sediff fixes
This commit is contained in:
Chris PeBenito
parent
fc6198ced0
commit
a525f293c3
@ -976,6 +976,7 @@ kernel_read_all_sysctl($1)
|
||||
#
|
||||
# rhgb_domain():
|
||||
#
|
||||
#
|
||||
|
||||
#
|
||||
# rw_dir_create_file(): complete
|
||||
|
||||
@ -11,9 +11,6 @@
|
||||
interface(`updfstab_domtrans',`
|
||||
gen_require(`
|
||||
type updfstab_t, updfstab_exec_t;
|
||||
class process sigchld;
|
||||
class fd use;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
|
||||
@ -8,7 +8,7 @@ policy_module(updfstab,1.0)
|
||||
|
||||
type updfstab_t;
|
||||
type updfstab_exec_t;
|
||||
init_daemon_domain(updfstab_t,updfstab_exec_t)
|
||||
init_system_domain(updfstab_t,updfstab_exec_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -43,8 +43,8 @@ selinux_compute_user_contexts(updfstab_t)
|
||||
|
||||
storage_raw_read_fixed_disk(updfstab_t)
|
||||
storage_raw_write_fixed_disk(updfstab_t)
|
||||
storage_raw_read_fixed_disk(updfstab_t)
|
||||
storage_raw_write_fixed_disk(updfstab_t)
|
||||
storage_raw_read_removable_device(updfstab_t)
|
||||
storage_raw_write_removable_device(updfstab_t)
|
||||
storage_read_scsi_generic(updfstab_t)
|
||||
storage_write_scsi_generic(updfstab_t)
|
||||
|
||||
@ -104,6 +104,10 @@ optional_policy(`modutils.te',`
|
||||
modutils_read_mods_deps(updfstab_t)
|
||||
')
|
||||
|
||||
optional_policy(`nscd.te',`
|
||||
nscd_use_socket(updfstab_t)
|
||||
')
|
||||
|
||||
optional_policy(`selinuxutil.te',`
|
||||
seutil_sigchld_newrole(updfstab_t)
|
||||
')
|
||||
|
||||
@ -34,6 +34,7 @@ allow webalizer_t self:capability dac_override;
|
||||
allow webalizer_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||
allow webalizer_t self:fd use;
|
||||
allow webalizer_t self:fifo_file rw_file_perms;
|
||||
allow webalizer_t self:sock_file r_file_perms;
|
||||
allow webalizer_t self:shm create_shm_perms;
|
||||
allow webalizer_t self:sem create_sem_perms;
|
||||
allow webalizer_t self:msgq create_msgq_perms;
|
||||
|
||||
@ -671,6 +671,11 @@ logging_send_syslog_msg(winbind_helper_t)
|
||||
|
||||
miscfiles_read_localization(winbind_helper_t)
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
term_use_generic_pty(winbind_helper_t)
|
||||
term_use_unallocated_tty(winbind_helper_t)
|
||||
')
|
||||
|
||||
optional_policy(`nscd.te',`
|
||||
nscd_use_socket(winbind_helper_t)
|
||||
')
|
||||
|
||||
@ -259,3 +259,8 @@ logging_send_syslog_msg(update_modules_t)
|
||||
miscfiles_read_localization(update_modules_t)
|
||||
|
||||
userdom_dontaudit_search_sysadm_home_dir(update_modules_t)
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
term_use_generic_pty(update_modules_t)
|
||||
term_use_unallocated_tty(update_modules_t)
|
||||
')
|
||||
|
||||
@ -549,14 +549,13 @@ interface(`seutil_read_default_contexts',`
|
||||
interface(`seutil_read_file_contexts',`
|
||||
gen_require(`
|
||||
type selinux_config_t, file_context_t;
|
||||
class dir r_dir_perms;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
allow $1 selinux_config_t:dir search;
|
||||
allow $1 file_context_t:dir r_dir_perms;
|
||||
allow $1 file_context_t:file r_file_perms;
|
||||
allow $1 file_context_t:lnk_file { getattr read };
|
||||
')
|
||||
|
||||
########################################
|
||||
|
||||
@ -66,6 +66,10 @@ ifdef(`targeted_policy',`
|
||||
su_per_userdomain_template(sysadm,unconfined_t,system_r)
|
||||
')
|
||||
|
||||
optional_policy(`webalizer.te',`
|
||||
webalizer_domtrans(unconfined_t)
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
ifdef(`use_mcs',`
|
||||
rw_dir_create_file(sysadm_su_t, home_dir_type)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user