- Add fusectl file system
This commit is contained in:
parent
8d4af9d064
commit
8bd036a289
@ -1443,7 +1443,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.2.9/policy/modules/admin/usermanage.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.2.9/policy/modules/admin/usermanage.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2008-02-19 17:24:26.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2008-02-19 17:24:26.000000000 -0500
|
||||||
+++ serefpolicy-3.2.9/policy/modules/admin/usermanage.te 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/admin/usermanage.te 2008-02-21 10:16:14.000000000 -0500
|
||||||
@@ -97,6 +97,7 @@
|
@@ -97,6 +97,7 @@
|
||||||
|
|
||||||
# allow checking if a shell is executable
|
# allow checking if a shell is executable
|
||||||
@ -1452,7 +1452,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
|
|||||||
|
|
||||||
domain_use_interactive_fds(chfn_t)
|
domain_use_interactive_fds(chfn_t)
|
||||||
|
|
||||||
@@ -297,6 +298,7 @@
|
@@ -238,6 +239,7 @@
|
||||||
|
userdom_use_unpriv_users_fds(groupadd_t)
|
||||||
|
# for when /root is the cwd
|
||||||
|
userdom_dontaudit_search_sysadm_home_dirs(groupadd_t)
|
||||||
|
+userdom_dontaudit_search_all_users_home_content(groupadd_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
dpkg_use_fds(groupadd_t)
|
||||||
|
@@ -297,6 +299,7 @@
|
||||||
term_use_all_user_ttys(passwd_t)
|
term_use_all_user_ttys(passwd_t)
|
||||||
term_use_all_user_ptys(passwd_t)
|
term_use_all_user_ptys(passwd_t)
|
||||||
|
|
||||||
@ -1460,7 +1468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
|
|||||||
auth_manage_shadow(passwd_t)
|
auth_manage_shadow(passwd_t)
|
||||||
auth_relabel_shadow(passwd_t)
|
auth_relabel_shadow(passwd_t)
|
||||||
auth_etc_filetrans_shadow(passwd_t)
|
auth_etc_filetrans_shadow(passwd_t)
|
||||||
@@ -316,6 +318,7 @@
|
@@ -316,6 +319,7 @@
|
||||||
# /usr/bin/passwd asks for w access to utmp, but it will operate
|
# /usr/bin/passwd asks for w access to utmp, but it will operate
|
||||||
# correctly without it. Do not audit write denials to utmp.
|
# correctly without it. Do not audit write denials to utmp.
|
||||||
init_dontaudit_rw_utmp(passwd_t)
|
init_dontaudit_rw_utmp(passwd_t)
|
||||||
@ -1468,7 +1476,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
|
|||||||
|
|
||||||
libs_use_ld_so(passwd_t)
|
libs_use_ld_so(passwd_t)
|
||||||
libs_use_shared_libs(passwd_t)
|
libs_use_shared_libs(passwd_t)
|
||||||
@@ -525,6 +528,12 @@
|
@@ -503,6 +507,7 @@
|
||||||
|
userdom_use_unpriv_users_fds(useradd_t)
|
||||||
|
# for when /root is the cwd
|
||||||
|
userdom_dontaudit_search_sysadm_home_dirs(useradd_t)
|
||||||
|
+userdom_dontaudit_search_all_users_home_content(useradd_t)
|
||||||
|
# Add/remove user home directories
|
||||||
|
userdom_home_filetrans_generic_user_home_dir(useradd_t)
|
||||||
|
userdom_manage_all_users_home_content_dirs(useradd_t)
|
||||||
|
@@ -525,6 +530,12 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -5669,7 +5685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.2.9/policy/modules/kernel/filesystem.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.2.9/policy/modules/kernel/filesystem.te
|
||||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-12-19 05:32:07.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-12-19 05:32:07.000000000 -0500
|
||||||
+++ serefpolicy-3.2.9/policy/modules/kernel/filesystem.te 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/kernel/filesystem.te 2008-02-21 11:21:21.000000000 -0500
|
||||||
@@ -25,6 +25,8 @@
|
@@ -25,6 +25,8 @@
|
||||||
fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
|
fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
|
||||||
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
|
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
|
||||||
@ -5691,6 +5707,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
|
|||||||
type vxfs_t;
|
type vxfs_t;
|
||||||
fs_noxattr_type(vxfs_t)
|
fs_noxattr_type(vxfs_t)
|
||||||
files_mountpoint(vxfs_t)
|
