more strict testing fixes
This commit is contained in:
Chris PeBenito
parent
d15dd5a739
commit
98de871cee
@ -654,7 +654,7 @@ interface(`auth_rw_lastlog',`
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
allow $1 lastlog_t:file { getattr read write setattr };
|
||||
allow $1 lastlog_t:file { getattr read write lock setattr };
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(authlogin,1.3.11)
|
||||
policy_module(authlogin,1.3.12)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -9,7 +9,11 @@
|
||||
|
||||
/etc/rc\.d/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
||||
ifdef(`targeted_policy', `', `
|
||||
ifdef(`distro_gentoo',`
|
||||
/etc/vmware/init\.d/vmware -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
')
|
||||
|
||||
ifdef(`strict_policy',`
|
||||
/etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
')
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(init,1.3.21)
|
||||
policy_module(init,1.3.22)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
@ -221,9 +221,10 @@ term_create_pty(initrc_t,initrc_devpts_t)
|
||||
|
||||
can_exec(initrc_t,initrc_exec_t)
|
||||
|
||||
allow initrc_t initrc_state_t:dir create_dir_perms;
|
||||
allow initrc_t initrc_state_t:file create_file_perms;
|
||||
allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
|
||||
allow initrc_t initrc_state_t:dir manage_dir_perms;
|
||||
allow initrc_t initrc_state_t:file manage_file_perms;
|
||||
allow initrc_t initrc_state_t:fifo_file manage_file_perms;
|
||||
allow initrc_t initrc_state_t:lnk_file create_lnk_perms;
|
||||
|
||||
allow initrc_t initrc_var_run_t:file create_file_perms;
|
||||
files_pid_filetrans(initrc_t,initrc_var_run_t,file)
|
||||
@ -466,6 +467,10 @@ ifdef(`distro_redhat',`
|
||||
miscfiles_read_fonts(initrc_t)
|
||||
miscfiles_read_hwdata(initrc_t)
|
||||
|
||||
# for integrated run_init to read run_init_type.
|
||||
# happens during boot (/sbin/rc execs init scripts)
|
||||
seutil_read_default_contexts(initrc_t)
|
||||
|
||||
optional_policy(`
|
||||
bind_manage_config_dirs(initrc_t)
|
||||
bind_write_config(initrc_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(selinuxutil,1.2.11)
|
||||
policy_module(selinuxutil,1.2.12)
|
||||
|
||||
ifdef(`strict_policy',`
|
||||
gen_require(`
|
||||
@ -565,6 +565,8 @@ corecmd_exec_sbin(semanage_t)
|
||||
|
||||
dev_read_urand(semanage_t)
|
||||
|
||||
domain_use_interactive_fds(semanage_t)
|
||||
|
||||
files_read_etc_files(semanage_t)
|
||||
files_read_usr_files(semanage_t)
|
||||
files_list_pids(semanage_t)
|
||||
|
||||
@ -50,7 +50,11 @@ ifdef(`distro_redhat',`
|
||||
/var/lib/dhcp3? -d gen_context(system_u:object_r:dhcp_state_t,s0)
|
||||
/var/lib/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
/var/lib/dhcpcd(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
|
||||
/var/lib/dhclient(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
|
||||
/var/run/dhclient.*\.pid -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
|
||||
/var/run/dhclient.*\.leases -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
|
||||
|
||||
ifdef(`distro_gentoo',`
|
||||
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(sysnetwork,1.1.9)
|
||||
policy_module(sysnetwork,1.1.10)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user