trunk: a pile of misc fixes, mainly sync xml docs with interface implementation.

This commit is contained in:
Chris PeBenito 2008-05-15 13:10:34 +00:00
parent a42ce93a4d
commit 8f3a0a95e0
30 changed files with 236 additions and 238 deletions

View File

@ -92,6 +92,8 @@ interface(`portage_compile_domain',`
gen_require(` gen_require(`
class dbus send_msg; class dbus send_msg;
type portage_devpts_t, portage_log_t, portage_tmp_t;
type portage_tmpfs_t;
') ')
allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw }; allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
@ -219,6 +221,10 @@ interface(`portage_compile_domain',`
## </param> ## </param>
# #
interface(`portage_fetch_domain',` interface(`portage_fetch_domain',`
gen_require(`
type portage_cache_t, portage_conf_t, portage_ebuild_t;
type portage_tmp_t, portage_fetch_tmp_t;
')
allow $1 self:capability { dac_override fowner fsetid }; allow $1 self:capability { dac_override fowner fsetid };
allow $1 self:process signal; allow $1 self:process signal;
@ -290,6 +296,9 @@ interface(`portage_fetch_domain',`
## </param> ## </param>
# #
interface(`portage_main_domain',` interface(`portage_main_domain',`
gen_require(`
type portage_log_t, portage_tmp_t;
')
# - setfscreate for merging to live fs # - setfscreate for merging to live fs
# - setexec to run portage fetch # - setexec to run portage fetch

View File

@ -34,6 +34,7 @@ interface(`awstats_rw_pipes',`
interface(`awstats_cgi_exec',` interface(`awstats_cgi_exec',`
gen_require(` gen_require(`
type httpd_awstats_script_exec_t; type httpd_awstats_script_exec_t;
type httpd_awstats_content_t;
') ')
allow $1 httpd_awstats_content_t:dir search_dir_perms; allow $1 httpd_awstats_content_t:dir search_dir_perms;

View File

@ -192,11 +192,6 @@ template(`ethereal_per_role_template',`
## is the prefix for user_t). ## is the prefix for user_t).
## </summary> ## </summary>
## </param> ## </param>
## <param name="user_domain">
## <summary>
## The type of the user domain.
## </summary>
## </param>
# #
template(`ethereal_admin_template',` template(`ethereal_admin_template',`
gen_require(` gen_require(`

View File

@ -809,7 +809,12 @@ template(`evolution_per_role_template',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="object"> ## <param name="file_type">
## <summary>
## Private file type.
## </summary>
## </param>
## <param name="class">
## <summary> ## <summary>
## The object class of the object being created. If ## The object class of the object being created. If
## no class is specified, dir will be used. ## no class is specified, dir will be used.
@ -864,6 +869,12 @@ template(`evolution_stream_connect',`
## Send and receive messages from ## Send and receive messages from
## evolution over dbus. ## evolution over dbus.
## </summary> ## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## Domain allowed access. ## Domain allowed access.
@ -885,6 +896,12 @@ interface(`evolution_dbus_chat',`
## Send and receive messages from ## Send and receive messages from
## evolution_alarm over dbus. ## evolution_alarm over dbus.
## </summary> ## </summary>
## <param name="userdomain_prefix">
## <summary>
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
## </summary>
## </param>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## Domain allowed access. ## Domain allowed access.

View File

@ -192,11 +192,6 @@ template(`wireshark_per_role_template',`
## is the prefix for user_t). ## is the prefix for user_t).
## </summary> ## </summary>
## </param> ## </param>
## <param name="user_domain">
## <summary>
## The type of the user domain.
## </summary>
## </param>
# #
template(`wireshark_admin_template',` template(`wireshark_admin_template',`
gen_require(` gen_require(`

