rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

tty and caps fixes

Browse Source
This commit is contained in:
Chris PeBenito 2005-11-01 15:34:00 +00:00
parent 0b12fa4bd0
commit 7ac22585e3
6 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
refpolicy/policy/modules/services/bind.te
View File

@ -247,6 +247,11 @@ ifdef(`distro_redhat',`
allow ndc_t named_conf_t:dir search; allow ndc_t named_conf_t:dir search;
') ')
ifdef(`targeted_policy', `
term_use_unallocated_tty(ndc_t)
term_use_generic_pty(ndc_t)
')
tunable_policy(`named_write_master_zones',` tunable_policy(`named_write_master_zones',`
allow named_t named_zone_t:dir create_dir_perms; allow named_t named_zone_t:dir create_dir_perms;
allow named_t named_zone_t:file create_file_perms; allow named_t named_zone_t:file create_file_perms;

5
refpolicy/policy/modules/services/postfix.te
View File

@ -451,6 +451,11 @@ sysnet_dontaudit_read_config(postfix_postdrop_t)
mta_rw_user_mail_stream_socket(postfix_postdrop_t) mta_rw_user_mail_stream_socket(postfix_postdrop_t)
ifdef(`targeted_policy', `
term_use_unallocated_tty(postfix_postdrop_t)
term_use_generic_pty(postfix_postdrop_t)
')
optional_policy(`crond.te',` optional_policy(`crond.te',`
cron_use_fd(postfix_postdrop_t) cron_use_fd(postfix_postdrop_t)
cron_rw_pipe(postfix_postdrop_t) cron_rw_pipe(postfix_postdrop_t)

1
refpolicy/policy/modules/services/snmp.te
View File

@ -26,6 +26,7 @@ files_type(snmpd_var_lib_t)
# Local policy # Local policy
# #
allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config }; allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
dontaudit snmpd_t self:capability sys_tty_config;
allow snmpd_t self:fifo_file rw_file_perms; allow snmpd_t self:fifo_file rw_file_perms;
allow snmpd_t self:unix_dgram_socket create_socket_perms; allow snmpd_t self:unix_dgram_socket create_socket_perms;
allow snmpd_t self:unix_stream_socket create_stream_socket_perms; allow snmpd_t self:unix_stream_socket create_stream_socket_perms;

2
refpolicy/policy/modules/system/authlogin.te
View File

@ -270,7 +270,7 @@ kernel_read_system_state(system_chkpwd_t)
fs_dontaudit_getattr_xattr_fs(system_chkpwd_t) fs_dontaudit_getattr_xattr_fs(system_chkpwd_t)
term_use_unallocated_tty(system_chkpwd_t) term_dontaudit_use_unallocated_tty(system_chkpwd_t)
domain_dontaudit_use_wide_inherit_fd(system_chkpwd_t) domain_dontaudit_use_wide_inherit_fd(system_chkpwd_t)

5
refpolicy/policy/modules/system/modutils.te
View File

@ -190,6 +190,11 @@ files_list_home(depmod_t)
userdom_read_staff_home_files(depmod_t) userdom_read_staff_home_files(depmod_t)
userdom_read_sysadm_home_files(depmod_t) userdom_read_sysadm_home_files(depmod_t)
ifdef(`targeted_policy', `
term_use_unallocated_tty(depmod_t)
term_use_generic_pty(depmod_t)
')
optional_policy(`rpm.te',` optional_policy(`rpm.te',`
rpm_rw_pipe(depmod_t) rpm_rw_pipe(depmod_t)
') ')

1
refpolicy/policy/modules/system/unconfined.te
View File

@ -26,6 +26,7 @@ logging_send_syslog_msg(unconfined_t)
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
allow unconfined_t self:system syslog_read; allow unconfined_t self:system syslog_read;
dontaudit unconfined_t self:capability sys_module;
# Define some type aliases to help with compatibility with # Define some type aliases to help with compatibility with
# macros and domains from the "strict" policy. # macros and domains from the "strict" policy.