files_mountpoint(vxfs_t)
|
||||||
|
@@ -199,6 +206,7 @@
|
||||||
|
allow fusefs_t fs_t:filesystem associate;
|
||||||
|
genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0)
|
||||||
|
genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0)
|
||||||
|
+genfscon fusectl / gen_context(system_u:object_r:fusefs_t,s0)
|
||||||
|
|
||||||
|
#
|
||||||
|
# iso9660_t is the type for CD filesystems
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.2.9/policy/modules/kernel/kernel.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.2.9/policy/modules/kernel/kernel.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-10-29 18:02:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-10-29 18:02:31.000000000 -0400
|
||||||
+++ serefpolicy-3.2.9/policy/modules/kernel/kernel.if 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/kernel/kernel.if 2008-02-20 14:28:23.000000000 -0500
|
||||||
@ -5876,7 +5900,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
|
|||||||
/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
|
/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.2.9/policy/modules/kernel/storage.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.2.9/policy/modules/kernel/storage.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-10-29 18:02:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-10-29 18:02:31.000000000 -0400
|
||||||
+++ serefpolicy-3.2.9/policy/modules/kernel/storage.if 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/kernel/storage.if 2008-02-21 14:16:08.000000000 -0500
|
||||||
@@ -81,6 +81,26 @@
|
@@ -81,6 +81,26 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -10047,7 +10071,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.2.9/policy/modules/services/dbus.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.2.9/policy/modules/services/dbus.te
|
||||||
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-12-19 05:32:17.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-12-19 05:32:17.000000000 -0500
|
||||||
+++ serefpolicy-3.2.9/policy/modules/services/dbus.te 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/services/dbus.te 2008-02-21 11:25:16.000000000 -0500
|
||||||
@@ -9,6 +9,7 @@
|
@@ -9,6 +9,7 @@
|
||||||
#
|
#
|
||||||
# Delcarations
|
# Delcarations
|
||||||
@ -10065,6 +10089,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||||||
|
|
||||||
type system_dbusd_var_run_t;
|
type system_dbusd_var_run_t;
|
||||||
files_pid_file(system_dbusd_var_run_t)
|
files_pid_file(system_dbusd_var_run_t)
|
||||||
|
@@ -35,7 +36,7 @@
|
||||||
|
# cjp: dac_override should probably go in a distro_debian
|
||||||
|
allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
|
||||||
|
dontaudit system_dbusd_t self:capability sys_tty_config;
|
||||||
|
-allow system_dbusd_t self:process { getattr signal_perms setcap };
|
||||||
|
+allow system_dbusd_t self:process { getattr signal_perms getcap setcap };
|
||||||
|
allow system_dbusd_t self:fifo_file { read write };
|
||||||
|
allow system_dbusd_t self:dbus { send_msg acquire_svc };
|
||||||
|
allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
|
||||||
@@ -65,6 +66,7 @@
|
@@ -65,6 +66,7 @@
|
||||||
|
|
||||||
fs_getattr_all_fs(system_dbusd_t)
|
fs_getattr_all_fs(system_dbusd_t)
|
||||||
@ -14537,7 +14570,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.2.9/policy/modules/services/ntp.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.2.9/policy/modules/services/ntp.te
|
||||||
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-12-19 05:32:17.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-12-19 05:32:17.000000000 -0500
|
||||||
+++ serefpolicy-3.2.9/policy/modules/services/ntp.te 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/services/ntp.te 2008-02-21 11:25:51.000000000 -0500
|
||||||
@@ -25,6 +25,12 @@
|
@@ -25,6 +25,12 @@
|
||||||
type ntpdate_exec_t;
|
type ntpdate_exec_t;
|
||||||
init_system_domain(ntpd_t,ntpdate_exec_t)
|
init_system_domain(ntpd_t,ntpdate_exec_t)
|
||||||
@ -14551,9 +14584,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Local policy
