Style fixes and module version bumps for 38fc1bd
.
This commit is contained in:
parent
38fc1bd180
commit
827060cb04
@ -4,6 +4,7 @@
|
||||
cobbler (Dominick Grift)
|
||||
dbadm (KaiGai Kohei)
|
||||
nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
|
||||
likewise (Scott Salley)
|
||||
pyicqt (Stefan Schulze Frielinghaus)
|
||||
sectoolm (Miroslav Grepl)
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(corenetwork, 1.13.8)
|
||||
policy_module(corenetwork, 1.13.9)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -2921,24 +2921,6 @@ interface(`files_dontaudit_getattr_home_dir',`
|
||||
dontaudit $1 home_root_t:dir getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Relabel to user home root (/home).
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_relabelto_home',`
|
||||
gen_require(`
|
||||
type home_root_t;
|
||||
')
|
||||
|
||||
allow $1 home_root_t:dir relabelto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search home directories root (/home).
|
||||
@ -3013,6 +2995,24 @@ interface(`files_list_home',`
|
||||
allow $1 home_root_t:dir list_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Relabel to user home root (/home).
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_relabelto_home',`
|
||||
gen_require(`
|
||||
type home_root_t;
|
||||
')
|
||||
|
||||
allow $1 home_root_t:dir relabelto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create objects in /home.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(files, 1.12.3)
|
||||
policy_module(files, 1.12.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -202,7 +202,6 @@ interface(`kerberos_read_keytab',`
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`kerberos_rw_keytab',`
|
||||
gen_require(`
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(kerberos, 1.10.1)
|
||||
policy_module(kerberos, 1.10.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -1,54 +1,54 @@
|
||||
/etc/likewise-open(/.*)? gen_context(system_u:object_r:likewise_etc_t,s0)
|
||||
/etc/likewise-open/.pstore.lock -- gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
|
||||
/etc/likewise-open/likewise-krb5-ad.conf -- gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
|
||||
/etc/likewise-open(/.*)? gen_context(system_u:object_r:likewise_etc_t,s0)
|
||||
/etc/likewise-open/.pstore.lock -- gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
|
||||
/etc/likewise-open/likewise-krb5-ad.conf -- gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
|
||||
|
||||
/etc/rc\.d/init\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
|
||||
|
||||
/usr/sbin/dcerpcd -- gen_context(system_u:object_r:dcerpcd_exec_t,s0)
|
||||
/usr/sbin/eventlogd -- gen_context(system_u:object_r:eventlogd_exec_t,s0)
|
||||
/usr/sbin/lsassd -- gen_context(system_u:object_r:lsassd_exec_t,s0)
|
||||
/usr/sbin/lwiod -- gen_context(system_u:object_r:lwiod_exec_t,s0)
|
||||
/usr/sbin/lwregd -- gen_context(system_u:object_r:lwregd_exec_t,s0)
|
||||
/usr/sbin/lwsmd -- gen_context(system_u:object_r:lwsmd_exec_t,s0)
|
||||
/usr/sbin/netlogond -- gen_context(system_u:object_r:netlogond_exec_t,s0)
|
||||
/usr/sbin/srvsvcd -- gen_context(system_u:object_r:srvsvcd_exec_t,s0)
|
||||
/usr/sbin/dcerpcd -- gen_context(system_u:object_r:dcerpcd_exec_t,s0)
|
||||
/usr/sbin/eventlogd -- gen_context(system_u:object_r:eventlogd_exec_t,s0)
|
||||
/usr/sbin/lsassd -- gen_context(system_u:object_r:lsassd_exec_t,s0)
|
||||
/usr/sbin/lwiod -- gen_context(system_u:object_r:lwiod_exec_t,s0)
|
||||
/usr/sbin/lwregd -- gen_context(system_u:object_r:lwregd_exec_t,s0)
|
||||
/usr/sbin/lwsmd -- gen_context(system_u:object_r:lwsmd_exec_t,s0)
|
||||
/usr/sbin/netlogond -- gen_context(system_u:object_r:netlogond_exec_t,s0)
|
||||
/usr/sbin/srvsvcd -- gen_context(system_u:object_r:srvsvcd_exec_t,s0)
|
||||
|
||||
/var/lib/likewise-open(/.*)? gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/\.lsassd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.lwiod -s gen_context(system_u:object_r:lwiod_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.regsd -s gen_context(system_u:object_r:lwregd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.lwsm -s gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
