Redundant brace nothing to expand here.
Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here.
This commit is contained in:
parent
4781493e45
commit
a25335e1fa
@ -39,7 +39,7 @@ files_pid_file(rgmanager_var_run_t)
|
|||||||
allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock };
|
allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock };
|
||||||
dontaudit rgmanager_t self:capability { sys_ptrace };
|
dontaudit rgmanager_t self:capability { sys_ptrace };
|
||||||
allow rgmanager_t self:process { setsched signal };
|
allow rgmanager_t self:process { setsched signal };
|
||||||
dontaudit rgmanager_t self:process { ptrace };
|
dontaudit rgmanager_t self:process ptrace;
|
||||||
|
|
||||||
allow rgmanager_t self:fifo_file rw_fifo_file_perms;
|
allow rgmanager_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms };
|
allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms };
|
||||||
|
@ -221,7 +221,7 @@ optional_policy(`
|
|||||||
# rhcs domains common policy
|
# rhcs domains common policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow cluster_domain self:capability { sys_nice };
|
allow cluster_domain self:capability sys_nice;
|
||||||
allow cluster_domain self:process setsched;
|
allow cluster_domain self:process setsched;
|
||||||
allow cluster_domain self:sem create_sem_perms;
|
allow cluster_domain self:sem create_sem_perms;
|
||||||
allow cluster_domain self:fifo_file rw_fifo_file_perms;
|
allow cluster_domain self:fifo_file rw_fifo_file_perms;
|
||||||
|
@ -70,7 +70,7 @@ manage_files_pattern(varnishd_t, varnishd_var_lib_t, varnishd_var_lib_t)
|
|||||||
files_var_lib_filetrans(varnishd_t, varnishd_var_lib_t, { dir file })
|
files_var_lib_filetrans(varnishd_t, varnishd_var_lib_t, { dir file })
|
||||||
|
|
||||||
manage_files_pattern(varnishd_t, varnishd_var_run_t, varnishd_var_run_t)
|
manage_files_pattern(varnishd_t, varnishd_var_run_t, varnishd_var_run_t)
|
||||||
files_pid_filetrans(varnishd_t, varnishd_var_run_t, { file })
|
files_pid_filetrans(varnishd_t, varnishd_var_run_t, file)
|
||||||
|
|
||||||
kernel_read_system_state(varnishd_t)
|
kernel_read_system_state(varnishd_t)
|
||||||
|
|
||||||
@ -108,7 +108,7 @@ tunable_policy(`varnishd_connect_any',`
|
|||||||
#
|
#
|
||||||
|
|
||||||
manage_files_pattern(varnishlog_t, varnishlog_var_run_t, varnishlog_var_run_t)
|
manage_files_pattern(varnishlog_t, varnishlog_var_run_t, varnishlog_var_run_t)
|
||||||
files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, { file })
|
files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, file)
|
||||||
|
|
||||||
manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
|
manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
|
||||||
manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
|
manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
|
||||||
|
@ -43,7 +43,7 @@ miscfiles_read_localization(vnstatd_t)
|
|||||||
#
|
#
|
||||||
# vnstat local policy
|
# vnstat local policy
|
||||||
#
|
#
|
||||||
allow vnstat_t self:process { signal };
|
allow vnstat_t self:process signal;
|
||||||
allow vnstat_t self:fifo_file rw_fifo_file_perms;
|
allow vnstat_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow vnstat_t self:unix_stream_socket create_stream_socket_perms;
|
allow vnstat_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
|
||||||
|
@ -1218,7 +1218,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
|
|||||||
allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
|
allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
|
||||||
# operations allowed on my windows
|
# operations allowed on my windows
|
||||||
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
|
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
|
||||||
allow x_domain self:x_drawable { blend };
|
allow x_domain self:x_drawable blend;
|
||||||
# operations allowed on all windows
|
# operations allowed on all windows
|
||||||
allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
|
allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@ optional_policy(`
|
|||||||
#
|
#
|
||||||
|
|
||||||
allow zarafa_spooler_t self:capability { chown kill };
|
allow zarafa_spooler_t self:capability { chown kill };
|
||||||
allow zarafa_spooler_t self:process { signal };
|
allow zarafa_spooler_t self:process signal;
|
||||||
|
|
||||||
corenet_tcp_connect_smtp_port(zarafa_spooler_t)
|
corenet_tcp_connect_smtp_port(zarafa_spooler_t)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user