View File

@ -197,6 +197,25 @@ interface(`corecmd_getattr_bin_files',`
getattr_files_pattern($1,bin_t,bin_t) getattr_files_pattern($1,bin_t,bin_t)
') ')
########################################
## <summary>
## Get the attributes of files in bin directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corecmd_dontaudit_getattr_bin_files',`
gen_require(`
type bin_t;
')
dontaudit $1 bin_t:dir search_dir_perms;
dontaudit $1 bin_t:file getattr_file_perms;
')
######################################## ########################################
## <summary> ## <summary>
## Read files in bin directories. ## Read files in bin directories.
@ -685,7 +704,7 @@ interface(`corecmd_mmap_sbin_files',`
## </param> ## </param>
# #
interface(`corecmd_sbin_domtrans',` interface(`corecmd_sbin_domtrans',`
corecmd_bin_domtrans($1,$2,$3) corecmd_bin_domtrans($1,$2)
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.') refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
') ')
@ -726,7 +745,7 @@ interface(`corecmd_sbin_domtrans',`
## </param> ## </param>
# #
interface(`corecmd_sbin_spec_domtrans',` interface(`corecmd_sbin_spec_domtrans',`
corecmd_bin_spec_domtrans($1,$2,$3) corecmd_bin_spec_domtrans($1,$2)
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.') refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
') ')

View File

@ -1219,6 +1219,11 @@ interface(`domain_mmap_all_entry_files',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="target_domain">
## <summary>
## The type of the new process.
## </summary>
## </param>
# #
# cjp: added for userhelper # cjp: added for userhelper
interface(`domain_entry_file_spec_domtrans',` interface(`domain_entry_file_spec_domtrans',`

View File

@ -4208,7 +4208,7 @@ interface(`files_getattr_generic_locks',`
# #
interface(`files_manage_generic_locks',` interface(`files_manage_generic_locks',`
gen_require(` gen_require(`
type var_lock_t; type var_t, var_lock_t;
') ')
allow $1 var_t:dir search_dir_perms; allow $1 var_t:dir search_dir_perms;
@ -4229,6 +4229,7 @@ interface(`files_manage_generic_locks',`
interface(`files_delete_all_locks',` interface(`files_delete_all_locks',`
gen_require(` gen_require(`
attribute lockfile; attribute lockfile;
type var_t;
') ')
allow $1 var_t:dir search_dir_perms; allow $1 var_t:dir search_dir_perms;
@ -4659,6 +4660,17 @@ interface(`files_manage_generic_spool',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="file">
## <summary>
## Type to which the created node will be transitioned.
## </summary>
## </param>
## <param name="class">
## <summary>
## Object class(es) (single or set including {}) for which this
## the transition will occur.
## </summary>
## </param>
# #
interface(`files_spool_filetrans',` interface(`files_spool_filetrans',`
gen_require(` gen_require(`

