- Fix labeling on /var/spool/rsyslog
This commit is contained in:
Daniel J Walsh
parent
b3d78ec348
commit
7b43f5254f
@ -1143,7 +1143,7 @@ rpcbind = module
|
|||||||
#
|
#
|
||||||
# X windows window manager
|
# X windows window manager
|
||||||
#
|
#
|
||||||
wm = module
|
#wm = module
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: virt
|
# Module: virt
|
||||||
|
|||||||
@ -3638,7 +3638,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.1/policy/modules/apps/wm.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.1/policy/modules/apps/wm.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/wm.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/wm.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.1/policy/modules/apps/wm.te 2008-11-25 09:45:43.000000000 -0500
|
+++ serefpolicy-3.6.1/policy/modules/apps/wm.te 2008-12-02 14:52:51.000000000 -0500
|
||||||
@@ -0,0 +1,104 @@
|
@@ -0,0 +1,104 @@
|
||||||
+policy_module(wm,0.0.4)
|
+policy_module(wm,0.0.4)
|
||||||
+
|
+
|
||||||
@ -3684,22 +3684,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+allow wm_t self:fifo_file { write read };
|
+allow wm_t self:fifo_file { write read };
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
+allow wm_t $2_client_xevent_t:x_synthetic_event send;
|
+allow wm_t client_xevent_t:x_synthetic_event send;
|
||||||
+allow wm_t $2_focus_xevent_t:x_event receive;
|
+allow wm_t focus_xevent_t:x_event receive;
|
||||||
+allow wm_t $2_input_xevent_t:x_event receive;
|
+allow wm_t input_xevent_t:x_event receive;
|
||||||
+allow wm_t $2_manage_xevent_t:x_event receive;
|
+allow wm_t manage_xevent_t:x_event receive;
|
||||||
+allow wm_t $2_manage_xevent_t:x_synthetic_event { receive send };
|
+allow wm_t manage_xevent_t:x_synthetic_event { receive send };
|
||||||
+allow wm_t $2_property_xevent_t:x_event receive;
|
+allow wm_t property_xevent_t:x_event receive;
|
||||||
+allow wm_t $2_xproperty_t:x_property { read write destroy };
|
+allow wm_t xproperty_t:x_property { read write destroy };
|
||||||
+allow wm_t $2_rootwindow_t:x_colormap { install uninstall use add_color remove_color read };
|
+allow wm_t rootwindow_t:x_colormap { install uninstall use add_color remove_color read };
|
||||||
+allow wm_t $2_rootwindow_t:x_drawable { read write manage setattr get_property hide show receive set_property create send add_child remove_child getattr list_property blend list_child destroy override };
|
+allow wm_t rootwindow_t:x_drawable { read write manage setattr get_property hide show receive set_property create send add_child remove_child getattr list_property blend list_child destroy override };
|
||||||
+allow wm_t $2_xproperty_t:x_property { write read };
|
+allow wm_t xproperty_t:x_property { write read };
|
||||||
+allow wm_t xserver_t:x_device { force_cursor setfocus use setattr grab manage getattr freeze write };
|
+allow wm_t xserver_t:x_device { force_cursor setfocus use setattr grab manage getattr freeze write };
|
||||||
+allow wm_t xserver_t:x_resource { read write };
|
+allow wm_t xserver_t:x_resource { read write };
|
||||||
+allow wm_t xserver_t:x_screen setattr;
|
+allow wm_t xserver_t:x_screen setattr;
|
||||||
+allow wm_t xselection_t:x_selection setattr;
|
+allow wm_t xselection_t:x_selection setattr;
|
||||||
+
|
+
|
||||||
+allow wm_t $2_t:x_drawable { get_property setattr show receive manage send read getattr list_child set_property };
|
+allow wm_t :x_drawable { get_property setattr show receive manage send read getattr list_child set_property };
|
||||||
+allow wm_t $2_t:x_resource { read write };
|
+allow wm_t $2_t:x_resource { read write };
|
||||||
+
|
+
|
||||||
+ifdef(`enable_mls',`
|
+ifdef(`enable_mls',`
|
||||||
@ -25126,7 +25126,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.1/policy/modules/system/userdomain.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.1/policy/modules/system/userdomain.if
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-11-13 18:40:02.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-11-13 18:40:02.000000000 -0500
|
||||||
+++ serefpolicy-3.6.1/policy/modules/system/userdomain.if 2008-12-02 14:39:39.000000000 -0500
|
+++ serefpolicy-3.6.1/policy/modules/system/userdomain.if 2008-12-02 14:58:08.000000000 -0500
|
||||||
@@ -30,8 +30,9 @@
|
@@ -30,8 +30,9 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -26414,7 +26414,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
## Send a dbus message to all user domains.
|
## Send a dbus message to all user domains.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -2981,3 +3165,247 @@
|
@@ -2981,3 +3165,245 @@
|
||||||
|
|
||||||
allow $1 userdomain:dbus send_msg;
|
allow $1 userdomain:dbus send_msg;
|
||||||
')
|
')
|
||||||
@ -26636,14 +26636,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+#
|
+#
|
||||||
+interface(`userdom_dgram_send',`
|
+interface(`userdom_dgram_send',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ attribute
|
+ attribute unpriv_userdomain;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ allow $1 unpriv_userdomain:unix_dgram_socket sendto;
|
+ allow $1 unpriv_userdomain:unix_dgram_socket sendto;
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+
|
|
||||||
+
|
|
||||||
+#######################################
|
+#######################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
+## Allow execmod on files in homedirectory
|
+## Allow execmod on files in homedirectory
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user