- Add cyphesis policy

This commit is contained in:
Daniel J Walsh 2008-02-27 02:26:49 +00:00
parent c092cc1478
commit 93f3656a99

View File

@ -3878,7 +3878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 08:56:02.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 16:14:55.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 21:21:39.000000000 -0500
@@ -32,7 +32,7 @@
## </summary>
## </param>
@ -4029,7 +4029,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
+ allow $1_java_t self:process { getsched sigkill execheap execmem execstack };
+
+ allow $2 $1_java_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh };
+ allow $1_javaplugin_t $2:tcp_socket { read write };
+ allow $1_java_t $2:tcp_socket { read write };
+
+ domtrans_pattern($2, java_exec_t, $1_java_t)
+
@ -19282,7 +19282,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+/etc/rc.d/init.d/smb -- gen_context(system_u:object_r:samba_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2007-10-12 08:56:07.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/services/samba.if 2008-02-26 17:31:18.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/samba.if 2008-02-26 21:19:09.000000000 -0500
@@ -63,6 +63,25 @@
########################################
@ -19333,7 +19333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+## </param>
+## <rolecap/>
+#
+interface(`samba_run_net',`
+interface(`samba_run_unconfined_net',`
+ gen_require(`
+ type samba_unconfined_net_t;
+ ')