rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix requires

Browse Source
This commit is contained in:
Chris PeBenito 2005-10-19 13:11:49 +00:00
parent 12ae7557d3
commit 90c3ddefe3
1 changed files with 15 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
refpolicy/policy/modules/system/userdomain.if
View File

@ -993,7 +993,7 @@ template(`admin_user_template',`
# #
template(`userdom_search_user_home',` template(`userdom_search_user_home',`
gen_require(` gen_require(`
class dir { getattr search }; type $1_home_dir_t;
') ')
files_search_home($2) files_search_home($2)
@ -1023,8 +1023,7 @@ template(`userdom_search_user_home',`
# #
template(`userdom_read_user_home_files',` template(`userdom_read_user_home_files',`
gen_require(` gen_require(`
class dir search; type $1_home_dir_t, $1_home_t;
class file r_file_perms;
') ')
files_search_home($2) files_search_home($2)
@ -1056,7 +1055,7 @@ template(`userdom_read_user_home_files',`
# #
template(`userdom_exec_user_home_files',` template(`userdom_exec_user_home_files',`
gen_require(` gen_require(`
class dir search; type $1_home_dir_t, $1_home_t;
') ')
files_search_home($2) files_search_home($2)
@ -1090,8 +1089,7 @@ template(`userdom_exec_user_home_files',`
# #
template(`userdom_manage_user_home_subdir_files',` template(`userdom_manage_user_home_subdir_files',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_home_dir_t, $1_home_t;
class file create_file_perms;
') ')
files_search_home($2) files_search_home($2)
@ -1125,8 +1123,7 @@ template(`userdom_manage_user_home_subdir_files',`
# #
template(`userdom_manage_user_home_subdir_symlinks',` template(`userdom_manage_user_home_subdir_symlinks',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_home_dir_t, $1_home_t;
class lnk_file create_lnk_perms;
') ')
files_search_home($2) files_search_home($2)
@ -1160,8 +1157,7 @@ template(`userdom_manage_user_home_subdir_symlinks',`
# #
template(`userdom_manage_user_home_subdir_pipes',` template(`userdom_manage_user_home_subdir_pipes',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_home_dir_t, $1_home_t;
class fifo_file create_file_perms;
') ')
files_search_home($2) files_search_home($2)
@ -1195,8 +1191,7 @@ template(`userdom_manage_user_home_subdir_pipes',`
# #
template(`userdom_manage_user_home_subdir_sockets',` template(`userdom_manage_user_home_subdir_sockets',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_home_dir_t, $1_home_t;
class sock_file create_file_perms;
') ')
files_search_home($2) files_search_home($2)
@ -1233,7 +1228,7 @@ template(`userdom_manage_user_home_subdir_sockets',`
# #
template(`userdom_create_user_home',` template(`userdom_create_user_home',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_home_dir_t, $1_home_t;
') ')
files_search_home($2) files_search_home($2)
@ -1272,7 +1267,7 @@ template(`userdom_create_user_home',`
# #
template(`userdom_manage_user_tmp_dirs',` template(`userdom_manage_user_tmp_dirs',`
gen_require(` gen_require(`
class dir create_dir_perms; type $1_tmp_t;
') ')
files_search_tmp($2) files_search_tmp($2)
@ -1304,8 +1299,7 @@ template(`userdom_manage_user_tmp_dirs',`
# #
template(`userdom_manage_user_tmp_files',` template(`userdom_manage_user_tmp_files',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_tmp_t;
class file create_file_perms;
') ')
files_search_tmp($2) files_search_tmp($2)
@ -1338,8 +1332,7 @@ template(`userdom_manage_user_tmp_files',`
# #
template(`userdom_manage_user_tmp_symlinks',` template(`userdom_manage_user_tmp_symlinks',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_tmp_t;
class lnk_file create_lnk_perms;
') ')
files_search_tmp($2) files_search_tmp($2)
@ -1372,8 +1365,7 @@ template(`userdom_manage_user_tmp_symlinks',`
# #
template(`userdom_manage_user_tmp_pipes',` template(`userdom_manage_user_tmp_pipes',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_tmp_t;
class fifo_file create_file_perms;
') ')
files_search_tmp($2) files_search_tmp($2)
@ -1406,8 +1398,7 @@ template(`userdom_manage_user_tmp_pipes',`
