patch from dan

This commit is contained in:
Chris PeBenito 2005-11-23 19:02:40 +00:00
parent c45fa5d46b
commit af23450c36
13 changed files with 47 additions and 25 deletions

View File

@ -7,4 +7,4 @@
# #
# /var # /var
# #
/var/lib/webalizer(/.*) gen_context(system_u:object_r:webalizer_var_lib_t,s0) /var/lib/webalizer(/.*)? gen_context(system_u:object_r:webalizer_var_lib_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(webalizer,1.0) policy_module(webalizer,1.0.1)
######################################## ########################################
# #

View File

@ -1,5 +1,5 @@
policy_module(filesystem,1.0) policy_module(filesystem,1.0.1)
######################################## ########################################
# #
@ -114,6 +114,7 @@ allow tmpfs_t noxattrfs:filesystem associate;
# #
type autofs_t, noxattrfs; type autofs_t, noxattrfs;
fs_type(autofs_t) fs_type(autofs_t)
files_mountpoint(autofs_t)
genfscon autofs / gen_context(system_u:object_r:autofs_t,s0) genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
genfscon automount / gen_context(system_u:object_r:autofs_t,s0) genfscon automount / gen_context(system_u:object_r:autofs_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(avahi,1.0) policy_module(avahi,1.0.1)
######################################## ########################################
# #
@ -18,9 +18,9 @@ files_pid_file(avahi_var_run_t)
# Local policy # Local policy
# #
allow avahi_t self:capability { dac_override setgid chown kill setuid }; allow avahi_t self:capability { dac_override setgid chown kill setuid sys_chroot };
dontaudit avahi_t self:capability sys_tty_config; dontaudit avahi_t self:capability sys_tty_config;
allow avahi_t self:process { setrlimit signal_perms }; allow avahi_t self:process { setrlimit signal_perms setcap };
allow avahi_t self:fifo_file { read write }; allow avahi_t self:fifo_file { read write };
allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow avahi_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow avahi_t self:unix_dgram_socket create_socket_perms; allow avahi_t self:unix_dgram_socket create_socket_perms;

View File

@ -1,5 +1,5 @@
policy_module(cron, 1.0) policy_module(cron, 1.0.1)
gen_require(` gen_require(`
class passwd rootok; class passwd rootok;
@ -170,14 +170,8 @@ tunable_policy(`fcron_crond', `
allow crond_t system_cron_spool_t:file create_file_perms; allow crond_t system_cron_spool_t:file create_file_perms;
') ')
optional_policy(`cyrus.te',` optional_policy(`hal.te',`
cyrus_manage_data(system_crond_t) hal_dbus_send(crond_t)
')
optional_policy(`inn.te',`
inn_manage_log(system_crond_t)
inn_manage_pid(system_crond_t)
inn_read_config(system_crond_t)
') ')
optional_policy(`nis.te',` optional_policy(`nis.te',`
@ -375,10 +369,20 @@ ifdef(`targeted_policy',`
seutil_read_file_contexts(system_crond_t) seutil_read_file_contexts(system_crond_t)
') ')
optional_policy(`cyrus.te',`
cyrus_manage_data(system_crond_t)
')
optional_policy(`ftp.te',` optional_policy(`ftp.te',`
ftp_read_log(system_crond_t) ftp_read_log(system_crond_t)
') ')
optional_policy(`inn.te',`
inn_manage_log(system_crond_t)
inn_manage_pid(system_crond_t)
inn_read_config(system_crond_t)
')
optional_policy(`mysql.te',` optional_policy(`mysql.te',`
mysql_read_config(system_crond_t) mysql_read_config(system_crond_t)
') ')

View File

@ -18,8 +18,7 @@
# #
# /var # /var
# #
/var/run/proftpd/proftpd-inetd -- gen_context(system_u:object_r:ftpd_var_run_t,s0) /var/run/proftpd(/.*)? gen_context(system_u:object_r:ftpd_var_run_t,s0)
/var/run/proftpd/proftpd\.scoreboard -- gen_context(system_u:object_r:ftpd_var_run_t,s0)
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0) /var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0) /var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(ftp,1.0) policy_module(ftp,1.0.1)
######################################## ########################################
# #

View File

@ -54,3 +54,20 @@ interface(`hal_stream_connect',`
allow $1 hald_t:unix_stream_socket connectto; allow $1 hald_t:unix_stream_socket connectto;
') ')
########################################
## <summary>
## Send a dbus message to hal.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`hal_dbus_send',`
gen_require(`
type hald_t;
class dbus send_msg;
')
allow $1 hald_t:dbus send_msg;
')

View File

@ -1,5 +1,5 @@
policy_module(hal,1.0) policy_module(hal,1.0.1)
######################################## ########################################
# #
@ -80,6 +80,7 @@ selinux_compute_relabel_context(hald_t)
selinux_compute_user_contexts(hald_t) selinux_compute_user_contexts(hald_t)
storage_raw_read_removable_device(hald_t) storage_raw_read_removable_device(hald_t)
storage_raw_write_removable_device(hald_t)
storage_raw_read_fixed_disk(hald_t) storage_raw_read_fixed_disk(hald_t)
storage_raw_write_fixed_disk(hald_t) storage_raw_write_fixed_disk(hald_t)

View File

@ -1,5 +1,5 @@
policy_module(pegasus,1.0) policy_module(pegasus,1.0.1)
######################################## ########################################
# #
@ -79,6 +79,7 @@ auth_use_nsswitch(pegasus_t)
auth_read_shadow(pegasus_t) auth_read_shadow(pegasus_t)
domain_use_wide_inherit_fd(pegasus_t) domain_use_wide_inherit_fd(pegasus_t)
domain_read_all_domains_state(pegasus_t)
files_read_etc_files(pegasus_t) files_read_etc_files(pegasus_t)
files_list_var_lib(pegasus_t) files_list_var_lib(pegasus_t)

View File

@ -1,5 +1,5 @@
policy_module(rpc,1.0) policy_module(rpc,1.0.1)
######################################## ########################################
# #
@ -31,6 +31,7 @@ files_config_file(nfsd_ro_t)
type var_lib_nfs_t; type var_lib_nfs_t;
files_config_file(var_lib_nfs_t) files_config_file(var_lib_nfs_t)
files_mountpoint(var_lib_nfs_t)
######################################## ########################################
# #

View File

@ -133,9 +133,6 @@ optional_policy(`samba.te',`
') ')
ifdef(`TODO',` ifdef(`TODO',`
# this goes to the nfs/rpc module
files_mountpoint(var_lib_nfs_t)
# TODO: Need to examine this further. Not sure how to handle this # TODO: Need to examine this further. Not sure how to handle this
#type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type; #type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
#allow sysadm_t sysadm_mount_source_t:file create_file_perms; #allow sysadm_t sysadm_mount_source_t:file create_file_perms;

View File

@ -1,5 +1,5 @@
policy_module(sysnetwork,1.0) policy_module(sysnetwork,1.0.1)
######################################## ########################################
# #
@ -58,6 +58,7 @@ allow dhcpc_t dhcp_etc_t:file { r_file_perms execute execute_no_trans };
allow dhcpc_t dhcp_state_t:dir rw_dir_perms; allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
allow dhcpc_t dhcp_state_t:file { getattr read }; allow dhcpc_t dhcp_state_t:file { getattr read };
allow dhcpc_t dhcpc_state_t:dir rw_dir_perms;
allow dhcpc_t dhcpc_state_t:file create_file_perms; allow dhcpc_t dhcpc_state_t:file create_file_perms;
type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t; type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t;