|
# Local policy
|
||||||
@@ -36,6 +42,7 @@
|
@@ -34,8 +40,9 @@
|
||||||
|
# ntpdate wants sys_nice
|
||||||
|
allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock sys_chroot sys_nice sys_resource };
|
||||||
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
|
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
|
||||||
allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
|
-allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
|
||||||
|
+allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
|
||||||
allow ntpd_t self:fifo_file { read write getattr };
|
allow ntpd_t self:fifo_file { read write getattr };
|
||||||
+allow ntpd_t self:shm create_shm_perms;
|
+allow ntpd_t self:shm create_shm_perms;
|
||||||
allow ntpd_t self:unix_dgram_socket create_socket_perms;
|
allow ntpd_t self:unix_dgram_socket create_socket_perms;
|
||||||
@ -14601,7 +14637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
|
|||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.2.9/policy/modules/services/nx.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.2.9/policy/modules/services/nx.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/nx.fc 2006-11-16 17:15:20.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/nx.fc 2006-11-16 17:15:20.000000000 -0500
|
||||||
+++ serefpolicy-3.2.9/policy/modules/services/nx.fc 2008-02-20 14:28:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/services/nx.fc 2008-02-21 10:10:55.000000000 -0500
|
||||||
@@ -1,3 +1,5 @@
|
@@ -1,3 +1,5 @@
|
||||||
+
|
+
|
||||||
+/usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
|
+/usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
|
||||||
@ -25870,7 +25906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.9/policy/modules/system/userdomain.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.9/policy/modules/system/userdomain.if
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
|
||||||
+++ serefpolicy-3.2.9/policy/modules/system/userdomain.if 2008-02-20 15:39:23.000000000 -0500
|
+++ serefpolicy-3.2.9/policy/modules/system/userdomain.if 2008-02-21 14:19:41.000000000 -0500
|
||||||
@@ -29,9 +29,14 @@
|
@@ -29,9 +29,14 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -26413,7 +26449,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## <summary>
|
## <summary>
|
||||||
## The prefix of the user domain (e.g., user
|
## The prefix of the user domain (e.g., user
|
||||||
## is the prefix for user_t).
|
## is the prefix for user_t).
|
||||||
@@ -692,183 +666,192 @@
|
@@ -692,183 +666,193 @@
|
||||||
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
|
||||||
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
|
||||||
|
|
||||||
@ -26499,6 +26535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
# for eject
|
# for eject
|
||||||
- storage_getattr_fixed_disk_dev($1_t)
|
- storage_getattr_fixed_disk_dev($1_t)
|
||||||
+ storage_getattr_fixed_disk_dev($1_usertype)
|
+ storage_getattr_fixed_disk_dev($1_usertype)
|
||||||
|
+ storage_rw_fuse($1_usertype)
|
||||||
|
|
||||||
- auth_use_nsswitch($1_t)
|
- auth_use_nsswitch($1_t)
|
||||||
- auth_read_login_records($1_t)
|
- auth_read_login_records($1_t)
|
||||||
@ -26687,7 +26724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -895,6 +878,8 @@
|
@@ -895,6 +879,8 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
template(`userdom_login_user_template', `
|
template(`userdom_login_user_template', `
|
||||||
@ -26696,7 +26733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
userdom_base_user_template($1)
|
userdom_base_user_template($1)
|
||||||
|
|
||||||
userdom_manage_home_template($1)
|
userdom_manage_home_template($1)
|
||||||
@@ -923,26 +908,26 @@
|
@@ -923,26 +909,26 @@
|
||||||
|
|
||||||
allow $1_t self:context contains;
|
allow $1_t self:context contains;
|
||||||
|
|
||||||
@ -26737,7 +26774,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
|
|
||||||
auth_dontaudit_write_login_records($1_t)
|
auth_dontaudit_write_login_records($1_t)