View File

@ -776,6 +776,25 @@ interface(`fs_read_noxattr_fs_symlinks',`
read_lnk_files_pattern($1,noxattrfs,noxattrfs) read_lnk_files_pattern($1,noxattrfs,noxattrfs)
') ')
########################################
## <summary>
## Do not audit attempts to read
## dirs on a CIFS or SMB filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`fs_dontaudit_list_cifs_dirs',`
gen_require(`
type cifs_t;
')
dontaudit $1 cifs_t:dir list_dir_perms;
')
######################################## ########################################
## <summary> ## <summary>
## Do not audit attempts to read ## Do not audit attempts to read
@ -833,6 +852,44 @@ interface(`fs_read_cifs_symlinks',`
read_lnk_files_pattern($1,cifs_t,cifs_t) read_lnk_files_pattern($1,cifs_t,cifs_t)
') ')
########################################
## <summary>
## Read named pipes
## on a CIFS or SMB network filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_read_cifs_named_pipes',`
gen_require(`
type cifs_t;
')
read_fifo_files_pattern($1,cifs_t,cifs_t)
')
########################################
## <summary>
## Read named pipes
## on a CIFS or SMB network filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_read_cifs_named_sockets',`
gen_require(`
type cifs_t;
')
read_sock_files_pattern($1,cifs_t,cifs_t)
')
######################################## ########################################
## <summary> ## <summary>
## Execute files on a CIFS or SMB ## Execute files on a CIFS or SMB
@ -1647,6 +1704,43 @@ interface(`fs_read_nfs_symlinks',`
read_lnk_files_pattern($1,nfs_t,nfs_t) read_lnk_files_pattern($1,nfs_t,nfs_t)
') ')
#########################################
## <summary>
## Read named sockets on a NFS filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_read_nfs_named_sockets',`
gen_require(`
type nfs_t;
')
read_sock_files_pattern($1,nfs_t,nfs_t)
')
#########################################
## <summary>
## Read named pipes on a NFS network filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`fs_read_nfs_named_pipes',`
gen_require(`
type nfs_t;
')
read_fifo_files_pattern($1,nfs_t,nfs_t)
')
######################################## ########################################
## <summary> ## <summary>
## Read directories of RPC file system pipes. ## Read directories of RPC file system pipes.
@ -2611,7 +2705,7 @@ interface(`fs_getattr_rpc_pipefs',`
# #
interface(`fs_rw_rpc_named_pipes',` interface(`fs_rw_rpc_named_pipes',`
gen_require(` gen_require(`
type nfs_t; type rpc_pipefs_t;
') ')
allow $1 rpc_pipefs_t:fifo_file { read write }; allow $1 rpc_pipefs_t:fifo_file { read write };

View File

@ -625,6 +625,7 @@ interface(`term_dontaudit_use_ptmx',`
interface(`term_getattr_all_user_ptys',` interface(`term_getattr_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
type devpts_t;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -667,6 +668,7 @@ interface(`term_dontaudit_getattr_all_user_ptys',`
interface(`term_setattr_all_user_ptys',` interface(`term_setattr_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
type devpts_t;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)

View File

@ -10,16 +10,6 @@
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the fetchmail domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`fetchmail_admin',` interface(`fetchmail_admin',`

View File

@ -293,6 +293,11 @@ template(`mta_admin_template',`
## Type to be used as a mail server domain. ## Type to be used as a mail server domain.
## </summary> ## </summary>
## </param> ## </param>
## <param name="entry_point">
## <summary>
## Type of the program to be used as an entry point to this domain.
## </summary>
## </param>
# #
interface(`mta_mailserver',` interface(`mta_mailserver',`
gen_require(` gen_require(`

View File

@ -102,6 +102,16 @@ interface(`ppp_domtrans',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to allow the ppp domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the terminal allow the ppp domain to use.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`ppp_run_cond',` interface(`ppp_run_cond',`
@ -126,6 +136,16 @@ interface(`ppp_run_cond',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to allow the ppp domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the terminal allow the ppp domain to use.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`ppp_run',` interface(`ppp_run',`
@ -280,23 +300,13 @@ interface(`ppp_pid_filetrans',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the ppp domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`ppp_admin',` interface(`ppp_admin',`
gen_require(` gen_require(`
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t; type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
type pppd_etc_t, pppd_script_t, pppd_secret_t; type pppd_etc_t, pppd_secret_t;
type pppd_etc_rw_t, pppd_var_lib_t, pppd_var_run_t; type pppd_etc_rw_t, pppd_var_run_t;
type pptp_t, pptp_log_t, pptp_var_run_t; type pptp_t, pptp_log_t, pptp_var_run_t;
') ')
@ -319,9 +329,6 @@ interface(`ppp_admin',`
manage_files_pattern($1, pppd_secret_t, pppd_secret_t) manage_files_pattern($1, pppd_secret_t, pppd_secret_t)
files_list_var_lib($1)
manage_files_pattern($1, pppd_var_lib_t, pppd_var_lib_t)
files_list_pids($1) files_list_pids($1)
manage_files_pattern($1, pppd_var_run_t, pppd_var_run_t) manage_files_pattern($1, pppd_var_run_t, pppd_var_run_t)

View File

@ -10,16 +10,6 @@
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the privoxy domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`privoxy_admin',` interface(`privoxy_admin',`