|
||||
/var/lib/likewise-open(/.*)? gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/\.lsassd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.lwiod -s gen_context(system_u:object_r:lwiod_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.regsd -s gen_context(system_u:object_r:lwregd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.lwsm -s gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.netlogond -s gen_context(system_u:object_r:netlogond_var_socket_t,s0)
|
||||
/var/lib/likewise-open/\.ntlmd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/krb5-affinity.conf -- gen_context(system_u:object_r:netlogond_var_lib_t, s0)
|
||||
/var/lib/likewise-open/\.ntlmd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
|
||||
/var/lib/likewise-open/krb5-affinity.conf -- gen_context(system_u:object_r:netlogond_var_lib_t, s0)
|
||||
/var/lib/likewise-open/krb5ccr_lsass -- gen_context(system_u:object_r:lsassd_var_lib_t, s0)
|
||||
/var/lib/likewise-open/LWNetsd\.err -- gen_context(system_u:object_r:netlogond_var_lib_t,s0)
|
||||
/var/lib/likewise-open/lsasd\.err -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/regsd\.err -- gen_context(system_u:object_r:lwregd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/lwi_events.db -- gen_context(system_u:object_r:eventlogd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/sam\.db -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/lsass-adcache\.db -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/lsass-adcache\.db -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/db/registry\.db -- gen_context(system_u:object_r:lwregd_var_lib_t,s0)
|
||||
/var/lib/likewise-open/rpc -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/rpc -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/rpc/epmapper -s gen_context(system_u:object_r:dcerpcd_var_socket_t, s0)
|
||||
/var/lib/likewise-open/rpc/lsass -s gen_context(system_u:object_r:lsassd_var_socket_t, s0)
|
||||
/var/lib/likewise-open/rpc/socket -s gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
|
||||
/var/lib/likewise-open/run -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/rpc/socket -s gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
|
||||
/var/lib/likewise-open/run -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
|
||||
/var/lib/likewise-open/run/rpcdep.dat -- gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
|
||||
|
||||
/var/run/eventlogd.pid -- gen_context(system_u:object_r:eventlogd_var_run_t,s0)
|
||||
/var/run/lsassd.pid -- gen_context(system_u:object_r:lsassd_var_run_t,s0)
|
||||
/var/run/lwiod.pid -- gen_context(system_u:object_r:lwiod_var_run_t,s0)
|
||||
/var/run/lwregd.pid -- gen_context(system_u:object_r:lwregd_var_run_t,s0)
|
||||
/var/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0)
|
||||
/var/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
|
||||
/var/run/eventlogd.pid -- gen_context(system_u:object_r:eventlogd_var_run_t,s0)
|
||||
/var/run/lsassd.pid -- gen_context(system_u:object_r:lsassd_var_run_t,s0)
|
||||
/var/run/lwiod.pid -- gen_context(system_u:object_r:lwiod_var_run_t,s0)
|
||||
/var/run/lwregd.pid -- gen_context(system_u:object_r:lwregd_var_run_t,s0)
|
||||
/var/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0)
|
||||
/var/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
|
||||
|
||||
|
@ -1,10 +1,10 @@
|
||||
## <summary>Likewise Active Directory support for UNIX.</summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Likewise Open is a free, open source application that joins Linux, Unix,
|
||||
## and Mac machines to Microsoft Active Directory to securely authenticate
|
||||
## users with their domain credentials.
|
||||
## </p>
|
||||
## <p>
|
||||
## Likewise Open is a free, open source application that joins Linux, Unix,
|
||||
## and Mac machines to Microsoft Active Directory to securely authenticate
|
||||
## users with their domain credentials.
|
||||
## </p>
|
||||
## </desc>
|
||||
|
||||
#######################################
|
||||
|
@ -3,7 +3,7 @@ policy_module(likewise, 1.0.0)