|
||||||
|
|
||||||
@@ -950,43 +935,43 @@
|
@@ -950,43 +936,43 @@
|
||||||
|
|
||||||
# The library functions always try to open read-write first,
|
# The library functions always try to open read-write first,
|
||||||
# then fall back to read-only if it fails.
|
# then fall back to read-only if it fails.
|
||||||
@ -26799,7 +26836,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -1020,9 +1005,6 @@
|
@@ -1020,9 +1006,6 @@
|
||||||
domain_interactive_fd($1_t)
|
domain_interactive_fd($1_t)
|
||||||
|
|
||||||
typeattribute $1_devpts_t user_ptynode;
|
typeattribute $1_devpts_t user_ptynode;
|
||||||
@ -26809,7 +26846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
typeattribute $1_tty_device_t user_ttynode;
|
typeattribute $1_tty_device_t user_ttynode;
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
@@ -1031,16 +1013,29 @@
|
@@ -1031,16 +1014,29 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
# privileged home directory writers
|
# privileged home directory writers
|
||||||
@ -26845,7 +26882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
@@ -1068,6 +1063,13 @@
|
@@ -1068,6 +1064,13 @@
|
||||||
|
|
||||||
userdom_restricted_user_template($1)
|
userdom_restricted_user_template($1)
|
||||||
|
|
||||||
@ -26859,7 +26896,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
userdom_xwindows_client_template($1)
|
userdom_xwindows_client_template($1)
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
@@ -1076,14 +1078,14 @@
|
@@ -1076,14 +1079,14 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
authlogin_per_role_template($1, $1_t, $1_r)
|
authlogin_per_role_template($1, $1_t, $1_r)
|
||||||
@ -26879,7 +26916,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
logging_dontaudit_send_audit_msgs($1_t)
|
logging_dontaudit_send_audit_msgs($1_t)
|
||||||
|
|
||||||
# Need to to this just so screensaver will work. Should be moved to screensaver domain
|
# Need to to this just so screensaver will work. Should be moved to screensaver domain
|
||||||
@@ -1091,32 +1093,21 @@
|
@@ -1091,32 +1094,21 @@
|
||||||
selinux_get_enforce_mode($1_t)
|
selinux_get_enforce_mode($1_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -26920,7 +26957,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -1127,10 +1118,10 @@
|
@@ -1127,10 +1119,10 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
@ -26935,7 +26972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## This template creates a user domain, types, and
|
## This template creates a user domain, types, and
|
||||||
## rules for the user's tty, pty, home directories,
|
## rules for the user's tty, pty, home directories,
|
||||||
## tmp, and tmpfs files.
|
## tmp, and tmpfs files.
|
||||||
@@ -1193,12 +1184,11 @@
|
@@ -1193,12 +1185,11 @@
|
||||||
# and may change other protocols
|
# and may change other protocols
|
||||||
tunable_policy(`user_tcp_server',`
|
tunable_policy(`user_tcp_server',`
|
||||||
corenet_tcp_bind_all_nodes($1_t)
|
corenet_tcp_bind_all_nodes($1_t)
|
||||||
@ -26950,7 +26987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
# Run pppd in pppd_t by default for user
|
# Run pppd in pppd_t by default for user
|
||||||
@@ -1207,7 +1197,23 @@
|
@@ -1207,7 +1198,23 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -26975,7 +27012,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -1284,8 +1290,6 @@
|
@@ -1284,8 +1291,6 @@
|
||||||
# Manipulate other users crontab.
|
# Manipulate other users crontab.
|
||||||
allow $1_t self:passwd crontab;
|
allow $1_t self:passwd crontab;
|
||||||
|
|
||||||
@ -26984,7 +27021,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
kernel_read_software_raid_state($1_t)
|
kernel_read_software_raid_state($1_t)
|
||||||
kernel_getattr_core_if($1_t)
|
kernel_getattr_core_if($1_t)
|
||||||
kernel_getattr_message_if($1_t)
|
kernel_getattr_message_if($1_t)