View File

@ -24,38 +24,28 @@ interface(`radius_use',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the radius domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`radius_admin',` interface(`radius_admin',`
gen_require(` gen_require(`
type radius_t, radius_etc_t, radius_log_t; type radiusd_t, radiusd_etc_t, radiusd_log_t;
type radius_etc_rw_t, radius_var_lib_t, radius_var_run_t; type radiusd_etc_rw_t, radiusd_var_lib_t, radiusd_var_run_t;
') ')
allow $1 radius_t:process { ptrace signal_perms getattr }; allow $1 radiusd_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, radius_t) ps_process_pattern($1, radiusd_t)
files_list_etc($1) files_list_etc($1)
manage_files_pattern($1, radius_etc_t, radius_etc_t) manage_files_pattern($1, radiusd_etc_t, radiusd_etc_t)
logging_list_logs($1) logging_list_logs($1)
manage_files_pattern($1, radius_log_t, radius_log_t) manage_files_pattern($1, radiusd_log_t, radiusd_log_t)
manage_files_pattern($1, radius_etc_rw_t, radius_etc_rw_t) manage_files_pattern($1, radiusd_etc_rw_t, radiusd_etc_rw_t)
files_list_var_lib($1) files_list_var_lib($1)
manage_files_pattern($1, radius_var_lib_t, radius_var_lib_t) manage_files_pattern($1, radiusd_var_lib_t, radiusd_var_lib_t)
files_list_pids($1) files_list_pids($1)
manage_files_pattern($1, radius_var_run_t, radius_var_run_t) manage_files_pattern($1, radiusd_var_run_t, radiusd_var_run_t)
') ')

View File

@ -10,16 +10,6 @@
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the radvd domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`radvd_admin',` interface(`radvd_admin',`

View File

@ -126,16 +126,6 @@ interface(`rwho_manage_spool_files',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the rwho domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`rwho_admin',` interface(`rwho_admin',`

View File

@ -29,16 +29,6 @@ interface(`sasl_connect',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the sasl domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`sasl_admin',` interface(`sasl_admin',`

View File

@ -28,16 +28,6 @@ interface(`smartmon_read_tmp_files',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the smartmon domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`smartmon_admin',` interface(`smartmon_admin',`

View File

@ -95,33 +95,23 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the snmp domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`snmp_admin',` interface(`snmp_admin',`
gen_require(` gen_require(`
type snmp_t, snmp_log_t; type snmpd_t, snmpd_log_t;
type snmp_var_lib_t, snmp_var_run_t; type snmpd_var_lib_t, snmpd_var_run_t;
') ')
allow $1 snmp_t:process { ptrace signal_perms getattr }; allow $1 snmpd_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, snmp_t) ps_process_pattern($1, snmpd_t)
logging_list_logs($1) logging_list_logs($1)
manage_files_pattern($1, snmp_log_t, snmp_log_t) manage_files_pattern($1, snmpd_log_t, snmpd_log_t)
files_list_var_lib($1) files_list_var_lib($1)
manage_files_pattern($1, snmp_var_lib_t, snmp_var_lib_t) manage_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
files_list_pids($1) files_list_pids($1)
manage_files_pattern($1, snmp_var_run_t, snmp_var_run_t) manage_files_pattern($1, snmpd_var_run_t, snmpd_var_run_t)
') ')

View File

@ -10,31 +10,21 @@
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the tftp domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`tftp_admin',` interface(`tftp_admin',`
gen_require(` gen_require(`
type tftp_t, tftpdir_t; type tftpd_t, tftpdir_t;
type tftp_rw_t, tftp_var_run_t; type tftpdir_rw_t, tftpd_var_run_t;
') ')
allow $1 tftp_t:process { ptrace signal_perms getattr }; allow $1 tftpd_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, tftp_t) ps_process_pattern($1, tftpd_t)
manage_files_pattern($1, tftp_rw_t, tftp_rw_t) manage_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
manage_files_pattern($1, tftpdir_t, tftpdir_t) manage_files_pattern($1, tftpdir_t, tftpdir_t)
files_list_pids($1) files_list_pids($1)
manage_files_pattern($1, tftp_var_run_t, tftp_var_run_t) manage_files_pattern($1, tftpd_var_run_t, tftpd_var_run_t)
') ')

