add a few missing bits

This commit is contained in:
Chris PeBenito 2006-03-07 16:02:00 +00:00
parent 42e77a59e9
commit a4bbe382c1
2 changed files with 10 additions and 10 deletions

View File

@ -595,6 +595,13 @@ template(`unpriv_user_template', `
kernel_dontaudit_read_ring_buffer($1_t) kernel_dontaudit_read_ring_buffer($1_t)
') ')
# Allow users to rw usb devices
tunable_policy(`user_rw_usb',`
dev_rw_usbfs($1_t)
',`
dev_read_usbfs($1_t)
')
# Allow users to run TCP servers (bind to ports and accept connection from # Allow users to run TCP servers (bind to ports and accept connection from
# the same domain and outside users) disabling this forces FTP passive mode # the same domain and outside users) disabling this forces FTP passive mode
# and may change other protocols # and may change other protocols
@ -699,13 +706,6 @@ template(`unpriv_user_template', `
allow $1_t var_lib_t:dir r_dir_perms; allow $1_t var_lib_t:dir r_dir_perms;
allow $1_t var_lib_t:file { getattr read }; allow $1_t var_lib_t:file { getattr read };
# Allow users to rw usb devices
tunable_policy(`user_rw_usb',`
rw_dir_create_file($1_t,usbdevfs_t)
',`
r_dir_file($1_t,usbdevfs_t)
')
# Do not audit write denials to /etc/ld.so.cache. # Do not audit write denials to /etc/ld.so.cache.
dontaudit $1_t ld_so_cache_t:file write; dontaudit $1_t ld_so_cache_t:file write;
@ -720,7 +720,6 @@ template(`unpriv_user_template', `
') ')
allow $1_t initrc_t:fifo_file write; allow $1_t initrc_t:fifo_file write;
') dnl end TODO ') dnl end TODO
') ')

View File

@ -1,5 +1,5 @@
policy_module(userdomain,1.3.0) policy_module(userdomain,1.3.1)
gen_require(` gen_require(`
role sysadm_r, staff_r, user_r; role sysadm_r, staff_r, user_r;
@ -128,7 +128,8 @@ ifdef(`targeted_policy',`
ifdef(`enable_mls',` ifdef(`enable_mls',`
admin_user_template(secadm) admin_user_template(secadm)
role_change(staff, secadm) role_change(staff,secadm)
role_change(sysadm,secadm)
') ')
# this should be tunable_policy, but # this should be tunable_policy, but