more updates

This commit is contained in:
Chris PeBenito 2005-07-13 20:50:20 +00:00
parent 493d6c4adc
commit 8125c93a07

View File

@ -39,6 +39,11 @@ files_file_type($1)
storage_raw_read_fixed_disk($1)
storage_raw_write_fixed_disk($1)
#
# nscd_client_domain: complete
#
nscd_use_socket($1)
#
# privfd: complete
#
@ -78,6 +83,21 @@ domain_role_change_exempt($1)
#
domain_subj_id_change_exempt($1)
#
# userspace_objmgr: complete
#
allow $1 self:process getattr;
# Receive notifications of policy reloads and enforcing status changes.
allow $1 self:netlink_selinux_socket { create bind read };
selinux_get_fs_mount($1)
selinux_validate_context($1)
selinux_compute_access_vector($1)
selinux_compute_create_context($1)
selinux_compute_relabel_context($1)
selinux_compute_user_contexts($1)
seutil_read_config($1)
seutil_read_default_contexts($1)
########################################
#
# Access macros
@ -157,10 +177,13 @@ allow $1 sbin_t:dir r_dir_perms;
allow $1 sbin_t:notdevfile_class_set r_file_perms;
kernel_read_kernel_sysctl($1)
seutil_read_config($1)
if (read_default_t) {
allow $1 default_t:dir r_dir_perms;
allow $1 default_t:notdevfile_class_set r_file_perms;
}
tunable_policy(`read_default_t',`
files_list_default($1)
files_read_default_files($1)
files_read_default_symlinks($1)
files_read_default_sockets($1)
files_read_default_pipes($1)
')
#
# base_pty_perms():
@ -219,7 +242,7 @@ libs_exec_ld_so($1)
libs_exec_lib_files($1)
#
# can_getcon():
# can_getcon(): complete
#
allow $1 self:process getattr;
kernel_read_system_state($1)
@ -509,6 +532,8 @@ dontaudit $1_t self:capability sys_tty_config;
allow $1_t $1_var_run_t:file { getattr create read write append setattr unlink };
files_create_pid($1_t,$1_var_run_t)
kernel_read_kernel_sysctl($1_t)
kernel_list_proc($1_t)
kernel_read_proc_symlink($1_t)
dev_read_sysfs($1_t)
fs_getattr_all_fs($1_t)
fs_search_auto_mountpoints($1_t)
@ -521,6 +546,7 @@ libs_use_shared_libs($1_t)
logging_send_syslog_msg($1_t)
miscfiles_read_localization($1_t)
userdom_dontaudit_use_unpriv_user_fd($1_t)
userdom_dontaudit_search_sysadm_home_dir($1_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty($1_t)
term_dontaudit_use_generic_pty($1_t)
@ -529,15 +555,12 @@ ifdef(`targeted_policy', `
optional_policy(`rhgb.te',`
rhgb_domain($1_t)
')
optional_policy(`selinux.te',`
seutil_newrole_sigchld($1_t)
optional_policy(`selinuxutils.te',`
seutil_sigchld_newrole($1_t)
')
optional_policy(`udev.te', `
udev_read_db($1_t)
')
allow $1_t proc_t:dir r_dir_perms;
allow $1_t proc_t:lnk_file read;
dontaudit $1_t sysadm_home_dir_t:dir search;
#
# daemon_sub_domain():