Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Squash with 84812bc8dd814709734c2b6d1ef2ff2b84adc35d
Syntax error.
This commit is contained in:
Dominick Grift 2010-09-17 09:50:43 +02:00
parent 4b1644f447
commit 9fa4defbd4
8 changed files with 15 additions and 15 deletions

View File

@ -183,7 +183,7 @@ interface(`amavis_setattr_pid_files',`
type amavis_var_run_t; type amavis_var_run_t;
') ')
allow $1 amavis_var_run_t:file setattr; allow $1 amavis_var_run_t:file setattr_file_perms;
files_search_pids($1) files_search_pids($1)
') ')

View File

@ -209,7 +209,7 @@ interface(`apache_role',`
allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom }; allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom };
allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom }; allow $2 httpd_user_htaccess_t:file { manage_file_perms relabel_file_perms };
manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t) manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
@ -499,7 +499,7 @@ interface(`apache_setattr_cache_dirs',`
type httpd_cache_t; type httpd_cache_t;
') ')
allow $1 httpd_cache_t:dir setattr; allow $1 httpd_cache_t:dir setattr_dir_perms;
') ')
######################################## ########################################
@ -730,7 +730,7 @@ interface(`apache_dontaudit_append_log',`
type httpd_log_t; type httpd_log_t;
') ')
dontaudit $1 httpd_log_t:file { getattr append }; dontaudit $1 httpd_log_t:file append_file_perms;
') ')
######################################## ########################################

View File

@ -52,7 +52,7 @@ interface(`apm_write_pipes',`
type apmd_t; type apmd_t;
') ')
allow $1 apmd_t:fifo_file write; allow $1 apmd_t:fifo_file write_fifo_file_perms;
') ')
######################################## ########################################
@ -89,7 +89,7 @@ interface(`apm_append_log',`
') ')
logging_search_logs($1) logging_search_logs($1)
allow $1 apmd_log_t:file append; allow $1 apmd_log_t:file append_file_perms;
') ')
######################################## ########################################

View File

@ -123,7 +123,7 @@ interface(`automount_dontaudit_getattr_tmp_dirs',`
type automount_tmp_t; type automount_tmp_t;
') ')
dontaudit $1 automount_tmp_t:dir getattr; dontaudit $1 automount_tmp_t:dir getattr_dir_perms;
') ')
######################################## ########################################

View File

@ -186,7 +186,7 @@ interface(`bind_write_config',`
') ')
write_files_pattern($1, named_conf_t, named_conf_t) write_files_pattern($1, named_conf_t, named_conf_t)
allow $1 named_conf_t:file setattr; allow $1 named_conf_t:file setattr_file_perms;
') ')
######################################## ########################################
@ -266,7 +266,7 @@ interface(`bind_setattr_pid_dirs',`
type named_var_run_t; type named_var_run_t;
') ')
allow $1 named_var_run_t:dir setattr; allow $1 named_var_run_t:dir setattr_dir_perms;
') ')
######################################## ########################################
@ -284,7 +284,7 @@ interface(`bind_setattr_zone_dirs',`
type named_zone_t; type named_zone_t;
') ')
allow $1 named_zone_t:dir setattr; allow $1 named_zone_t:dir setattr_dir_perms;
') ')
######################################## ########################################

View File

@ -92,7 +92,7 @@ interface(`bluetooth_read_config',`
type bluetooth_conf_t; type bluetooth_conf_t;
') ')
allow $1 bluetooth_conf_t:file { getattr read ioctl }; allow $1 bluetooth_conf_t:file read_file_perms;
') ')
######################################## ########################################
@ -192,8 +192,8 @@ interface(`bluetooth_dontaudit_read_helper_state',`
type bluetooth_helper_t; type bluetooth_helper_t;
') ')
dontaudit $1 bluetooth_helper_t:dir search; dontaudit $1 bluetooth_helper_t:dir search_dir_perms;
dontaudit $1 bluetooth_helper_t:file { read getattr }; dontaudit $1 bluetooth_helper_t:file read_file_perms;
') ')
######################################## ########################################

View File

@ -52,7 +52,7 @@ template(`cron_common_crontab_template',`
files_list_spool($1_t) files_list_spool($1_t)
# crontab signals crond by updating the mtime on the spooldir # crontab signals crond by updating the mtime on the spooldir
allow $1_t cron_spool_t:dir setattr; allow $1_t cron_spool_t:dir setattr_dir_perms;
kernel_read_system_state($1_t) kernel_read_system_state($1_t)

View File

@ -36,7 +36,7 @@ interface(`dhcpd_setattr_state_files',`
') ')
sysnet_search_dhcp_state($1) sysnet_search_dhcp_state($1)
allow $1 dhcpd_state_t:file setattr; allow $1 dhcpd_state_t:file setattr_file_perms;
') ')
######################################## ########################################