fixes. move rhgb into TODO
This commit is contained in:
Chris PeBenito
parent
c0d1566a13
commit
aa8995afd6
@ -533,15 +533,17 @@ ifdef(`targeted_policy',`
|
|||||||
term_dontaudit_use_generic_pty($1_t)
|
term_dontaudit_use_generic_pty($1_t)
|
||||||
files_dontaudit_read_root_file($1_t)
|
files_dontaudit_read_root_file($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`rhgb.te',`
|
|
||||||
rhgb_domain($1_t)
|
|
||||||
')
|
|
||||||
optional_policy(`selinuxutil.te',`
|
optional_policy(`selinuxutil.te',`
|
||||||
seutil_sigchld_newrole($1_t)
|
seutil_sigchld_newrole($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`udev.te', `
|
optional_policy(`udev.te', `
|
||||||
udev_read_db($1_t)
|
udev_read_db($1_t)
|
||||||
')
|
')
|
||||||
|
ifdef(`TODO',`
|
||||||
|
optional_policy(`rhgb.te',`
|
||||||
|
rhgb_domain($1_t)
|
||||||
|
')
|
||||||
|
') dnl end TODO
|
||||||
|
|
||||||
#
|
#
|
||||||
# daemon_domain():
|
# daemon_domain():
|
||||||
@ -575,15 +577,17 @@ ifdef(`targeted_policy', `
|
|||||||
term_dontaudit_use_generic_pty($1_t)
|
term_dontaudit_use_generic_pty($1_t)
|
||||||
files_dontaudit_read_root_file($1_t)
|
files_dontaudit_read_root_file($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`rhgb.te',`
|
|
||||||
rhgb_domain($1_t)
|
|
||||||
')
|
|
||||||
optional_policy(`selinuxutil.te',`
|
optional_policy(`selinuxutil.te',`
|
||||||
seutil_sigchld_newrole($1_t)
|
seutil_sigchld_newrole($1_t)
|
||||||
')
|
')
|
||||||
optional_policy(`udev.te', `
|
optional_policy(`udev.te', `
|
||||||
udev_read_db($1_t)
|
udev_read_db($1_t)
|
||||||
')
|
')
|
||||||
|
ifdef(`TODO',`
|
||||||
|
optional_policy(`rhgb.te',`
|
||||||
|
rhgb_domain($1_t)
|
||||||
|
')
|
||||||
|
') dnl end TODO
|
||||||
|
|
||||||
#
|
#
|
||||||
# daemon_sub_domain():
|
# daemon_sub_domain():
|
||||||
@ -654,7 +658,7 @@ allow $1 self:sem create_sem_perms;
|
|||||||
allow $1 self:msgq create_msgq_perms;
|
allow $1 self:msgq create_msgq_perms;
|
||||||
allow $1 self:msg { send receive };
|
allow $1 self:msg { send receive };
|
||||||
fs_search_auto_mountpoints($1)
|
fs_search_auto_mountpoints($1)
|
||||||
userdom_use_unpriv_user_fd($1)
|
userdom_use_unpriv_users_fd($1)
|
||||||
optional_policy(`nis.te',`
|
optional_policy(`nis.te',`
|
||||||
nis_use_ypbind($1)
|
nis_use_ypbind($1)
|
||||||
')
|
')
|
||||||
@ -702,7 +706,7 @@ optional_policy(`udev.te',`
|
|||||||
#
|
#
|
||||||
# inetd_child_domain():
|
# inetd_child_domain():
|
||||||
#
|
#
|
||||||
type $1_t; #, nscd_client_domain;
|
type $1_t;
|
||||||
type $1_exec_t;
|
type $1_exec_t;
|
||||||
inetd_(udp_|tcp_)?service_domain($1_t,$1_exec_t)
|
inetd_(udp_|tcp_)?service_domain($1_t,$1_exec_t)
|
||||||
role system_r types $1_t;
|
role system_r types $1_t;
|
||||||
@ -719,8 +723,10 @@ allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
|||||||
allow $1_t self:capability { setuid setgid };
|
allow $1_t self:capability { setuid setgid };
|
||||||
allow $1_t self:dir search;
|
allow $1_t self:dir search;
|
||||||
allow $1_t self:{ lnk_file file } { getattr read };
|
allow $1_t self:{ lnk_file file } { getattr read };
|
||||||
#allow $1_t home_root_t:dir search;
|
files_search_home($1_t)
|
||||||
#can_kerberos($1_t)
|
optional_policy(`kerberos.te',`
|
||||||
|
kerberos_use($1_t)
|
||||||
|
')
|
||||||
#end for identd
|
#end for identd
|
||||||
allow $1_t $1_tmp_t:dir create_dir_perms;
|
allow $1_t $1_tmp_t:dir create_dir_perms;
|
||||||
allow $1_t $1_tmp_t:file create_file_perms;
|
allow $1_t $1_tmp_t:file create_file_perms;
|
||||||
@ -747,6 +753,9 @@ sysnet_read_config($1_t)
|
|||||||
optional_policy(`nis.te',`
|
optional_policy(`nis.te',`
|
||||||
nis_use_ypbind($1_t)
|
nis_use_ypbind($1_t)
|
||||||
')
|
')
|
||||||
|
optional_policy(`nscd.te',`
|
||||||
|
nscd_use_socket($1_t)
|
||||||
|
')
|
||||||
|
|
||||||
#
|
#
|
||||||
# legacy_domain(): complete
|
# legacy_domain(): complete
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user