fixes from thomas bleher Fri, 24 Mar 2006 13:25:54 +0100
This commit is contained in:
parent
bb7170f673
commit
8b2d5ca6db
@ -1,3 +1,4 @@
|
||||
- Miscellaneous fixes from Thomas Bleher.
|
||||
- Deprecate module name as first parameter of optional_policy()
|
||||
now that optionals are allowed everywhere.
|
||||
- Enable optional blocks in base module and monolithic policy.
|
||||
|
@ -32,7 +32,8 @@ logging_log_file(cupsd_log_t)
|
||||
|
||||
type cupsd_lpd_t;
|
||||
type cupsd_lpd_exec_t;
|
||||
inetd_service_domain(cupsd_lpd_t,cupsd_lpd_exec_t)
|
||||
domain_type(cupsd_lpd_t)
|
||||
domain_entry_file(cupsd_lpd_t,cupsd_lpd_exec_t)
|
||||
role system_r types cupsd_lpd_t;
|
||||
|
||||
type cupsd_lpd_tmp_t;
|
||||
@ -724,6 +725,10 @@ miscfiles_read_localization(cupsd_lpd_t)
|
||||
|
||||
sysnet_read_config(cupsd_lpd_t)
|
||||
|
||||
optional_policy(`
|
||||
inetd_service_domain(cupsd_lpd_t,cupsd_lpd_exec_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nis_use_ypbind(cupsd_lpd_t)
|
||||
')
|
||||
|
@ -14,6 +14,10 @@
|
||||
|
||||
/usr/lib(64)?/postgresql/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||
|
||||
ifdef(`distro_debian', `
|
||||
/usr/lib/postgresql/.*/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||
')
|
||||
|
||||
ifdef(`distro_redhat', `
|
||||
/usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
||||
')
|
||||
|
@ -1,6 +1,7 @@
|
||||
|
||||
/tmp/\.font-unix(/.*)? gen_context(system_u:object_r:xfs_tmp_t,s0)
|
||||
|
||||
/usr/bin/xfs -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
||||
/usr/bin/xfstt -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
||||
|
||||
/usr/X11R6/bin/xfs -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
||||
|
@ -55,6 +55,9 @@ ifdef(`strict_policy',`
|
||||
/usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
||||
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||
ifdef(`distro_debian', `
|
||||
/usr/sbin/gdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
|
||||
')
|
||||
|
||||
/usr/lib(64)?/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
|
||||
|
||||
|
@ -380,8 +380,6 @@ seutil_read_config(initrc_t)
|
||||
|
||||
sysnet_read_config(initrc_t)
|
||||
|
||||
udev_rw_db(initrc_t)
|
||||
|
||||
userdom_read_all_users_home_content_files(initrc_t)
|
||||
# Allow access to the sysadm TTYs. Note that this will give access to the
|
||||
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
|
||||
@ -708,6 +706,10 @@ optional_policy(`
|
||||
sysnet_read_dhcpc_state(initrc_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_rw_db(initrc_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
uml_setattr_util_sockets(initrc_t)
|
||||
')
|
||||
|
@ -395,7 +395,9 @@ ifdef(`distro_redhat', `
|
||||
')
|
||||
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
udev_dontaudit_rw_dgram_sockets(restorecon_t)
|
||||
optional_policy(`
|
||||
udev_dontaudit_rw_dgram_sockets(restorecon_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
Loading…
Reference in New Issue
Block a user