misc sediff fixes
This commit is contained in:
Chris PeBenito
parent
0500e01f2d
commit
9ca7e78a35
@ -114,6 +114,7 @@ files_tmp_file(squirrelmail_spool_t)
|
||||
# cjp: probably can remove this
|
||||
ifdef(`distro_redhat',`
|
||||
typealias httpd_log_t alias httpd_runtime_t;
|
||||
dontaudit httpd_t httpd_runtime_t:file ioctl;
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
@ -372,6 +373,9 @@ tunable_policy(`httpd_ssi_exec',`
|
||||
# to run correctly without this permission, so the permission
|
||||
# are dontaudited here.
|
||||
tunable_policy(`httpd_tty_comm',`
|
||||
# cjp: this is redundant:
|
||||
term_use_controlling_term(httpd_t)
|
||||
|
||||
userdom_use_sysadm_terms(httpd_t)
|
||||
',`
|
||||
userdom_dontaudit_use_sysadm_terms(httpd_t)
|
||||
@ -450,6 +454,7 @@ logging_send_syslog_msg(httpd_helper_t)
|
||||
allow httpd_php_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||
allow httpd_php_t self:fd use;
|
||||
allow httpd_php_t self:fifo_file rw_file_perms;
|
||||
allow httpd_php_t self:sock_file r_file_perms;
|
||||
allow httpd_php_t self:unix_dgram_socket create_socket_perms;
|
||||
allow httpd_php_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow httpd_php_t self:unix_dgram_socket sendto;
|
||||
|
||||
@ -26,6 +26,7 @@ allow howl_t self:tcp_socket create_stream_socket_perms;
|
||||
allow howl_t self:udp_socket create_socket_perms;
|
||||
|
||||
allow howl_t howl_var_run_t:file create_file_perms;
|
||||
allow howl_t howl_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid(howl_t,howl_var_run_t)
|
||||
|
||||
kernel_read_network_state(howl_t)
|
||||
|
||||
@ -81,6 +81,7 @@ term_dontaudit_use_console(hotplug_t)
|
||||
corecmd_exec_bin(hotplug_t)
|
||||
corecmd_exec_shell(hotplug_t)
|
||||
corecmd_exec_sbin(hotplug_t)
|
||||
corecmd_exec_ls(hotplug_t)
|
||||
|
||||
domain_use_wide_inherit_fd(hotplug_t)
|
||||
# for ps
|
||||
@ -111,6 +112,7 @@ libs_read_lib(hotplug_t)
|
||||
|
||||
modutils_domtrans_insmod(hotplug_t)
|
||||
modutils_read_mods_deps(hotplug_t)
|
||||
miscfiles_read_hwdata(hotplug_t)
|
||||
|
||||
miscfiles_read_hwdata(hotplug_t)
|
||||
miscfiles_read_localization(hotplug_t)
|
||||
@ -132,6 +134,9 @@ ifdef(`distro_redhat', `
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy', `
|
||||
term_dontaudit_use_unallocated_tty(hotplug_t)
|
||||
term_dontaudit_use_generic_pty(hotplug_t)
|
||||
|
||||
optional_policy(`consoletype.te',`
|
||||
consoletype_domtrans(hotplug_t)
|
||||
')
|
||||
|
||||
@ -191,6 +191,8 @@ allow klogd_t klogd_tmp_t:dir create_dir_perms;
|
||||
files_create_tmp_files(klogd_t,klogd_tmp_t,{ file dir })
|
||||
|
||||
allow klogd_t klogd_var_run_t:file create_file_perms;
|
||||
allow klogd_t klogd_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid(klogd_t,klogd_var_run_t)
|
||||
|
||||
allow klogd_t self:capability sys_admin;
|
||||
dontaudit klogd_t self:capability sys_resource;
|
||||
@ -214,7 +216,6 @@ term_dontaudit_use_console(klogd_t)
|
||||
|
||||
domain_use_wide_inherit_fd(klogd_t)
|
||||
|
||||
files_create_pid(klogd_t,klogd_var_run_t)
|
||||
files_read_etc_runtime_files(klogd_t)
|
||||
# read /etc/nsswitch.conf
|
||||
files_read_etc_files(klogd_t)
|
||||
|
||||
@ -187,6 +187,11 @@ miscfiles_read_localization(load_policy_t)
|
||||
|
||||
userdom_use_all_user_fd(load_policy_t)
|
||||
|
||||
ifdef(`targeted_policy', `
|
||||
term_use_unallocated_tty(load_policy_t)
|
||||
term_use_generic_pty(load_policy_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# Newrole local policy
|
||||
|
||||
Loading…
Reference in New Issue
Block a user