View File

@ -28,21 +28,11 @@ interface(`tor_domtrans',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the tor domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`tor_admin',` interface(`tor_admin',`
gen_require(` gen_require(`
type tor_t, tor_log_t, tor_etc_t; type tor_t, tor_var_log_t, tor_etc_t;
type tor_var_lib_t, tor_var_run_t; type tor_var_lib_t, tor_var_run_t;
') ')
@ -50,7 +40,7 @@ interface(`tor_admin',`
ps_process_pattern($1, tor_t) ps_process_pattern($1, tor_t)
logging_list_logs($1) logging_list_logs($1)
manage_files_pattern($1, tor_log_t, tor_log_t) manage_files_pattern($1, tor_var_log_t, tor_var_log_t)
files_list_etc($1) files_list_etc($1)
manage_files_pattern($1, tor_etc_t, tor_etc_t) manage_files_pattern($1, tor_etc_t, tor_etc_t)

View File

@ -71,41 +71,31 @@ interface(`uucp_domtrans_uux',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the uucp domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`uucp_admin',` interface(`uucp_admin',`
gen_require(` gen_require(`
type uucp_t, uucp_tmp_t, uucp_log_t; type uucpd_t, uucpd_tmp_t, uucpd_log_t;
type uucp_spool_t, uucp_ro_t, uucp_rw_t; type uucpd_spool_t, uucpd_ro_t, uucpd_rw_t;
type uucp_var_run_t; type uucpd_var_run_t;
') ')
allow $1 uucp_t:process { ptrace signal_perms getattr }; allow $1 uucpd_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, uucp_t) ps_process_pattern($1, uucpd_t)
files_list_tmp($1) files_list_tmp($1)
manage_files_pattern($1, uucp_tmp_t, uucp_tmp_t) manage_files_pattern($1, uucpd_tmp_t, uucpd_tmp_t)
logging_list_logs($1) logging_list_logs($1)
manage_files_pattern($1, uucp_log_t, uucp_log_t) manage_files_pattern($1, uucpd_log_t, uucpd_log_t)
files_list_spool($1) files_list_spool($1)
manage_files_pattern($1, uucp_spool_t, uucp_spool_t) manage_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
manage_files_pattern($1, uucp_rw_t, uucp_rw_t) manage_files_pattern($1, uucpd_rw_t, uucpd_rw_t)
manage_files_pattern($1, uucp_ro_t, uucp_ro_t) manage_files_pattern($1, uucpd_ro_t, uucpd_ro_t)
files_list_pids($1) files_list_pids($1)
manage_files_pattern($1, uucp_var_run_t, uucp_var_run_t) manage_files_pattern($1, uucpd_var_run_t, uucpd_var_run_t)
') ')

View File

@ -87,16 +87,6 @@ interface(`zabbix_read_pid_files',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the zabbix domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`zabbix_admin',` interface(`zabbix_admin',`

View File

@ -32,16 +32,6 @@ interface(`zebra_read_config',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the zebra domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`zebra_admin',` interface(`zebra_admin',`

View File

@ -690,16 +690,6 @@ interface(`logging_manage_generic_logs',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the audit domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`logging_admin_audit',` interface(`logging_admin_audit',`
@ -731,16 +721,6 @@ interface(`logging_admin_audit',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the syslog domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`logging_admin_syslog',` interface(`logging_admin_syslog',`
@ -788,19 +768,9 @@ interface(`logging_admin_syslog',`
## Domain allowed access. ## Domain allowed access.
## </summary> ## </summary>
## </param> ## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the syslog domain.
## </summary>
## </param>
## <param name="terminal">
## <summary>
## The type of the user terminal.
## </summary>
## </param>
## <rolecap/> ## <rolecap/>
# #
interface(`logging_admin',` interface(`logging_admin',`
logging_admin_audit($1, $2, $3) logging_admin_audit($1)
logging_admin_syslog($1, $2, $3) logging_admin_syslog($1)
') ')

