Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.

Redundant brace nothing to expand here.
This commit is contained in:
Dominick Grift 2010-09-24 09:24:06 +02:00
parent 4781493e45
commit a25335e1fa
6 changed files with 7 additions and 7 deletions

View File

@ -39,7 +39,7 @@ files_pid_file(rgmanager_var_run_t)
allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock }; allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock };
dontaudit rgmanager_t self:capability { sys_ptrace }; dontaudit rgmanager_t self:capability { sys_ptrace };
allow rgmanager_t self:process { setsched signal }; allow rgmanager_t self:process { setsched signal };
dontaudit rgmanager_t self:process { ptrace }; dontaudit rgmanager_t self:process ptrace;
allow rgmanager_t self:fifo_file rw_fifo_file_perms; allow rgmanager_t self:fifo_file rw_fifo_file_perms;
allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms }; allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms };

View File

@ -221,7 +221,7 @@ optional_policy(`
# rhcs domains common policy # rhcs domains common policy
# #
allow cluster_domain self:capability { sys_nice }; allow cluster_domain self:capability sys_nice;
allow cluster_domain self:process setsched; allow cluster_domain self:process setsched;
allow cluster_domain self:sem create_sem_perms; allow cluster_domain self:sem create_sem_perms;
allow cluster_domain self:fifo_file rw_fifo_file_perms; allow cluster_domain self:fifo_file rw_fifo_file_perms;

View File

@ -70,7 +70,7 @@ manage_files_pattern(varnishd_t, varnishd_var_lib_t, varnishd_var_lib_t)
files_var_lib_filetrans(varnishd_t, varnishd_var_lib_t, { dir file }) files_var_lib_filetrans(varnishd_t, varnishd_var_lib_t, { dir file })
manage_files_pattern(varnishd_t, varnishd_var_run_t, varnishd_var_run_t) manage_files_pattern(varnishd_t, varnishd_var_run_t, varnishd_var_run_t)
files_pid_filetrans(varnishd_t, varnishd_var_run_t, { file }) files_pid_filetrans(varnishd_t, varnishd_var_run_t, file)
kernel_read_system_state(varnishd_t) kernel_read_system_state(varnishd_t)
@ -108,7 +108,7 @@ tunable_policy(`varnishd_connect_any',`
# #
manage_files_pattern(varnishlog_t, varnishlog_var_run_t, varnishlog_var_run_t) manage_files_pattern(varnishlog_t, varnishlog_var_run_t, varnishlog_var_run_t)
files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, { file }) files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, file)
manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t) manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t) manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)

View File

@ -43,7 +43,7 @@ miscfiles_read_localization(vnstatd_t)
# #
# vnstat local policy # vnstat local policy
# #
allow vnstat_t self:process { signal }; allow vnstat_t self:process signal;
allow vnstat_t self:fifo_file rw_fifo_file_perms; allow vnstat_t self:fifo_file rw_fifo_file_perms;
allow vnstat_t self:unix_stream_socket create_stream_socket_perms; allow vnstat_t self:unix_stream_socket create_stream_socket_perms;

View File

@ -1218,7 +1218,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show }; allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
# operations allowed on my windows # operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive }; allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
allow x_domain self:x_drawable { blend }; allow x_domain self:x_drawable blend;
# operations allowed on all windows # operations allowed on all windows
allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child }; allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };

View File

@ -73,7 +73,7 @@ optional_policy(`
# #
allow zarafa_spooler_t self:capability { chown kill }; allow zarafa_spooler_t self:capability { chown kill };
allow zarafa_spooler_t self:process { signal }; allow zarafa_spooler_t self:process signal;
corenet_tcp_connect_smtp_port(zarafa_spooler_t) corenet_tcp_connect_smtp_port(zarafa_spooler_t)