# #
template(`userdom_manage_user_tmp_sockets',` template(`userdom_manage_user_tmp_sockets',`
gen_require(` gen_require(`
class dir rw_dir_perms; type $1_tmp_t;
class sock_file create_file_perms;
') ')
files_search_tmp($2) files_search_tmp($2)
@ -1438,7 +1429,7 @@ template(`userdom_manage_user_tmp_sockets',`
# #
template(`userdom_use_user_terminals',` template(`userdom_use_user_terminals',`
gen_require(` gen_require(`
class chr_file rw_term_perms; type $1_tty_device_t, $1_devpts_t;
') ')
allow $2 $1_tty_device_t:chr_file rw_term_perms; allow $2 $1_tty_device_t:chr_file rw_term_perms;
@ -1497,9 +1488,6 @@ interface(`userdom_shell_domtrans_sysadm',`
',` ',`
gen_require(` gen_require(`
type sysadm_t; type sysadm_t;
class fd use;
class fifo_file rw_file_perms;
class process sigchld;
') ')
corecmd_shell_domtrans($1,sysadm_t) corecmd_shell_domtrans($1,sysadm_t)
@ -1522,7 +1510,6 @@ interface(`userdom_shell_domtrans_sysadm',`
interface(`userdom_search_staff_home_dir',` interface(`userdom_search_staff_home_dir',`
gen_require(` gen_require(`
type staff_home_dir_t; type staff_home_dir_t;
class dir search;
') ')
files_search_home($1) files_search_home($1)
@ -1541,7 +1528,6 @@ interface(`userdom_search_staff_home_dir',`
interface(`userdom_dontaudit_search_staff_home_dir',` interface(`userdom_dontaudit_search_staff_home_dir',`
gen_require(` gen_require(`
type staff_home_dir_t; type staff_home_dir_t;
class dir search;
') ')
dontaudit $1 staff_home_dir_t:dir search; dontaudit $1 staff_home_dir_t:dir search;
@ -1558,9 +1544,6 @@ interface(`userdom_dontaudit_search_staff_home_dir',`
interface(`userdom_read_staff_home_files',` interface(`userdom_read_staff_home_files',`
gen_require(` gen_require(`
type staff_home_dir_t, staff_home_t; type staff_home_dir_t, staff_home_t;
class dir r_dir_perms;
class file r_file_perms;
class lnk_file r_file_perms;
') ')
files_search_home($1) files_search_home($1)
@ -1598,7 +1581,6 @@ interface(`userdom_use_sysadm_tty',`
',` ',`
gen_require(` gen_require(`
type sysadm_tty_device_t; type sysadm_tty_device_t;
class chr_file rw_term_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -1621,7 +1603,6 @@ interface(`userdom_dontaudit_use_sysadm_tty',`
',` ',`
gen_require(` gen_require(`
type sysadm_tty_device_t; type sysadm_tty_device_t;
class chr_file { read write };
') ')
dontaudit $1 sysadm_tty_device_t:chr_file { read write }; dontaudit $1 sysadm_tty_device_t:chr_file { read write };
@ -1642,7 +1623,6 @@ interface(`userdom_use_sysadm_pty',`
',` ',`
gen_require(` gen_require(`
type sysadm_devpts_t; type sysadm_devpts_t;
class chr_file rw_term_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -1698,7 +1678,6 @@ interface(`userdom_dontaudit_use_sysadm_terms',`
',` ',`
gen_require(` gen_require(`
attribute admin_terminal; attribute admin_terminal;
class chr_file { read write };
') ')
dontaudit $1 admin_terminal:chr_file { read write }; dontaudit $1 admin_terminal:chr_file { read write };
@ -1720,7 +1699,6 @@ interface(`userdom_use_sysadm_fd',`
',` ',`
gen_require(` gen_require(`
type sysadm_t; type sysadm_t;
class fd use;
') ')
allow $1 sysadm_t:fd use; allow $1 sysadm_t:fd use;
@ -1742,7 +1720,6 @@ interface(`userdom_rw_sysadm_pipe',`
',` ',`
gen_require(` gen_require(`
type sysadm_t; type sysadm_t;
class fifo_file rw_file_perms;
') ')
allow $1 sysadm_t:fifo_file rw_file_perms; allow $1 sysadm_t:fifo_file rw_file_perms;
@ -1794,7 +1771,6 @@ interface(`userdom_search_sysadm_home_dir',`
interface(`userdom_dontaudit_search_sysadm_home_dir',` interface(`userdom_dontaudit_search_sysadm_home_dir',`
gen_require(` gen_require(`
type sysadm_home_dir_t; type sysadm_home_dir_t;
class dir search;
') ')
dontaudit $1 sysadm_home_dir_t:dir search; dontaudit $1 sysadm_home_dir_t:dir search;
@ -1812,7 +1788,6 @@ interface(`userdom_dontaudit_search_sysadm_home_dir',`
interface(`userdom_dontaudit_list_sysadm_home_dir',` interface(`userdom_dontaudit_list_sysadm_home_dir',`
gen_require(` gen_require(`
type sysadm_home_dir_t; type sysadm_home_dir_t;