|
||||||
@@ -1363,13 +1367,6 @@
|
@@ -1363,13 +1368,6 @@
|
||||||
# But presently necessary for installing the file_contexts file.
|
# But presently necessary for installing the file_contexts file.
|
||||||
seutil_manage_bin_policy($1_t)
|
seutil_manage_bin_policy($1_t)
|
||||||
|
|
||||||
@ -26998,7 +27035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
userhelper_exec($1_t)
|
userhelper_exec($1_t)
|
||||||
')
|
')
|
||||||
@@ -1422,6 +1419,7 @@
|
@@ -1422,6 +1420,7 @@
|
||||||
dev_relabel_all_dev_nodes($1)
|
dev_relabel_all_dev_nodes($1)
|
||||||
|
|
||||||
files_create_boot_flag($1)
|
files_create_boot_flag($1)
|
||||||
@ -27006,7 +27043,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
|
|
||||||
# Necessary for managing /boot/efi
|
# Necessary for managing /boot/efi
|
||||||
fs_manage_dos_files($1)
|
fs_manage_dos_files($1)
|
||||||
@@ -1787,10 +1785,14 @@
|
@@ -1787,10 +1786,14 @@
|
||||||
template(`userdom_user_home_content',`
|
template(`userdom_user_home_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute $1_file_type;
|
attribute $1_file_type;
|
||||||
@ -27022,7 +27059,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1886,11 +1888,11 @@
|
@@ -1886,11 +1889,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_search_user_home_dirs',`
|
template(`userdom_search_user_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27036,7 +27073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1920,11 +1922,11 @@
|
@@ -1920,11 +1923,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_list_user_home_dirs',`
|
template(`userdom_list_user_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27050,7 +27087,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1968,12 +1970,12 @@
|
@@ -1968,12 +1971,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_user_home_domtrans',`
|
template(`userdom_user_home_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27066,7 +27103,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2003,10 +2005,10 @@
|
@@ -2003,10 +2006,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_list_user_home_dirs',`
|
template(`userdom_dontaudit_list_user_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27079,7 +27116,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2038,11 +2040,47 @@
|
@@ -2038,11 +2041,47 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_home_content_dirs',`
|
template(`userdom_manage_user_home_content_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27129,7 +27166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2074,10 +2112,10 @@
|
@@ -2074,10 +2113,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_setattr_user_home_content_files',`
|
template(`userdom_dontaudit_setattr_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27142,7 +27179,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2107,11 +2145,11 @@
|
@@ -2107,11 +2146,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_read_user_home_content_files',`
|
template(`userdom_read_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27156,7 +27193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2141,11 +2179,11 @@
|
@@ -2141,11 +2180,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_read_user_home_content_files',`
|
template(`userdom_dontaudit_read_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27171,7 +27208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2175,10 +2213,14 @@
|
@@ -2175,10 +2214,14 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_write_user_home_content_files',`
|
template(`userdom_dontaudit_write_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27188,7 +27225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2208,11 +2250,11 @@
|
@@ -2208,11 +2251,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_read_user_home_content_symlinks',`
|
template(`userdom_read_user_home_content_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27202,7 +27239,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2242,11 +2284,11 @@
|
@@ -2242,11 +2285,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_exec_user_home_content_files',`
|
template(`userdom_exec_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27216,7 +27253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2276,10 +2318,10 @@
|
@@ -2276,10 +2319,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_exec_user_home_content_files',`
|
template(`userdom_dontaudit_exec_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27229,7 +27266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2311,12 +2353,12 @@
|
@@ -2311,12 +2354,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_home_content_files',`
|
template(`userdom_manage_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27245,7 +27282,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2348,10 +2390,10 @@
|
@@ -2348,10 +2391,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_manage_user_home_content_dirs',`
|
template(`userdom_dontaudit_manage_user_home_content_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27258,7 +27295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2383,12 +2425,12 @@
|
@@ -2383,12 +2426,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_home_content_symlinks',`
|
template(`userdom_manage_user_home_content_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27274,7 +27311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2420,12 +2462,12 @@
|
@@ -2420,12 +2463,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_home_content_pipes',`
|
template(`userdom_manage_user_home_content_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27290,7 +27327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2457,12 +2499,12 @@
|
@@ -2457,12 +2500,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_home_content_sockets',`
|
template(`userdom_manage_user_home_content_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27306,7 +27343,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2507,11 +2549,11 @@
|
@@ -2507,11 +2550,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_user_home_dir_filetrans',`
|
template(`userdom_user_home_dir_filetrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27320,7 +27357,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2556,11 +2598,11 @@
|
@@ -2556,11 +2599,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_user_home_content_filetrans',`
|
template(`userdom_user_home_content_filetrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27334,7 +27371,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2600,11 +2642,11 @@
|
