change eventpollfs labeling to task sid
This commit is contained in:
parent
c467d98e85
commit
81a016f501
|
@ -1,3 +1,4 @@
|
||||||
|
- Change eventpollfs to task SID labeling.
|
||||||
- Add key support from Michael LeMay.
|
- Add key support from Michael LeMay.
|
||||||
- Add ftpdctl domain to ftp, from Paul Howarth.
|
- Add ftpdctl domain to ftp, from Paul Howarth.
|
||||||
- Fix build system to not move type declarations out of optionals.
|
- Fix build system to not move type declarations out of optionals.
|
||||||
|
|
|
@ -1019,8 +1019,17 @@ interface(`fs_relabelfrom_dos_fs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read eventpollfs files
|
## Read eventpollfs files.
|
||||||
## </summary>
|
## </summary>
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Read eventpollfs files
|
||||||
|
## </p>
|
||||||
|
## <p>
|
||||||
|
## This interface has been deprecated, and will
|
||||||
|
## be removed in the future.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
|
@ -1028,12 +1037,7 @@ interface(`fs_relabelfrom_dos_fs',`
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`fs_read_eventpollfs',`
|
interface(`fs_read_eventpollfs',`
|
||||||
gen_require(`
|
errprint(__file__:__line__:` $0($*) has been deprecated.'__endline__)
|
||||||
type eventpollfs_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
allow $1 eventpollfs_t:dir search_dir_perms;
|
|
||||||
allow $1 eventpollfs_t:file r_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(filesystem,1.3.11)
|
policy_module(filesystem,1.3.12)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -32,6 +32,7 @@ fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
|
||||||
# This is appropriate for pseudo filesystems that represent objects
|
# This is appropriate for pseudo filesystems that represent objects
|
||||||
# like pipes and sockets, so that these objects are labeled with the same
|
# like pipes and sockets, so that these objects are labeled with the same
|
||||||
# type as the creating task.
|
# type as the creating task.
|
||||||
|
fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0);
|
||||||
fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0);
|
fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0);
|
||||||
fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
|
fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
|
||||||
|
|
||||||
|
@ -58,7 +59,8 @@ genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
|
||||||
|
|
||||||
type eventpollfs_t;
|
type eventpollfs_t;
|
||||||
fs_type(eventpollfs_t)
|
fs_type(eventpollfs_t)
|
||||||
genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
|
# change to task SID 20060628
|
||||||
|
#genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
|
||||||
|
|
||||||
type futexfs_t;
|
type futexfs_t;
|
||||||
fs_type(futexfs_t)
|
fs_type(futexfs_t)
|
||||||
|
|
|
@ -179,7 +179,6 @@ template(`apache_content_template',`
|
||||||
dev_read_urand(httpd_$1_script_t)
|
dev_read_urand(httpd_$1_script_t)
|
||||||
|
|
||||||
fs_getattr_xattr_fs(httpd_$1_script_t)
|
fs_getattr_xattr_fs(httpd_$1_script_t)
|
||||||
fs_read_eventpollfs(httpd_$1_script_t)
|
|
||||||
|
|
||||||
files_read_etc_runtime_files(httpd_$1_script_t)
|
files_read_etc_runtime_files(httpd_$1_script_t)
|
||||||
files_read_usr_files(httpd_$1_script_t)
|
files_read_usr_files(httpd_$1_script_t)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(apache,1.3.14)
|
policy_module(apache,1.3.15)
|
||||||
|
|
||||||
#
|
#
|
||||||
# NOTES:
|
# NOTES:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(mta,1.3.6)
|
policy_module(mta,1.3.7)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -56,8 +56,6 @@ kernel_read_network_state(system_mail_t)
|
||||||
dev_read_rand(system_mail_t)
|
dev_read_rand(system_mail_t)
|
||||||
dev_read_urand(system_mail_t)
|
dev_read_urand(system_mail_t)
|
||||||
|
|
||||||
fs_read_eventpollfs(system_mail_t)
|
|
||||||
|
|
||||||
init_use_script_ptys(system_mail_t)
|
init_use_script_ptys(system_mail_t)
|
||||||
|
|
||||||
userdom_use_sysadm_terms(system_mail_t)
|
userdom_use_sysadm_terms(system_mail_t)
|
||||||
|
|
Loading…
Reference in New Issue