View File

@ -382,6 +382,7 @@ interface(`miscfiles_read_tetex_data',`
interface(`miscfiles_exec_tetex_data',` interface(`miscfiles_exec_tetex_data',`
gen_require(` gen_require(`
type fonts_t; type fonts_t;
type tetex_data_t;
') ')
files_search_var($1) files_search_var($1)

View File

@ -200,7 +200,7 @@ interface(`modutils_domtrans_depmod',`
# #
interface(`modutils_run_depmod',` interface(`modutils_run_depmod',`
gen_require(` gen_require(`
type depmod_t; type depmod_t, insmod_t;
') ')
modutils_domtrans_depmod($1) modutils_domtrans_depmod($1)

View File

@ -817,7 +817,7 @@ interface(`seutil_read_file_contexts',`
# #
interface(`seutil_rw_file_contexts',` interface(`seutil_rw_file_contexts',`
gen_require(` gen_require(`
type selinux_config_t, file_context_t; type selinux_config_t, file_context_t, default_context_t;
') ')
files_search_etc($1) files_search_etc($1)
@ -838,7 +838,7 @@ interface(`seutil_rw_file_contexts',`
# #
interface(`seutil_manage_file_contexts',` interface(`seutil_manage_file_contexts',`
gen_require(` gen_require(`
type selinux_config_t, file_context_t; type selinux_config_t, file_context_t, default_context_t;
') ')
files_search_etc($1) files_search_etc($1)

View File

@ -191,7 +191,7 @@ template(`userdom_ro_home_template',`
fs_read_nfs_named_sockets($1_t) fs_read_nfs_named_sockets($1_t)
fs_read_nfs_named_pipes($1_t) fs_read_nfs_named_pipes($1_t)
',` ',`
fs_dontaudit_read_nfs_dirs($1_t) fs_dontaudit_list_nfs($1_t)
fs_dontaudit_read_nfs_files($1_t) fs_dontaudit_read_nfs_files($1_t)
') ')
@ -1111,10 +1111,6 @@ template(`userdom_restricted_xwindows_user_template',`
java_per_role_template($1, $1_t, $1_r) java_per_role_template($1, $1_t, $1_r)
') ')
optional_policy(`
mono_per_role_template($1, $1_t, $1_r)
')
optional_policy(` optional_policy(`
setroubleshoot_dontaudit_stream_connect($1_t) setroubleshoot_dontaudit_stream_connect($1_t)
') ')
@ -4130,8 +4126,8 @@ interface(`userdom_sysadm_sbin_spec_domtrans_to',`
## </param> ## </param>
# #
interface(`userdom_sysadm_entry_spec_domtrans_to',` interface(`userdom_sysadm_entry_spec_domtrans_to',`
refpolicywarn(`$0($*) has been deprecated. Please use sysadm_entry_spec_domtrans_to() instead.') refpolicywarn(`$0($*) has been deprecated. Please use sysadm_entry_spec_domtrans() instead.')
sysadm_entry_spec_domtrans_to($1) sysadm_entry_spec_domtrans($1)
') ')
######################################## ########################################
@ -4850,7 +4846,7 @@ interface(`userdom_search_generic_user_home_dirs',`
# #
interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',` interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',`
refpolicywarn(`$0($*) has been deprecated. Please use unprivuser_home_dir_filetrans_home_content() instead.') refpolicywarn(`$0($*) has been deprecated. Please use unprivuser_home_dir_filetrans_home_content() instead.')
unprivuser_home_dir_filetrans_home_content($1) unprivuser_home_dir_filetrans_home_content($1, $2)
') ')
######################################## ########################################