trunk: 3 patches from dan
This commit is contained in:
parent
c040ea12b2
commit
939a4287b3
@ -130,8 +130,11 @@ ifdef(`distro_gentoo',`
|
|||||||
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/cups/filter/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -164,6 +167,7 @@ ifdef(`distro_gentoo',`
|
|||||||
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/local/Brother/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
|
|
||||||
@ -221,6 +225,7 @@ ifdef(`distro_redhat', `
|
|||||||
/usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(corecommands,1.7.0)
|
policy_module(corecommands,1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -106,6 +106,24 @@ interface(`kernel_setpgid',`
|
|||||||
allow $1 kernel_t:process setpgid;
|
allow $1 kernel_t:process setpgid;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Set the priority of kernel threads.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`kernel_setsched',`
|
||||||
|
gen_require(`
|
||||||
|
type kernel_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 kernel_t:process setsched;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Send a SIGCHLD signal to kernel threads.
|
## Send a SIGCHLD signal to kernel threads.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(kernel,1.7.0)
|
policy_module(kernel,1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
|
/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
@ -100,6 +100,7 @@ interface(`storage_raw_read_fixed_disk',`
|
|||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
|
allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
|
||||||
|
allow $1 fixed_disk_device_t:chr_file read_chr_file_perms;
|
||||||
typeattribute $1 fixed_disk_raw_read;
|
typeattribute $1 fixed_disk_raw_read;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -144,6 +145,7 @@ interface(`storage_raw_write_fixed_disk',`
|
|||||||
|
|
||||||
dev_list_all_dev_nodes($1)
|
dev_list_all_dev_nodes($1)
|
||||||
allow $1 fixed_disk_device_t:blk_file write_blk_file_perms;
|
allow $1 fixed_disk_device_t:blk_file write_blk_file_perms;
|
||||||
|
allow $1 fixed_disk_device_t:chr_file write_chr_file_perms;
|
||||||
typeattribute $1 fixed_disk_raw_write;
|
typeattribute $1 fixed_disk_raw_write;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(storage,1.3.0)
|
policy_module(storage,1.3.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user