sediff fixes
This commit is contained in:
Chris PeBenito
parent
fc6198ced0
commit
a525f293c3
@ -976,6 +976,7 @@ kernel_read_all_sysctl($1)
|
|||||||
#
|
#
|
||||||
# rhgb_domain():
|
# rhgb_domain():
|
||||||
#
|
#
|
||||||
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# rw_dir_create_file(): complete
|
# rw_dir_create_file(): complete
|
||||||
|
|||||||
@ -11,9 +11,6 @@
|
|||||||
interface(`updfstab_domtrans',`
|
interface(`updfstab_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type updfstab_t, updfstab_exec_t;
|
type updfstab_t, updfstab_exec_t;
|
||||||
class process sigchld;
|
|
||||||
class fd use;
|
|
||||||
class fifo_file rw_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_usr($1)
|
files_search_usr($1)
|
||||||
|
|||||||
@ -8,7 +8,7 @@ policy_module(updfstab,1.0)
|
|||||||
|
|
||||||
type updfstab_t;
|
type updfstab_t;
|
||||||
type updfstab_exec_t;
|
type updfstab_exec_t;
|
||||||
init_daemon_domain(updfstab_t,updfstab_exec_t)
|
init_system_domain(updfstab_t,updfstab_exec_t)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -43,8 +43,8 @@ selinux_compute_user_contexts(updfstab_t)
|
|||||||
|
|
||||||
storage_raw_read_fixed_disk(updfstab_t)
|
storage_raw_read_fixed_disk(updfstab_t)
|
||||||
storage_raw_write_fixed_disk(updfstab_t)
|
storage_raw_write_fixed_disk(updfstab_t)
|
||||||
storage_raw_read_fixed_disk(updfstab_t)
|
storage_raw_read_removable_device(updfstab_t)
|
||||||
storage_raw_write_fixed_disk(updfstab_t)
|
storage_raw_write_removable_device(updfstab_t)
|
||||||
storage_read_scsi_generic(updfstab_t)
|
storage_read_scsi_generic(updfstab_t)
|
||||||
storage_write_scsi_generic(updfstab_t)
|
storage_write_scsi_generic(updfstab_t)
|
||||||
|
|
||||||
@ -104,6 +104,10 @@ optional_policy(`modutils.te',`
|
|||||||
modutils_read_mods_deps(updfstab_t)
|
modutils_read_mods_deps(updfstab_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`nscd.te',`
|
||||||
|
nscd_use_socket(updfstab_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`selinuxutil.te',`
|
optional_policy(`selinuxutil.te',`
|
||||||
seutil_sigchld_newrole(updfstab_t)
|
seutil_sigchld_newrole(updfstab_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -34,6 +34,7 @@ allow webalizer_t self:capability dac_override;
|
|||||||
allow webalizer_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
allow webalizer_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||||
allow webalizer_t self:fd use;
|
allow webalizer_t self:fd use;
|
||||||
allow webalizer_t self:fifo_file rw_file_perms;
|
allow webalizer_t self:fifo_file rw_file_perms;
|
||||||
|
allow webalizer_t self:sock_file r_file_perms;
|
||||||
allow webalizer_t self:shm create_shm_perms;
|
allow webalizer_t self:shm create_shm_perms;
|
||||||
allow webalizer_t self:sem create_sem_perms;
|
allow webalizer_t self:sem create_sem_perms;
|
||||||
allow webalizer_t self:msgq create_msgq_perms;
|
allow webalizer_t self:msgq create_msgq_perms;
|
||||||
|
|||||||
@ -671,6 +671,11 @@ logging_send_syslog_msg(winbind_helper_t)
|
|||||||
|
|
||||||
miscfiles_read_localization(winbind_helper_t)
|
miscfiles_read_localization(winbind_helper_t)
|
||||||
|
|
||||||
|
ifdef(`targeted_policy',`
|
||||||
|
term_use_generic_pty(winbind_helper_t)
|
||||||
|
term_use_unallocated_tty(winbind_helper_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`nscd.te',`
|
optional_policy(`nscd.te',`
|
||||||
nscd_use_socket(winbind_helper_t)
|
nscd_use_socket(winbind_helper_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -259,3 +259,8 @@ logging_send_syslog_msg(update_modules_t)
|
|||||||
miscfiles_read_localization(update_modules_t)
|
miscfiles_read_localization(update_modules_t)
|
||||||
|
|
||||||
userdom_dontaudit_search_sysadm_home_dir(update_modules_t)
|
userdom_dontaudit_search_sysadm_home_dir(update_modules_t)
|
||||||
|
|
||||||
|
ifdef(`targeted_policy',`
|
||||||
|
term_use_generic_pty(update_modules_t)
|
||||||
|
term_use_unallocated_tty(update_modules_t)
|
||||||
|
')
|
||||||
|
|||||||
@ -549,14 +549,13 @@ interface(`seutil_read_default_contexts',`
|
|||||||
interface(`seutil_read_file_contexts',`
|
interface(`seutil_read_file_contexts',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type selinux_config_t, file_context_t;
|
type selinux_config_t, file_context_t;
|
||||||
class dir r_dir_perms;
|
|
||||||
class file r_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search;
|
||||||
allow $1 file_context_t:dir r_dir_perms;
|
allow $1 file_context_t:dir r_dir_perms;
|
||||||
allow $1 file_context_t:file r_file_perms;
|
allow $1 file_context_t:file r_file_perms;
|
||||||
|
allow $1 file_context_t:lnk_file { getattr read };
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|||||||
@ -66,6 +66,10 @@ ifdef(`targeted_policy',`
|
|||||||
su_per_userdomain_template(sysadm,unconfined_t,system_r)
|
su_per_userdomain_template(sysadm,unconfined_t,system_r)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`webalizer.te',`
|
||||||
|
webalizer_domtrans(unconfined_t)
|
||||||
|
')
|
||||||
|
|
||||||
ifdef(`TODO',`
|
ifdef(`TODO',`
|
||||||
ifdef(`use_mcs',`
|
ifdef(`use_mcs',`
|
||||||
rw_dir_create_file(sysadm_su_t, home_dir_type)
|
rw_dir_create_file(sysadm_su_t, home_dir_type)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user