targeted and distro fixes for loadable modules
This commit is contained in:
Chris PeBenito
parent
0efe52ae99
commit
af4752bcb9
@ -11,9 +11,6 @@
|
|||||||
interface(`bind_domtrans_ndc',`
|
interface(`bind_domtrans_ndc',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type ndc_t, ndc_exec_t;
|
type ndc_t, ndc_exec_t;
|
||||||
class process sigchld;
|
|
||||||
class fd use;
|
|
||||||
class fifo_file rw_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
domain_auto_trans($1,ndc_exec_t,ndc_t)
|
domain_auto_trans($1,ndc_exec_t,ndc_t)
|
||||||
@ -42,7 +39,6 @@ interface(`bind_domtrans_ndc',`
|
|||||||
interface(`bind_run_ndc',`
|
interface(`bind_run_ndc',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type ndc_t;
|
type ndc_t;
|
||||||
class chr_file rw_term_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
bind_domtrans_ndc($1)
|
bind_domtrans_ndc($1)
|
||||||
@ -61,9 +57,6 @@ interface(`bind_run_ndc',`
|
|||||||
interface(`bind_domtrans',`
|
interface(`bind_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_t, named_exec_t;
|
type named_t, named_exec_t;
|
||||||
class process sigchld;
|
|
||||||
class fd use;
|
|
||||||
class fifo_file rw_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
domain_auto_trans($1,named_exec_t,named_t)
|
domain_auto_trans($1,named_exec_t,named_t)
|
||||||
@ -85,8 +78,6 @@ interface(`bind_domtrans',`
|
|||||||
interface(`bind_read_dnssec_keys',`
|
interface(`bind_read_dnssec_keys',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_conf_t, named_zone_t, dnssec_t;
|
type named_conf_t, named_zone_t, dnssec_t;
|
||||||
class dir search;
|
|
||||||
class file { getattr read };
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 { named_conf_t named_zone_t }:dir search;
|
allow $1 { named_conf_t named_zone_t }:dir search;
|
||||||
@ -104,8 +95,6 @@ interface(`bind_read_dnssec_keys',`
|
|||||||
interface(`bind_read_config',`
|
interface(`bind_read_config',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_conf_t;
|
type named_conf_t;
|
||||||
class dir search;
|
|
||||||
class file { getattr read };
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 named_conf_t:dir search;
|
allow $1 named_conf_t:dir search;
|
||||||
@ -123,8 +112,6 @@ interface(`bind_read_config',`
|
|||||||
interface(`bind_write_config',`
|
interface(`bind_write_config',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_conf_t;
|
type named_conf_t;
|
||||||
class dir search;
|
|
||||||
class file { write setattr };
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 named_conf_t:dir search;
|
allow $1 named_conf_t:dir search;
|
||||||
@ -143,7 +130,6 @@ interface(`bind_write_config',`
|
|||||||
interface(`bind_manage_config_dir',`
|
interface(`bind_manage_config_dir',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_conf_t;
|
type named_conf_t;
|
||||||
class dir perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 named_conf_t:dir create_dir_perms;
|
allow $1 named_conf_t:dir create_dir_perms;
|
||||||
@ -161,7 +147,6 @@ interface(`bind_manage_config_dir',`
|
|||||||
interface(`bind_setattr_pid_dir',`
|
interface(`bind_setattr_pid_dir',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_var_run_t;
|
type named_var_run_t;
|
||||||
class dir setattr;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 named_var_run_t:dir setattr;
|
allow $1 named_var_run_t:dir setattr;
|
||||||
|
|||||||
@ -105,7 +105,8 @@ ifdef(`targeted_policy',`
|
|||||||
allow system_mail_t mqueue_spool_t:file create_file_perms;
|
allow system_mail_t mqueue_spool_t:file create_file_perms;
|
||||||
allow system_mail_t mqueue_spool_t:lnk_file create_lnk_perms;
|
allow system_mail_t mqueue_spool_t:lnk_file create_lnk_perms;
|
||||||
|
|
||||||
optional_policy(`postfix.te',`',`
|
# cjp: another require-in-else to resolve
|
||||||
|
# optional_policy(`postfix.te',`',`
|
||||||
corecmd_exec_bin(system_mail_t)
|
corecmd_exec_bin(system_mail_t)
|
||||||
corecmd_exec_sbin(system_mail_t)
|
corecmd_exec_sbin(system_mail_t)
|
||||||
|
|
||||||
@ -117,7 +118,7 @@ ifdef(`targeted_policy',`
|
|||||||
libs_use_shared_libs(system_mail_t)
|
libs_use_shared_libs(system_mail_t)
|
||||||
libs_exec_ld_so(system_mail_t)
|
libs_exec_ld_so(system_mail_t)
|
||||||
libs_exec_lib_files(system_mail_t)
|
libs_exec_lib_files(system_mail_t)
|
||||||
')
|
# ')
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`apache.te',`
|
optional_policy(`apache.te',`
|
||||||
|
|||||||
@ -99,7 +99,7 @@ interface(`mysql_rw_db_dir',`
|
|||||||
#
|
#
|
||||||
interface(`mysql_manage_db_dir',`
|
interface(`mysql_manage_db_dir',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type mysql_db_t;
|
type mysqld_db_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
|
|||||||
@ -1560,12 +1560,16 @@ interface(`userdom_read_staff_home_files',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`userdom_sigchld_sysadm',`
|
interface(`userdom_sigchld_sysadm',`
|
||||||
|
ifdef(`targeted_policy',`
|
||||||
|
unconfined_sigchld($1)
|
||||||
|
',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type sysadm_t;
|
type sysadm_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 sysadm_t:process sigchld;
|
allow $1 sysadm_t:process sigchld;
|
||||||
')
|
')
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user