@@ -2600,11 +2643,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_user_home_dir_filetrans_user_home_content',`
|
template(`userdom_user_home_dir_filetrans_user_home_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27348,7 +27385,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2634,11 +2676,11 @@
|
@@ -2634,11 +2677,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_write_user_tmp_sockets',`
|
template(`userdom_write_user_tmp_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27362,7 +27399,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2668,11 +2710,11 @@
|
@@ -2668,11 +2711,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_list_user_tmp',`
|
template(`userdom_list_user_tmp',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27376,7 +27413,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2704,10 +2746,10 @@
|
@@ -2704,10 +2747,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_list_user_tmp',`
|
template(`userdom_dontaudit_list_user_tmp',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27389,7 +27426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2739,10 +2781,10 @@
|
@@ -2739,10 +2782,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_manage_user_tmp_dirs',`
|
template(`userdom_dontaudit_manage_user_tmp_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27402,7 +27439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2772,12 +2814,12 @@
|
@@ -2772,12 +2815,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_read_user_tmp_files',`
|
template(`userdom_read_user_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27418,7 +27455,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2809,10 +2851,10 @@
|
@@ -2809,10 +2852,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_read_user_tmp_files',`
|
template(`userdom_dontaudit_read_user_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27431,7 +27468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2844,10 +2886,48 @@
|
@@ -2844,10 +2887,48 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_append_user_tmp_files',`
|
template(`userdom_dontaudit_append_user_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27482,7 +27519,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2877,12 +2957,12 @@
|
@@ -2877,12 +2958,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_rw_user_tmp_files',`
|
template(`userdom_rw_user_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27498,7 +27535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2914,10 +2994,10 @@
|
@@ -2914,10 +2995,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_dontaudit_manage_user_tmp_files',`
|
template(`userdom_dontaudit_manage_user_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27511,7 +27548,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2949,12 +3029,12 @@
|
@@ -2949,12 +3030,12 @@
|
||||||
#
|
#
|
||||||
template(`userdom_read_user_tmp_symlinks',`
|
template(`userdom_read_user_tmp_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27527,7 +27564,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2986,11 +3066,11 @@
|
@@ -2986,11 +3067,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_tmp_dirs',`
|
template(`userdom_manage_user_tmp_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27541,7 +27578,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3022,11 +3102,11 @@
|
@@ -3022,11 +3103,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_tmp_files',`
|
template(`userdom_manage_user_tmp_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27555,7 +27592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3058,11 +3138,11 @@
|
@@ -3058,11 +3139,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_tmp_symlinks',`
|
template(`userdom_manage_user_tmp_symlinks',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27569,7 +27606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3094,11 +3174,11 @@
|
@@ -3094,11 +3175,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_tmp_pipes',`
|
template(`userdom_manage_user_tmp_pipes',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27583,7 +27620,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3130,11 +3210,11 @@
|
@@ -3130,11 +3211,11 @@
|
||||||
#
|
#
|
||||||
template(`userdom_manage_user_tmp_sockets',`
|
template(`userdom_manage_user_tmp_sockets',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27597,7 +27634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3179,10 +3259,10 @@
|
@@ -3179,10 +3260,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_user_tmp_filetrans',`
|
template(`userdom_user_tmp_filetrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27610,7 +27647,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
files_search_tmp($2)
|
files_search_tmp($2)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -3223,10 +3303,10 @@
|
@@ -3223,10 +3304,10 @@
|
||||||
#
|
#
|
||||||
template(`userdom_tmp_filetrans_user_tmp',`
|
template(`userdom_tmp_filetrans_user_tmp',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27623,7 +27660,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -3254,6 +3334,42 @@
|
@@ -3254,6 +3335,42 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -27666,7 +27703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
template(`userdom_rw_user_tmpfs_files',`
|
template(`userdom_rw_user_tmpfs_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type $1_tmpfs_t;
|
type $1_tmpfs_t;
|
||||||
@@ -4231,11 +4347,11 @@
|
@@ -4231,11 +4348,11 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_search_staff_home_dirs',`
|
interface(`userdom_search_staff_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27680,7 +27717,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4251,10 +4367,10 @@
|
@@ -4251,10 +4368,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_dontaudit_search_staff_home_dirs',`
|
interface(`userdom_dontaudit_search_staff_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27693,7 +27730,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4270,11 +4386,11 @@
|
@@ -4270,11 +4387,11 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_manage_staff_home_dirs',`
|
interface(`userdom_manage_staff_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27707,7 +27744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4289,16 +4405,16 @@
|
@@ -4289,16 +4406,16 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_relabelto_staff_home_dirs',`
|
interface(`userdom_relabelto_staff_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27727,7 +27764,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## users home directory.
