Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
This commit is contained in:
parent
9c7f2af2ed
commit
9a0f7994cb
@ -6,10 +6,10 @@ policy_module(abrt, 1.1.1)
|
||||
#
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow ABRT to modify public files
|
||||
## used for public file transfer services.
|
||||
## </p>
|
||||
## <p>
|
||||
## Allow ABRT to modify public files
|
||||
## used for public file transfer services.
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(abrt_anon_write, false)
|
||||
|
||||
@ -154,7 +154,7 @@ userdom_dontaudit_read_user_home_content_files(abrt_t)
|
||||
userdom_dontaudit_read_admin_home_files(abrt_t)
|
||||
|
||||
tunable_policy(`abrt_anon_write',`
|
||||
miscfiles_manage_public_files(abrt_t)
|
||||
miscfiles_manage_public_files(abrt_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -175,7 +175,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
policykit_dbus_chat(abrt_t)
|
||||
policykit_dbus_chat(abrt_t)
|
||||
policykit_domtrans_auth(abrt_t)
|
||||
policykit_read_lib(abrt_t)
|
||||
policykit_read_reload(abrt_t)
|
||||
@ -214,7 +214,7 @@ optional_policy(`
|
||||
|
||||
########################################
|
||||
#
|
||||
# abrt--helper local policy
|
||||
# abrt-helper local policy
|
||||
#
|
||||
|
||||
allow abrt_helper_t self:capability { chown setgid sys_nice };
|
||||
@ -248,13 +248,15 @@ miscfiles_read_localization(abrt_helper_t)
|
||||
term_dontaudit_use_all_ttys(abrt_helper_t)
|
||||
term_dontaudit_use_all_ptys(abrt_helper_t)
|
||||
|
||||
ifdef(`hide_broken_symptoms', `
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
domain_dontaudit_leaks(abrt_helper_t)
|
||||
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
|
||||
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
|
||||
|
||||
optional_policy(`
|
||||
rpm_dontaudit_leaks(abrt_helper_t)
|
||||
')
|
||||
|
||||
dev_dontaudit_read_all_blk_files(abrt_helper_t)
|
||||
dev_dontaudit_read_all_chr_files(abrt_helper_t)
|
||||
dev_dontaudit_write_all_chr_files(abrt_helper_t)
|
||||
@ -262,13 +264,12 @@ ifdef(`hide_broken_symptoms', `
|
||||
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
|
||||
')
|
||||
|
||||
|
||||
ifdef(`hide_broken_symptoms', `
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
attribute domain;
|
||||
')
|
||||
|
||||
allow abrt_t self:capability sys_resource;
|
||||
allow abrt_t self:capability sys_resource;
|
||||
allow abrt_t domain:file write;
|
||||
allow abrt_t domain:process setrlimit;
|
||||
')
|
||||
|
@ -82,7 +82,7 @@ files_var_filetrans(afs_t, afs_cache_t, { file dir })
|
||||
|
||||
kernel_rw_afs_state(afs_t)
|
||||
|
||||
ifdef(`hide_broken_symptoms', `
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
kernel_rw_unlabeled_files(afs_t)
|
||||
')
|
||||
|
||||
|
@ -35,8 +35,8 @@ allow aiccu_t self:unix_stream_socket create_stream_socket_perms;
|
||||
|
||||
allow aiccu_t aiccu_etc_t:file read_file_perms;
|
||||
|
||||
manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
|
||||
manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
|
||||
manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
|
||||
manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
|
||||
files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })
|
||||
|
||||
kernel_read_system_state(aiccu_t)
|
||||
|
@ -1,4 +1,4 @@
|
||||
policy_module(ajaxterm,1.0.0)
|
||||
policy_module(ajaxterm, 1.0.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -4,6 +4,7 @@ policy_module(apm, 1.11.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type apmd_t;
|
||||
type apmd_exec_t;
|
||||
init_daemon_domain(apmd_t, apmd_exec_t)
|
||||
|
@ -6,10 +6,10 @@ policy_module(bind, 1.11.0)
|
||||
#
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow BIND to write the master zone files.
