misc sediff fixes

This commit is contained in:
Chris PeBenito 2005-10-31 20:54:33 +00:00
parent 0500e01f2d
commit 9ca7e78a35
5 changed files with 18 additions and 1 deletions

View File

@ -114,6 +114,7 @@ files_tmp_file(squirrelmail_spool_t)
# cjp: probably can remove this
ifdef(`distro_redhat',`
typealias httpd_log_t alias httpd_runtime_t;
dontaudit httpd_t httpd_runtime_t:file ioctl;
')
ifdef(`targeted_policy',`
@ -372,6 +373,9 @@ tunable_policy(`httpd_ssi_exec',`
# to run correctly without this permission, so the permission
# are dontaudited here.
tunable_policy(`httpd_tty_comm',`
# cjp: this is redundant:
term_use_controlling_term(httpd_t)
userdom_use_sysadm_terms(httpd_t)
',`
userdom_dontaudit_use_sysadm_terms(httpd_t)
@ -450,6 +454,7 @@ logging_send_syslog_msg(httpd_helper_t)
allow httpd_php_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow httpd_php_t self:fd use;
allow httpd_php_t self:fifo_file rw_file_perms;
allow httpd_php_t self:sock_file r_file_perms;
allow httpd_php_t self:unix_dgram_socket create_socket_perms;
allow httpd_php_t self:unix_stream_socket create_stream_socket_perms;
allow httpd_php_t self:unix_dgram_socket sendto;

View File

@ -26,6 +26,7 @@ allow howl_t self:tcp_socket create_stream_socket_perms;
allow howl_t self:udp_socket create_socket_perms;
allow howl_t howl_var_run_t:file create_file_perms;
allow howl_t howl_var_run_t:dir rw_dir_perms;
files_create_pid(howl_t,howl_var_run_t)
kernel_read_network_state(howl_t)

View File

@ -81,6 +81,7 @@ term_dontaudit_use_console(hotplug_t)
corecmd_exec_bin(hotplug_t)
corecmd_exec_shell(hotplug_t)
corecmd_exec_sbin(hotplug_t)
corecmd_exec_ls(hotplug_t)
domain_use_wide_inherit_fd(hotplug_t)
# for ps
@ -111,6 +112,7 @@ libs_read_lib(hotplug_t)
modutils_domtrans_insmod(hotplug_t)
modutils_read_mods_deps(hotplug_t)
miscfiles_read_hwdata(hotplug_t)
miscfiles_read_hwdata(hotplug_t)
miscfiles_read_localization(hotplug_t)
@ -132,6 +134,9 @@ ifdef(`distro_redhat', `
')
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(hotplug_t)
term_dontaudit_use_generic_pty(hotplug_t)
optional_policy(`consoletype.te',`
consoletype_domtrans(hotplug_t)
')

View File

@ -191,6 +191,8 @@ allow klogd_t klogd_tmp_t:dir create_dir_perms;
files_create_tmp_files(klogd_t,klogd_tmp_t,{ file dir })
allow klogd_t klogd_var_run_t:file create_file_perms;
allow klogd_t klogd_var_run_t:dir rw_dir_perms;
files_create_pid(klogd_t,klogd_var_run_t)
allow klogd_t self:capability sys_admin;
dontaudit klogd_t self:capability sys_resource;
@ -214,7 +216,6 @@ term_dontaudit_use_console(klogd_t)
domain_use_wide_inherit_fd(klogd_t)
files_create_pid(klogd_t,klogd_var_run_t)
files_read_etc_runtime_files(klogd_t)
# read /etc/nsswitch.conf
files_read_etc_files(klogd_t)

View File

@ -187,6 +187,11 @@ miscfiles_read_localization(load_policy_t)
userdom_use_all_user_fd(load_policy_t)
ifdef(`targeted_policy', `
term_use_unallocated_tty(load_policy_t)
term_use_generic_pty(load_policy_t)
')
########################################
#
# Newrole local policy