|
## users home directory.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -4307,12 +4423,27 @@
|
@@ -4307,12 +4424,27 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -27758,7 +27795,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4327,13 +4458,13 @@
|
@@ -4327,13 +4459,13 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_read_staff_home_content_files',`
|
interface(`userdom_read_staff_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27776,7 +27813,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4531,10 +4662,10 @@
|
@@ -4531,10 +4663,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_getattr_sysadm_home_dirs',`
|
interface(`userdom_getattr_sysadm_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27789,7 +27826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4551,10 +4682,10 @@
|
@@ -4551,10 +4683,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
|
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27802,7 +27839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4569,10 +4700,10 @@
|
@@ -4569,10 +4701,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_search_sysadm_home_dirs',`
|
interface(`userdom_search_sysadm_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27815,7 +27852,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4588,10 +4719,10 @@
|
@@ -4588,10 +4720,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
|
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27828,7 +27865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4606,10 +4737,10 @@
|
@@ -4606,10 +4738,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_list_sysadm_home_dirs',`
|
interface(`userdom_list_sysadm_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27841,7 +27878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4625,10 +4756,10 @@
|
@@ -4625,10 +4757,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
|
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27854,7 +27891,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4644,12 +4775,11 @@
|
@@ -4644,12 +4776,11 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
|
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27870,7 +27907,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4676,10 +4806,10 @@
|
@@ -4676,10 +4807,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_sysadm_home_dir_filetrans',`
|
interface(`userdom_sysadm_home_dir_filetrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27883,7 +27920,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4694,10 +4824,10 @@
|
@@ -4694,10 +4825,10 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_search_sysadm_home_content_dirs',`
|
interface(`userdom_search_sysadm_home_content_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27896,7 +27933,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4712,13 +4842,13 @@
|
@@ -4712,13 +4843,13 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_read_sysadm_home_content_files',`
|
interface(`userdom_read_sysadm_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27914,7 +27951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4754,11 +4884,49 @@
|
@@ -4754,11 +4885,49 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_search_all_users_home_dirs',`
|
interface(`userdom_search_all_users_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -27965,7 +28002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4778,6 +4946,14 @@
|
@@ -4778,6 +4947,14 @@
|
||||||
|
|
||||||
files_list_home($1)
|
files_list_home($1)
|
||||||
allow $1 home_dir_type:dir list_dir_perms;
|
allow $1 home_dir_type:dir list_dir_perms;
|
||||||
@ -27980,7 +28017,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4839,6 +5015,26 @@
|
@@ -4839,6 +5016,26 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -28007,7 +28044,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Create, read, write, and delete all directories
|
## Create, read, write, and delete all directories
|
||||||
## in all users home directories.
|
## in all users home directories.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -4859,6 +5055,25 @@
|
@@ -4859,6 +5056,25 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -28033,7 +28070,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Create, read, write, and delete all files
|
## Create, read, write, and delete all files
|
||||||
## in all users home directories.
|
## in all users home directories.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -4879,6 +5094,26 @@
|
@@ -4879,6 +5095,26 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -28060,7 +28097,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Create, read, write, and delete all symlinks
|
## Create, read, write, and delete all symlinks
|
||||||
## in all users home directories.
|
## in all users home directories.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -5115,7 +5350,7 @@
|
@@ -5115,7 +5351,7 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_relabelto_generic_user_home_dirs',`
|
interface(`userdom_relabelto_generic_user_home_dirs',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -28069,7 +28106,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
files_search_home($1)
|
files_search_home($1)
|
||||||
@@ -5304,6 +5539,50 @@
|
@@ -5304,6 +5540,50 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -28120,7 +28157,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Create, read, write, and delete directories in
|
## Create, read, write, and delete directories in
|
||||||
## unprivileged users home directories.
|
## unprivileged users home directories.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -5509,6 +5788,42 @@
|
@@ -5509,6 +5789,42 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -28163,7 +28200,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Read and write unprivileged user ttys.
|
## Read and write unprivileged user ttys.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -5674,6 +5989,42 @@
|
@@ -5674,6 +5990,42 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -28206,7 +28243,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Send a dbus message to all user domains.
|
## Send a dbus message to all user domains.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -5704,3 +6055,368 @@
|
@@ -5704,3 +6056,368 @@
|
||||||
interface(`userdom_unconfined',`
|
interface(`userdom_unconfined',`
|
||||||
refpolicywarn(`$0($*) has been deprecated.')
|
refpolicywarn(`$0($*) has been deprecated.')
|
||||||
')
|
')
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.2.9
|
Version: 3.2.9
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -387,6 +387,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 21 2008 Dan Walsh <dwalsh@redhat.com> 3.2.9-2
|
||||||
|
- Add fusectl file system
|
||||||
|
|
||||||
* Wed Feb 20 2008 Dan Walsh <dwalsh@redhat.com> 3.2.9-1
|
* Wed Feb 20 2008 Dan Walsh <dwalsh@redhat.com> 3.2.9-1
|
||||||
- Fixes from yum-cron
|
- Fixes from yum-cron
|
||||||
- Update to latest upstream
|
- Update to latest upstream
|
||||||
|
Loading…
Reference in New Issue
Block a user