
||||
gen_require(`
|
||||
type smartmon_t, smartmon_tmp_t, smartmon_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 smartmon_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, smartmon_t)
|
||||
|
||||
files_list_tmp($1)
|
||||
manage_files_pattern($1, smartmon_tmp_t, smartmon_tmp_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, smartmon_var_run_t, smartmon_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(smartmon,1.4.0)
|
||||
policy_module(smartmon,1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -49,6 +49,7 @@ corenet_udp_sendrecv_all_nodes(fsdaemon_t)
|
||||
corenet_udp_sendrecv_all_ports(fsdaemon_t)
|
||||
|
||||
dev_read_sysfs(fsdaemon_t)
|
||||
dev_read_urand(fsdaemon_t)
|
||||
|
||||
domain_use_interactive_fds(fsdaemon_t)
|
||||
|
||||
|
||||
@ -84,3 +84,44 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
|
||||
|
||||
dontaudit $1 snmpd_var_lib_t:file write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an snmp environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the snmp domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`snmp_admin',`
|
||||
gen_require(`
|
||||
type snmp_t, snmp_log_t;
|
||||
type snmp_var_lib_t, snmp_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 snmp_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, snmp_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, snmp_log_t, snmp_log_t)
|
||||
|
||||
files_list_var_lib($1)
|
||||
manage_files_pattern($1, snmp_var_lib_t, snmp_var_lib_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, snmp_var_run_t, snmp_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(snmp,1.6.0)
|
||||
policy_module(snmp,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -4,3 +4,5 @@
|
||||
|
||||
/tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
|
||||
/tftpboot/.* gen_context(system_u:object_r:tftpdir_t,s0)
|
||||
|
||||
/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
|
||||
|
||||
@ -1 +1,40 @@
|
||||
## <summary>Trivial file transfer protocol daemon</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an tftp environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the tftp domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`tftp_admin',`
|
||||
gen_require(`
|
||||
type tftp_t, tftpdir_t;
|
||||
type tftp_rw_t, tftp_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 tftp_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, tftp_t)
|
||||
|
||||
manage_files_pattern($1, tftp_rw_t, tftp_rw_t)
|
||||
|
||||
manage_files_pattern($1, tftpdir_t, tftpdir_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, tftp_var_run_t, tftp_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(tftp,1.6.0)
|
||||
policy_module(tftp,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
/etc/tor(/.*)? gen_context(system_u:object_r:tor_etc_t,s0)
|
||||
|
||||
/usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
|
||||
/usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
|
||||
|
||||
/var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
|
||||
|
||||
@ -17,3 +17,47 @@ interface(`tor_domtrans',`
|
||||
|
||||
domtrans_pattern($1,tor_exec_t,tor_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an tor environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the tor domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`tor_admin',`
|
||||
gen_require(`
|
||||
type tor_t, tor_log_t, tor_etc_t;
|
||||
type tor_var_lib_t, tor_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 tor_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, tor_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, tor_log_t, tor_log_t)
|
||||
|
||||
files_list_etc($1)
|
||||
manage_files_pattern($1, tor_etc_t, tor_etc_t)
|
||||
|
||||
files_list_var_lib($1)
|
||||
manage_files_pattern($1, tor_var_lib_t, tor_var_lib_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, tor_var_run_t, tor_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(tor,1.3.0)
|
||||
policy_module(tor,1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -60,3 +60,52 @@ interface(`uucp_domtrans_uux',`
|
||||
|
||||
domtrans_pattern($1,uux_exec_t,uux_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an uucp environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the uucp domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="terminal">
|
||||
## <summary>
|
||||
## The type of the user terminal.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`uucp_admin',`
|
||||
gen_require(`
|
||||
type uucp_t, uucp_tmp_t, uucp_log_t;
|
||||
type uucp_spool_t, uucp_ro_t, uucp_rw_t;
|
||||
type uucp_var_run_t;
|
||||
')
|
||||
|
||||
allow $1 uucp_t:process { ptrace signal_perms getattr };
|
||||
ps_process_pattern($1, uucp_t)
|
||||
|
||||
files_list_tmp($1)
|
||||
manage_files_pattern($1, uucp_tmp_t, uucp_tmp_t)
|
||||
|
||||
logging_list_logs($1)
|
||||
manage_files_pattern($1, uucp_log_t, uucp_log_t)
|
||||
|
||||
files_list_spool($1)
|
||||
manage_files_pattern($1, uucp_spool_t, uucp_spool_t)
|
||||
|
||||
manage_files_pattern($1, uucp_rw_t, uucp_rw_t)
|
||||
|
||||
manage_files_pattern($1, uucp_ro_t, uucp_ro_t)
|
||||
|
||||
files_list_pids($1)
|
||||
manage_files_pattern($1, uucp_var_run_t, uucp_var_run_t)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(uucp,1.6.0)
|
||||
policy_module(uucp,1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user