|
||||
## Generally this is used for dynamic DNS or zone transfers.
|
||||
## </p>
|
||||
## <p>
|
||||
## Allow BIND to write the master zone files.
|
||||
## Generally this is used for dynamic DNS or zone transfers.
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(named_write_master_zones, false)
|
||||
|
||||
|
@ -4,6 +4,7 @@ policy_module(bluetooth, 3.3.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type bluetooth_t;
|
||||
type bluetooth_exec_t;
|
||||
init_daemon_domain(bluetooth_t, bluetooth_exec_t)
|
||||
|
@ -1,4 +1,4 @@
|
||||
policy_module(boinc,1.0.0)
|
||||
policy_module(boinc, 1.0.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -52,15 +52,15 @@ manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
|
||||
files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
|
||||
|
||||
manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
|
||||
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t,file)
|
||||
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t, file)
|
||||
|
||||
exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||
manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||
manage_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||
exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||
manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||
manage_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||
filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, { dir })
|
||||
|
||||
manage_dirs_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_files_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_dirs_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_files_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
|
||||
kernel_read_system_state(boinc_t)
|
||||
|
||||
@ -128,9 +128,9 @@ manage_files_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
|
||||
files_tmp_filetrans(boinc_project_t, boinc_project_tmp_t, { dir file })
|
||||
|
||||
allow boinc_project_t boinc_project_var_lib_t:file entrypoint;
|
||||
exec_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
exec_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
manage_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
|
||||
files_var_lib_filetrans(boinc_project_t, boinc_project_var_lib_t, { file dir })
|
||||
|
||||
allow boinc_project_t boinc_project_var_lib_t:file execmod;
|
||||
@ -162,5 +162,5 @@ miscfiles_read_fonts(boinc_project_t)
|
||||
miscfiles_read_localization(boinc_project_t)
|
||||
|
||||
optional_policy(`
|
||||
java_exec(boinc_project_t)
|
||||
java_exec(boinc_project_t)
|
||||
')
|
||||
|
@ -53,4 +53,3 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
postgresql_stream_connect(httpd_bugzilla_script_t)
|
||||
')
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
# cache, on behalf of the processes accessing the cache through a network
|
||||
# filesystem such as NFS
|
||||
#
|
||||
policy_module(cachefilesd,1.0.17)
|
||||
policy_module(cachefilesd, 1.0.17)
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
@ -78,7 +78,7 @@ rpm_use_script_fds(cachefilesd_t)
|
||||
# Check in /usr/share/selinux/devel/include/ for macros to use instead of allow
|
||||
# rules.
|
||||
#
|
||||
allow cachefilesd_t self : capability { setuid setgid sys_admin dac_override };
|
||||
allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
|
||||
|
||||
# Basic access
|
||||
files_read_etc_files(cachefilesd_t)
|
||||
@ -92,18 +92,18 @@ term_dontaudit_getattr_unallocated_ttys(cachefilesd_t)
|
||||
|
||||
# Allow manipulation of pid file
|
||||
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
|
||||
manage_files_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||
manage_dirs_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||
manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||
manage_dirs_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||
files_pid_file(cachefilesd_var_run_t)
|
||||
files_pid_filetrans(cachefilesd_t,cachefilesd_var_run_t,file)
|
||||
files_pid_filetrans(cachefilesd_t, cachefilesd_var_run_t, file)
|
||||
files_create_as_is_all_files(cachefilesd_t)
|
||||
|
||||
# Allow access to cachefiles device file
|
||||
allow cachefilesd_t cachefiles_dev_t : chr_file rw_file_perms;
|
||||
allow cachefilesd_t cachefiles_dev_t:chr_file rw_file_perms;
|
||||
|
||||
# Allow access to cache superstructure
|
||||
allow cachefilesd_t cachefiles_var_t : dir { rw_dir_perms rmdir };
|
||||
allow cachefilesd_t cachefiles_var_t : file { getattr rename unlink };
|
||||
allow cachefilesd_t cachefiles_var_t:dir { rw_dir_perms rmdir };
|
||||
allow cachefilesd_t cachefiles_var_t:file { getattr rename unlink };
|
||||
|
||||
# Permit statfs on the backing filesystem
|
||||
fs_getattr_xattr_fs(cachefilesd_t)
|
||||
@ -119,14 +119,14 @@ fs_getattr_xattr_fs(cachefilesd_t)
|
||||
# (1) the security context used by the module to access files in the cache,
|
||||
# as set by the 'secctx' command in /etc/cachefilesd.conf, and
|
||||
#
|
||||
allow cachefilesd_t cachefiles_kernel_t : kernel_service { use_as_override };
|
||||
allow cachefilesd_t cachefiles_kernel_t:kernel_service { use_as_override };
|
||||
|
||||
#
|
||||
# (2) the label that will be assigned to new files and directories created in
|
||||
# the cache by the module, which will be the same as the label on the
|
||||
# directory pointed to by the 'dir' command.
|
||||
#
|
||||
allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
|
||||
allow cachefilesd_t cachefiles_var_t:kernel_service { create_files_as };
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
@ -138,8 +138,8 @@ allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
|
||||
allow cachefiles_kernel_t self:capability { dac_override dac_read_search };
|
||||
allow cachefiles_kernel_t initrc_t:process sigchld;
|
||||
|
||||
manage_dirs_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
|
||||
manage_files_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
|
||||
manage_dirs_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
|
||||
manage_files_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
|
||||
|
||||
fs_getattr_xattr_fs(cachefiles_kernel_t)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user