|
||||
|
||||
#################################
|
||||
#
|
||||
# Likewise global personal declarations.
|
||||
# Declarations
|
||||
#
|
||||
|
||||
attribute likewise_domains;
|
||||
@ -23,69 +23,25 @@ files_type(likewise_pstore_lock_t)
|
||||
type likewise_krb5_ad_t;
|
||||
files_type(likewise_krb5_ad_t)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise dcerpcd personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(dcerpcd)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise eventlogd personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(eventlogd)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise lsassd personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(lsassd)
|
||||
|
||||
type lsassd_tmp_t;
|
||||
files_tmp_file(lsassd_tmp_t)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise lwiod personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(lwiod)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise lwregd personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(lwregd)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise lwsmd personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(lwsmd)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise netlogond personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(netlogond)
|
||||
|
||||
#############################
|
||||
#
|
||||
# Likewise srvsvcd personal declarations.
|
||||
#
|
||||
|
||||
likewise_domain_template(srvsvcd)
|
||||
|
||||
##################################
|
||||
#
|
||||
# Likewise global personal policy.
|
||||
|
||||
#################################
|
||||
#
|
||||
# Likewise dcerpcd personal policy
|
||||
@ -134,8 +90,8 @@ corenet_udp_sendrecv_generic_port(eventlogd_t)
|
||||
# Likewise Authentication service local policy
|
||||
#
|
||||
|
||||
allow lsassd_t self:capability {fowner chown fsetid dac_override sys_time};
|
||||
allow lsassd_t self:unix_stream_socket {create_stream_socket_perms connectto};
|
||||
allow lsassd_t self:capability { fowner chown fsetid dac_override sys_time };
|
||||
allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
|
||||
allow lsassd_t likewise_krb5_ad_t:file read_file_perms;
|
||||
@ -152,6 +108,11 @@ stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwiod_var_socket_t, lwiod_t
|
||||
stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
|
||||
stream_connect_pattern(lsassd_t, likewise_var_lib_t, netlogond_var_socket_t, netlogond_t)
|
||||
|
||||
kernel_read_system_state(lsassd_t)
|
||||
kernel_getattr_proc_files(lsassd_t)
|
||||
kernel_list_all_proc(lsassd_t)
|
||||
kernel_list_proc(lsassd_t)
|
||||
|
||||
corecmd_exec_bin(lsassd_t)
|
||||
corecmd_exec_shell(lsassd_t)
|
||||
|
||||
@ -164,19 +125,13 @@ corenet_tcp_bind_generic_node(lsassd_t)
|
||||
corenet_tcp_connect_epmap_port(lsassd_t)
|
||||
corenet_tcp_sendrecv_epmap_port(lsassd_t)
|
||||
|
||||
domain_obj_id_change_exemption(lsassd_t)
|
||||
|
||||
files_manage_etc_files(lsassd_t)
|
||||
files_manage_etc_symlinks(lsassd_t)
|
||||
files_manage_etc_runtime_files(lsassd_t)
|
||||
|
||||
files_relabelto_home(lsassd_t)
|
||||
|
||||
kernel_read_system_state(lsassd_t)
|
||||
kernel_getattr_proc_files(lsassd_t)
|
||||
kernel_list_all_proc(lsassd_t)
|
||||
kernel_list_proc(lsassd_t)
|
||||
|
||||
domain_obj_id_change_exemption(lsassd_t)
|
||||
|
||||
selinux_get_fs_mount(lsassd_t)
|
||||
selinux_validate_context(lsassd_t)
|
||||
|
||||
@ -201,7 +156,7 @@ optional_policy(`
|
||||
# Likewise I/O service local policy
|
||||
#
|
||||
|
||||
allow lwiod_t self:capability {fowner chown fsetid dac_override };
|
||||
allow lwiod_t self:capability { fowner chown fsetid dac_override };
|
||||
allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
|
||||
allow lwiod_t likewise_krb5_ad_t:file read_file_perms;
|
||||
@ -228,11 +183,6 @@ optional_policy(`
|
||||
kerberos_use(lwiod_t)
|
||||
')
|
||||
|
||||
#################################
|
||||
#
|
||||
# Likewise Registry server local policy
|
||||
#
|
||||
|
||||
#################################
|
||||
#
|
||||
# Likewise Service Manager service local policy
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(authlogin, 2.1.2)
|
||||
policy_module(authlogin, 2.1.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user