patch from dan
This commit is contained in:
parent
c45fa5d46b
commit
af23450c36
@ -7,4 +7,4 @@
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lib/webalizer(/.*) gen_context(system_u:object_r:webalizer_var_lib_t,s0)
|
||||
/var/lib/webalizer(/.*)? gen_context(system_u:object_r:webalizer_var_lib_t,s0)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(webalizer,1.0)
|
||||
policy_module(webalizer,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(filesystem,1.0)
|
||||
policy_module(filesystem,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -114,6 +114,7 @@ allow tmpfs_t noxattrfs:filesystem associate;
|
||||
#
|
||||
type autofs_t, noxattrfs;
|
||||
fs_type(autofs_t)
|
||||
files_mountpoint(autofs_t)
|
||||
genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
|
||||
genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(avahi,1.0)
|
||||
policy_module(avahi,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -18,9 +18,9 @@ files_pid_file(avahi_var_run_t)
|
||||
# Local policy
|
||||
#
|
||||
|
||||
allow avahi_t self:capability { dac_override setgid chown kill setuid };
|
||||
allow avahi_t self:capability { dac_override setgid chown kill setuid sys_chroot };
|
||||
dontaudit avahi_t self:capability sys_tty_config;
|
||||
allow avahi_t self:process { setrlimit signal_perms };
|
||||
allow avahi_t self:process { setrlimit signal_perms setcap };
|
||||
allow avahi_t self:fifo_file { read write };
|
||||
allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
||||
allow avahi_t self:unix_dgram_socket create_socket_perms;
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(cron, 1.0)
|
||||
policy_module(cron, 1.0.1)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
@ -170,14 +170,8 @@ tunable_policy(`fcron_crond', `
|
||||
allow crond_t system_cron_spool_t:file create_file_perms;
|
||||
')
|
||||
|
||||
optional_policy(`cyrus.te',`
|
||||
cyrus_manage_data(system_crond_t)
|
||||
')
|
||||
|
||||
optional_policy(`inn.te',`
|
||||
inn_manage_log(system_crond_t)
|
||||
inn_manage_pid(system_crond_t)
|
||||
inn_read_config(system_crond_t)
|
||||
optional_policy(`hal.te',`
|
||||
hal_dbus_send(crond_t)
|
||||
')
|
||||
|
||||
optional_policy(`nis.te',`
|
||||
@ -375,10 +369,20 @@ ifdef(`targeted_policy',`
|
||||
seutil_read_file_contexts(system_crond_t)
|
||||
')
|
||||
|
||||
optional_policy(`cyrus.te',`
|
||||
cyrus_manage_data(system_crond_t)
|
||||
')
|
||||
|
||||
optional_policy(`ftp.te',`
|
||||
ftp_read_log(system_crond_t)
|
||||
')
|
||||
|
||||
optional_policy(`inn.te',`
|
||||
inn_manage_log(system_crond_t)
|
||||
inn_manage_pid(system_crond_t)
|
||||
inn_read_config(system_crond_t)
|
||||
')
|
||||
|
||||
optional_policy(`mysql.te',`
|
||||
mysql_read_config(system_crond_t)
|
||||
')
|
||||
|
@ -18,8 +18,7 @@
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/run/proftpd/proftpd-inetd -- gen_context(system_u:object_r:ftpd_var_run_t,s0)
|
||||
/var/run/proftpd/proftpd\.scoreboard -- gen_context(system_u:object_r:ftpd_var_run_t,s0)
|
||||
/var/run/proftpd(/.*)? gen_context(system_u:object_r:ftpd_var_run_t,s0)
|
||||
|
||||
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ftp,1.0)
|
||||
policy_module(ftp,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -54,3 +54,20 @@ interface(`hal_stream_connect',`
|
||||
|
||||
allow $1 hald_t:unix_stream_socket connectto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send a dbus message to hal.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## Domain allowed access.
|
||||
## </param>
|
||||
#
|
||||
interface(`hal_dbus_send',`
|
||||
gen_require(`
|
||||
type hald_t;
|
||||
class dbus send_msg;
|
||||
')
|
||||
|
||||
allow $1 hald_t:dbus send_msg;
|
||||
')
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(hal,1.0)
|
||||
policy_module(hal,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -80,6 +80,7 @@ selinux_compute_relabel_context(hald_t)
|
||||
selinux_compute_user_contexts(hald_t)
|
||||
|
||||
storage_raw_read_removable_device(hald_t)
|
||||
storage_raw_write_removable_device(hald_t)
|
||||
storage_raw_read_fixed_disk(hald_t)
|
||||
storage_raw_write_fixed_disk(hald_t)
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(pegasus,1.0)
|
||||
policy_module(pegasus,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -79,6 +79,7 @@ auth_use_nsswitch(pegasus_t)
|
||||
auth_read_shadow(pegasus_t)
|
||||
|
||||
domain_use_wide_inherit_fd(pegasus_t)
|
||||
domain_read_all_domains_state(pegasus_t)
|
||||
|
||||
files_read_etc_files(pegasus_t)
|
||||
files_list_var_lib(pegasus_t)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(rpc,1.0)
|
||||
policy_module(rpc,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -31,6 +31,7 @@ files_config_file(nfsd_ro_t)
|
||||
|
||||
type var_lib_nfs_t;
|
||||
files_config_file(var_lib_nfs_t)
|
||||
files_mountpoint(var_lib_nfs_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -133,9 +133,6 @@ optional_policy(`samba.te',`
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
# this goes to the nfs/rpc module
|
||||
files_mountpoint(var_lib_nfs_t)
|
||||
|
||||
# TODO: Need to examine this further. Not sure how to handle this
|
||||
#type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
|
||||
#allow sysadm_t sysadm_mount_source_t:file create_file_perms;
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(sysnetwork,1.0)
|
||||
policy_module(sysnetwork,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -58,6 +58,7 @@ allow dhcpc_t dhcp_etc_t:file { r_file_perms execute execute_no_trans };
|
||||
|
||||
allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
|
||||
allow dhcpc_t dhcp_state_t:file { getattr read };
|
||||
allow dhcpc_t dhcpc_state_t:dir rw_dir_perms;
|
||||
allow dhcpc_t dhcpc_state_t:file create_file_perms;
|
||||
type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user