Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
This commit is contained in:
Dominick Grift
parent
9c7f2af2ed
commit
9a0f7994cb
@ -214,7 +214,7 @@ optional_policy(`
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# abrt--helper local policy
|
# abrt-helper local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow abrt_helper_t self:capability { chown setgid sys_nice };
|
allow abrt_helper_t self:capability { chown setgid sys_nice };
|
||||||
@ -248,13 +248,15 @@ miscfiles_read_localization(abrt_helper_t)
|
|||||||
term_dontaudit_use_all_ttys(abrt_helper_t)
|
term_dontaudit_use_all_ttys(abrt_helper_t)
|
||||||
term_dontaudit_use_all_ptys(abrt_helper_t)
|
term_dontaudit_use_all_ptys(abrt_helper_t)
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms', `
|
ifdef(`hide_broken_symptoms',`
|
||||||
domain_dontaudit_leaks(abrt_helper_t)
|
domain_dontaudit_leaks(abrt_helper_t)
|
||||||
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
|
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
|
||||||
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
|
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
rpm_dontaudit_leaks(abrt_helper_t)
|
rpm_dontaudit_leaks(abrt_helper_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
dev_dontaudit_read_all_blk_files(abrt_helper_t)
|
dev_dontaudit_read_all_blk_files(abrt_helper_t)
|
||||||
dev_dontaudit_read_all_chr_files(abrt_helper_t)
|
dev_dontaudit_read_all_chr_files(abrt_helper_t)
|
||||||
dev_dontaudit_write_all_chr_files(abrt_helper_t)
|
dev_dontaudit_write_all_chr_files(abrt_helper_t)
|
||||||
@ -262,8 +264,7 @@ ifdef(`hide_broken_symptoms', `
|
|||||||
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
|
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
ifdef(`hide_broken_symptoms',`
|
||||||
ifdef(`hide_broken_symptoms', `
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute domain;
|
attribute domain;
|
||||||
')
|
')
|
||||||
|
|||||||
@ -82,7 +82,7 @@ files_var_filetrans(afs_t, afs_cache_t, { file dir })
|
|||||||
|
|
||||||
kernel_rw_afs_state(afs_t)
|
kernel_rw_afs_state(afs_t)
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms', `
|
ifdef(`hide_broken_symptoms',`
|
||||||
kernel_rw_unlabeled_files(afs_t)
|
kernel_rw_unlabeled_files(afs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
policy_module(ajaxterm,1.0.0)
|
policy_module(ajaxterm, 1.0.0)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|||||||
@ -4,6 +4,7 @@ policy_module(apm, 1.11.0)
|
|||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
type apmd_t;
|
type apmd_t;
|
||||||
type apmd_exec_t;
|
type apmd_exec_t;
|
||||||
init_daemon_domain(apmd_t, apmd_exec_t)
|
init_daemon_domain(apmd_t, apmd_exec_t)
|
||||||
|
|||||||
@ -4,6 +4,7 @@ policy_module(bluetooth, 3.3.0)
|
|||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
type bluetooth_t;
|
type bluetooth_t;
|
||||||
type bluetooth_exec_t;
|
type bluetooth_exec_t;
|
||||||
init_daemon_domain(bluetooth_t, bluetooth_exec_t)
|
init_daemon_domain(bluetooth_t, bluetooth_exec_t)
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
policy_module(boinc,1.0.0)
|
policy_module(boinc, 1.0.0)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -52,7 +52,7 @@ manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
|
|||||||
files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
|
files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
|
||||||
|
|
||||||
manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
|
manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
|
||||||
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t,file)
|
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t, file)
|
||||||
|
|
||||||
exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||||
manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
|
||||||
|
|||||||
@ -53,4 +53,3 @@ optional_policy(`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
postgresql_stream_connect(httpd_bugzilla_script_t)
|
postgresql_stream_connect(httpd_bugzilla_script_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
# cache, on behalf of the processes accessing the cache through a network
|
# cache, on behalf of the processes accessing the cache through a network
|
||||||
# filesystem such as NFS
|
# filesystem such as NFS
|
||||||
#
|
#
|
||||||
policy_module(cachefilesd,1.0.17)
|
policy_module(cachefilesd, 1.0.17)
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#
|
#
|
||||||
@ -78,7 +78,7 @@ rpm_use_script_fds(cachefilesd_t)
