fixes from thomas bleher Fri, 24 Mar 2006 13:25:54 +0100
This commit is contained in:
parent
bb7170f673
commit
8b2d5ca6db
@ -1,3 +1,4 @@
|
|||||||
|
- Miscellaneous fixes from Thomas Bleher.
|
||||||
- Deprecate module name as first parameter of optional_policy()
|
- Deprecate module name as first parameter of optional_policy()
|
||||||
now that optionals are allowed everywhere.
|
now that optionals are allowed everywhere.
|
||||||
- Enable optional blocks in base module and monolithic policy.
|
- Enable optional blocks in base module and monolithic policy.
|
||||||
|
@ -32,7 +32,8 @@ logging_log_file(cupsd_log_t)
|
|||||||
|
|
||||||
type cupsd_lpd_t;
|
type cupsd_lpd_t;
|
||||||
type cupsd_lpd_exec_t;
|
type cupsd_lpd_exec_t;
|
||||||
inetd_service_domain(cupsd_lpd_t,cupsd_lpd_exec_t)
|
domain_type(cupsd_lpd_t)
|
||||||
|
domain_entry_file(cupsd_lpd_t,cupsd_lpd_exec_t)
|
||||||
role system_r types cupsd_lpd_t;
|
role system_r types cupsd_lpd_t;
|
||||||
|
|
||||||
type cupsd_lpd_tmp_t;
|
type cupsd_lpd_tmp_t;
|
||||||
@ -724,6 +725,10 @@ miscfiles_read_localization(cupsd_lpd_t)
|
|||||||
|
|
||||||
sysnet_read_config(cupsd_lpd_t)
|
sysnet_read_config(cupsd_lpd_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
inetd_service_domain(cupsd_lpd_t,cupsd_lpd_exec_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
nis_use_ypbind(cupsd_lpd_t)
|
nis_use_ypbind(cupsd_lpd_t)
|
||||||
')
|
')
|
||||||
|
@ -14,6 +14,10 @@
|
|||||||
|
|
||||||
/usr/lib(64)?/postgresql/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
/usr/lib(64)?/postgresql/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||||
|
|
||||||
|
ifdef(`distro_debian', `
|
||||||
|
/usr/lib/postgresql/.*/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||||
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat', `
|
ifdef(`distro_redhat', `
|
||||||
/usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
/usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
||||||
')
|
')
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
|
|
||||||
/tmp/\.font-unix(/.*)? gen_context(system_u:object_r:xfs_tmp_t,s0)
|
/tmp/\.font-unix(/.*)? gen_context(system_u:object_r:xfs_tmp_t,s0)
|
||||||
|
|
||||||
|
/usr/bin/xfs -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
||||||
/usr/bin/xfstt -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
/usr/bin/xfstt -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
||||||
|
|
||||||
/usr/X11R6/bin/xfs -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
/usr/X11R6/bin/xfs -- gen_context(system_u:object_r:xfs_exec_t,s0)
|
||||||
|
@ -55,6 +55,9 @@ ifdef(`strict_policy',`
|
|||||||
/usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
/usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||||
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
/usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0)
|
||||||
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
|
||||||
|
ifdef(`distro_debian', `
|
||||||
|
/usr/sbin/gdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
|
||||||
|
')
|
||||||
|
|
||||||
/usr/lib(64)?/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
|
/usr/lib(64)?/qt-.*/etc/settings(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
|
||||||
|
|
||||||
|
@ -380,8 +380,6 @@ seutil_read_config(initrc_t)
|
|||||||
|
|
||||||
sysnet_read_config(initrc_t)
|
sysnet_read_config(initrc_t)
|
||||||
|
|
||||||
udev_rw_db(initrc_t)
|
|
||||||
|
|
||||||
userdom_read_all_users_home_content_files(initrc_t)
|
userdom_read_all_users_home_content_files(initrc_t)
|
||||||
# Allow access to the sysadm TTYs. Note that this will give access to the
|
# Allow access to the sysadm TTYs. Note that this will give access to the
|
||||||
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
|
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
|
||||||
@ -708,6 +706,10 @@ optional_policy(`
|
|||||||
sysnet_read_dhcpc_state(initrc_t)
|
sysnet_read_dhcpc_state(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
udev_rw_db(initrc_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
uml_setattr_util_sockets(initrc_t)
|
uml_setattr_util_sockets(initrc_t)
|
||||||
')
|
')
|
||||||
|
@ -395,7 +395,9 @@ ifdef(`distro_redhat', `
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms',`
|
ifdef(`hide_broken_symptoms',`
|
||||||
|
optional_policy(`
|
||||||
udev_dontaudit_rw_dgram_sockets(restorecon_t)
|
udev_dontaudit_rw_dgram_sockets(restorecon_t)
|
||||||
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
Loading…
Reference in New Issue
Block a user