class dir r_dir_perms;
') ')
dontaudit $1 sysadm_home_dir_t:dir r_dir_perms; dontaudit $1 sysadm_home_dir_t:dir r_dir_perms;
@ -1829,9 +1804,6 @@ interface(`userdom_dontaudit_list_sysadm_home_dir',`
interface(`userdom_read_sysadm_home_files',` interface(`userdom_read_sysadm_home_files',`
gen_require(` gen_require(`
type sysadm_home_dir_t, sysadm_home_t; type sysadm_home_dir_t, sysadm_home_t;
class dir r_dir_perms;
class file r_file_perms;
class lnk_file r_file_perms;
') ')
files_search_home($1) files_search_home($1)
@ -1850,7 +1822,6 @@ interface(`userdom_read_sysadm_home_files',`
interface(`userdom_search_all_users_home',` interface(`userdom_search_all_users_home',`
gen_require(` gen_require(`
attribute home_dir_type, home_type; attribute home_dir_type, home_type;
class dir search;
') ')
files_list_home($1) files_list_home($1)
@ -1868,7 +1839,6 @@ interface(`userdom_search_all_users_home',`
interface(`userdom_dontaudit_search_all_users_home',` interface(`userdom_dontaudit_search_all_users_home',`
gen_require(` gen_require(`
attribute home_dir_type, home_type; attribute home_dir_type, home_type;
class dir search;
') ')
dontaudit $1 { home_dir_type home_type }:dir search; dontaudit $1 { home_dir_type home_type }:dir search;
@ -1885,8 +1855,6 @@ interface(`userdom_dontaudit_search_all_users_home',`
interface(`userdom_read_all_user_files',` interface(`userdom_read_all_user_files',`
gen_require(` gen_require(`
attribute home_type; attribute home_type;
class dir r_dir_perms;
class file r_file_perms;
') ')
files_list_home($1) files_list_home($1)
@ -1961,7 +1929,6 @@ interface(`userdom_manage_all_user_symlinks',`
interface(`userdom_signal_unpriv_users',` interface(`userdom_signal_unpriv_users',`
gen_require(` gen_require(`
attribute unpriv_userdomain; attribute unpriv_userdomain;
class process signal;
') ')
allow $1 unpriv_userdomain:process signal; allow $1 unpriv_userdomain:process signal;
@ -1978,7 +1945,6 @@ interface(`userdom_signal_unpriv_users',`
interface(`userdom_use_unpriv_users_fd',` interface(`userdom_use_unpriv_users_fd',`
gen_require(` gen_require(`
attribute unpriv_userdomain; attribute unpriv_userdomain;
class fd use;
') ')
allow $1 unpriv_userdomain:fd use; allow $1 unpriv_userdomain:fd use;
@ -1996,7 +1962,6 @@ interface(`userdom_use_unpriv_users_fd',`
interface(`userdom_dontaudit_use_unpriv_user_fd',` interface(`userdom_dontaudit_use_unpriv_user_fd',`
gen_require(` gen_require(`
attribute unpriv_userdomain; attribute unpriv_userdomain;
class fd use;
') ')
dontaudit $1 unpriv_userdomain:fd use; dontaudit $1 unpriv_userdomain:fd use;
@ -2031,7 +1996,6 @@ interface(`userdom_create_user_home_dir',`
interface(`userdom_manage_user_home_dir',` interface(`userdom_manage_user_home_dir',`
gen_require(` gen_require(`
type user_home_dir_t; type user_home_dir_t;
class dir create_dir_perms;
') ')
allow $1 user_home_dir_t:dir create_dir_perms; allow $1 user_home_dir_t:dir create_dir_perms;
@ -2053,7 +2017,6 @@ interface(`userdom_manage_user_home_dir',`
interface(`userdom_create_user_home',` interface(`userdom_create_user_home',`
gen_require(` gen_require(`
type user_home_dir_t, user_home_t; type user_home_dir_t, user_home_t;
class dir rw_dir_perms;
') ')
allow $1 user_home_dir_t:dir rw_dir_perms; allow $1 user_home_dir_t:dir rw_dir_perms;
@ -2075,7 +2038,6 @@ interface(`userdom_create_user_home',`
interface(`userdom_dontaudit_search_user_home_dirs',` interface(`userdom_dontaudit_search_user_home_dirs',`
gen_require(` gen_require(`
type user_home_t; type user_home_t;
class dir search;
') ')
dontaudit $1 user_home_t:dir search; dontaudit $1 user_home_t:dir search;
@ -2094,7 +2056,6 @@ interface(`userdom_dontaudit_search_user_home_dirs',`
interface(`userdom_manage_user_home_dirs',` interface(`userdom_manage_user_home_dirs',`
gen_require(` gen_require(`
type user_home_t; type user_home_t;
class dir create_dir_perms;
') ')
allow $1 user_home_t:dir create_dir_perms; allow $1 user_home_t:dir create_dir_perms;
