trunk: 3 patches from dan

This commit is contained in:
Chris PeBenito 2007-08-07 17:06:32 +00:00
parent c040ea12b2
commit 939a4287b3
7 changed files with 30 additions and 4 deletions

View File

@ -130,8 +130,11 @@ ifdef(`distro_gentoo',`
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups/filter/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
@ -164,6 +167,7 @@ ifdef(`distro_gentoo',`
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/Brother/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
@ -221,6 +225,7 @@ ifdef(`distro_redhat', `
/usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(corecommands,1.7.0) policy_module(corecommands,1.7.1)
######################################## ########################################
# #

View File

@ -106,6 +106,24 @@ interface(`kernel_setpgid',`
allow $1 kernel_t:process setpgid; allow $1 kernel_t:process setpgid;
') ')
########################################
## <summary>
## Set the priority of kernel threads.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_setsched',`
gen_require(`
type kernel_t;
')
allow $1 kernel_t:process setsched;
')
######################################## ########################################
## <summary> ## <summary>
## Send a SIGCHLD signal to kernel threads. ## Send a SIGCHLD signal to kernel threads.

View File

@ -1,5 +1,5 @@
policy_module(kernel,1.7.0) policy_module(kernel,1.7.1)
######################################## ########################################
# #

View File

@ -23,6 +23,7 @@
/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0) /dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0) /dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0) /dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)

View File

@ -100,6 +100,7 @@ interface(`storage_raw_read_fixed_disk',`
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 fixed_disk_device_t:blk_file read_blk_file_perms; allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
allow $1 fixed_disk_device_t:chr_file read_chr_file_perms;
typeattribute $1 fixed_disk_raw_read; typeattribute $1 fixed_disk_raw_read;
') ')
@ -144,6 +145,7 @@ interface(`storage_raw_write_fixed_disk',`
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 fixed_disk_device_t:blk_file write_blk_file_perms; allow $1 fixed_disk_device_t:blk_file write_blk_file_perms;
allow $1 fixed_disk_device_t:chr_file write_chr_file_perms;
typeattribute $1 fixed_disk_raw_write; typeattribute $1 fixed_disk_raw_write;
') ')

View File

@ -1,5 +1,5 @@
policy_module(storage,1.3.0) policy_module(storage,1.3.1)
######################################## ########################################
# #