|
|||||||
# Check in /usr/share/selinux/devel/include/ for macros to use instead of allow
|
# Check in /usr/share/selinux/devel/include/ for macros to use instead of allow
|
||||||
# rules.
|
# rules.
|
||||||
#
|
#
|
||||||
allow cachefilesd_t self : capability { setuid setgid sys_admin dac_override };
|
allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
|
||||||
|
|
||||||
# Basic access
|
# Basic access
|
||||||
files_read_etc_files(cachefilesd_t)
|
files_read_etc_files(cachefilesd_t)
|
||||||
@ -92,18 +92,18 @@ term_dontaudit_getattr_unallocated_ttys(cachefilesd_t)
|
|||||||
|
|
||||||
# Allow manipulation of pid file
|
# Allow manipulation of pid file
|
||||||
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
|
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
|
||||||
manage_files_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
|
manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||||
manage_dirs_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
|
manage_dirs_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
|
||||||
files_pid_file(cachefilesd_var_run_t)
|
files_pid_file(cachefilesd_var_run_t)
|
||||||
files_pid_filetrans(cachefilesd_t,cachefilesd_var_run_t,file)
|
files_pid_filetrans(cachefilesd_t, cachefilesd_var_run_t, file)
|
||||||
files_create_as_is_all_files(cachefilesd_t)
|
files_create_as_is_all_files(cachefilesd_t)
|
||||||
|
|
||||||
# Allow access to cachefiles device file
|
# Allow access to cachefiles device file
|
||||||
allow cachefilesd_t cachefiles_dev_t : chr_file rw_file_perms;
|
allow cachefilesd_t cachefiles_dev_t:chr_file rw_file_perms;
|
||||||
|
|
||||||
# Allow access to cache superstructure
|
# Allow access to cache superstructure
|
||||||
allow cachefilesd_t cachefiles_var_t : dir { rw_dir_perms rmdir };
|
allow cachefilesd_t cachefiles_var_t:dir { rw_dir_perms rmdir };
|
||||||
allow cachefilesd_t cachefiles_var_t : file { getattr rename unlink };
|
allow cachefilesd_t cachefiles_var_t:file { getattr rename unlink };
|
||||||
|
|
||||||
# Permit statfs on the backing filesystem
|
# Permit statfs on the backing filesystem
|
||||||
fs_getattr_xattr_fs(cachefilesd_t)
|
fs_getattr_xattr_fs(cachefilesd_t)
|
||||||
@ -119,14 +119,14 @@ fs_getattr_xattr_fs(cachefilesd_t)
|
|||||||
# (1) the security context used by the module to access files in the cache,
|
# (1) the security context used by the module to access files in the cache,
|
||||||
# as set by the 'secctx' command in /etc/cachefilesd.conf, and
|
# as set by the 'secctx' command in /etc/cachefilesd.conf, and
|
||||||
#
|
#
|
||||||
allow cachefilesd_t cachefiles_kernel_t : kernel_service { use_as_override };
|
allow cachefilesd_t cachefiles_kernel_t:kernel_service { use_as_override };
|
||||||
|
|
||||||
#
|
#
|
||||||
# (2) the label that will be assigned to new files and directories created in
|
# (2) the label that will be assigned to new files and directories created in
|
||||||
# the cache by the module, which will be the same as the label on the
|
# the cache by the module, which will be the same as the label on the
|
||||||
# directory pointed to by the 'dir' command.
|
# directory pointed to by the 'dir' command.
|
||||||
#
|
#
|
||||||
allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
|
allow cachefilesd_t cachefiles_var_t:kernel_service { create_files_as };
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#
|
#
|
||||||
@ -138,8 +138,8 @@ allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
|
|||||||
allow cachefiles_kernel_t self:capability { dac_override dac_read_search };
|
allow cachefiles_kernel_t self:capability { dac_override dac_read_search };
|
||||||
allow cachefiles_kernel_t initrc_t:process sigchld;
|
allow cachefiles_kernel_t initrc_t:process sigchld;
|
||||||
|
|
||||||
manage_dirs_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
|
manage_dirs_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
|
||||||
manage_files_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
|
manage_files_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
|
||||||
|
|
||||||
fs_getattr_xattr_fs(cachefiles_kernel_t)
|
fs_getattr_xattr_fs(cachefiles_kernel_t)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user