@ -2112,8 +2073,6 @@ interface(`userdom_manage_user_home_dirs',`
interface(`userdom_manage_user_home_files',` interface(`userdom_manage_user_home_files',`
gen_require(` gen_require(`
type user_home_t; type user_home_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:dir rw_dir_perms;
@ -2132,8 +2091,6 @@ interface(`userdom_manage_user_home_files',`
interface(`userdom_manage_user_home_symlinks',` interface(`userdom_manage_user_home_symlinks',`
gen_require(` gen_require(`
type user_home_t; type user_home_t;
class dir rw_dir_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:dir rw_dir_perms;
@ -2152,8 +2109,6 @@ interface(`userdom_manage_user_home_symlinks',`
interface(`userdom_manage_user_home_pipes',` interface(`userdom_manage_user_home_pipes',`
gen_require(` gen_require(`
type user_home_t; type user_home_t;
class dir rw_dir_perms;
class fifo_file create_file_perms;
') ')
allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:dir rw_dir_perms;
@ -2172,8 +2127,6 @@ interface(`userdom_manage_user_home_pipes',`
interface(`userdom_manage_user_home_sockets',` interface(`userdom_manage_user_home_sockets',`
gen_require(` gen_require(`
type user_home_t; type user_home_t;
class dir rw_dir_perms;
class sock_file create_file_perms;
') ')
allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:dir rw_dir_perms;
@ -2207,7 +2160,7 @@ interface(`userdom_search_unpriv_user_home_dirs',`
# #
interface(`userdom_read_unpriv_user_home_files',` interface(`userdom_read_unpriv_user_home_files',`
gen_require(` gen_require(`
type user_home_dir_type, user_home_type; attribute user_home_dir_type, user_home_type;
') ')
allow $1 user_home_dir_type:dir search; allow $1 user_home_dir_type:dir search;
@ -2225,7 +2178,6 @@ interface(`userdom_read_unpriv_user_home_files',`
interface(`userdom_write_unpriv_user_tmp',` interface(`userdom_write_unpriv_user_tmp',`
gen_require(` gen_require(`
attribute user_tmpfile; attribute user_tmpfile;
class file { getattr write append };
') ')
allow $1 user_tmpfile:file { getattr write append }; allow $1 user_tmpfile:file { getattr write append };
@ -2243,7 +2195,6 @@ interface(`userdom_write_unpriv_user_tmp',`
interface(`userdom_dontaudit_use_unpriv_user_tty',` interface(`userdom_dontaudit_use_unpriv_user_tty',`
gen_require(` gen_require(`
attribute user_ttynode; attribute user_ttynode;
class chr_file rw_file_perms;
') ')
dontaudit $1 user_ttynode:chr_file rw_file_perms; dontaudit $1 user_ttynode:chr_file rw_file_perms;
@ -2260,7 +2211,6 @@ interface(`userdom_dontaudit_use_unpriv_user_tty',`
interface(`userdom_use_all_user_fd',` interface(`userdom_use_all_user_fd',`
gen_require(` gen_require(`
attribute userdomain; attribute userdomain;
class fd use;
') ')
allow $1 userdomain:fd use; allow $1 userdomain:fd use;
@ -2278,7 +2228,6 @@ interface(`userdom_use_all_user_fd',`
interface(`userdom_dontaudit_use_all_user_fd',` interface(`userdom_dontaudit_use_all_user_fd',`
gen_require(` gen_require(`
attribute userdomain; attribute userdomain;
class fd use;
') ')
dontaudit $1 userdomain:fd use; dontaudit $1 userdomain:fd use;
@ -2295,7 +2244,6 @@ interface(`userdom_dontaudit_use_all_user_fd',`
interface(`userdom_signal_all_users',` interface(`userdom_signal_all_users',`
gen_require(` gen_require(`
attribute userdomain; attribute userdomain;
class process signal;
') ')
allow $1 userdomain:process signal; allow $1 userdomain:process signal;
@ -2312,7 +2260,6 @@ interface(`userdom_signal_all_users',`
interface(`userdom_sigcld_all_users',` interface(`userdom_sigcld_all_users',`
gen_require(` gen_require(`
attribute userdomain; attribute userdomain;
class process sigchld;
') ')
allow $1 userdomain:process sigchld; allow $1 userdomain:process sigchld;
@ -2329,7 +2276,6 @@ interface(`userdom_sigcld_all_users',`
interface(`userdom_unconfined',` interface(`userdom_unconfined',`
gen_require(` gen_require(`
type user_home_dir_t; type user_home_dir_t;
class dir create_dir_perms;
') ')
allow $1 user_home_dir_t:dir create_dir_perms; allow $1 user_home_dir_t:dir create_dir_perms;