targeted and distro fixes for loadable modules

This commit is contained in:
Chris PeBenito 2005-10-19 16:44:24 +00:00
parent 0efe52ae99
commit af4752bcb9
4 changed files with 12 additions and 22 deletions

View File

@ -11,9 +11,6 @@
interface(`bind_domtrans_ndc',` interface(`bind_domtrans_ndc',`
gen_require(` gen_require(`
type ndc_t, ndc_exec_t; type ndc_t, ndc_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,ndc_exec_t,ndc_t) domain_auto_trans($1,ndc_exec_t,ndc_t)
@ -42,7 +39,6 @@ interface(`bind_domtrans_ndc',`
interface(`bind_run_ndc',` interface(`bind_run_ndc',`
gen_require(` gen_require(`
type ndc_t; type ndc_t;
class chr_file rw_term_perms;
') ')
bind_domtrans_ndc($1) bind_domtrans_ndc($1)
@ -61,9 +57,6 @@ interface(`bind_run_ndc',`
interface(`bind_domtrans',` interface(`bind_domtrans',`
gen_require(` gen_require(`
type named_t, named_exec_t; type named_t, named_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,named_exec_t,named_t) domain_auto_trans($1,named_exec_t,named_t)
@ -85,8 +78,6 @@ interface(`bind_domtrans',`
interface(`bind_read_dnssec_keys',` interface(`bind_read_dnssec_keys',`
gen_require(` gen_require(`
type named_conf_t, named_zone_t, dnssec_t; type named_conf_t, named_zone_t, dnssec_t;
class dir search;
class file { getattr read };
') ')
allow $1 { named_conf_t named_zone_t }:dir search; allow $1 { named_conf_t named_zone_t }:dir search;
@ -104,8 +95,6 @@ interface(`bind_read_dnssec_keys',`
interface(`bind_read_config',` interface(`bind_read_config',`
gen_require(` gen_require(`
type named_conf_t; type named_conf_t;
class dir search;
class file { getattr read };
') ')
allow $1 named_conf_t:dir search; allow $1 named_conf_t:dir search;
@ -123,8 +112,6 @@ interface(`bind_read_config',`
interface(`bind_write_config',` interface(`bind_write_config',`
gen_require(` gen_require(`
type named_conf_t; type named_conf_t;
class dir search;
class file { write setattr };
') ')
allow $1 named_conf_t:dir search; allow $1 named_conf_t:dir search;
@ -143,7 +130,6 @@ interface(`bind_write_config',`
interface(`bind_manage_config_dir',` interface(`bind_manage_config_dir',`
gen_require(` gen_require(`
type named_conf_t; type named_conf_t;
class dir perms;
') ')
allow $1 named_conf_t:dir create_dir_perms; allow $1 named_conf_t:dir create_dir_perms;
@ -161,7 +147,6 @@ interface(`bind_manage_config_dir',`
interface(`bind_setattr_pid_dir',` interface(`bind_setattr_pid_dir',`
gen_require(` gen_require(`
type named_var_run_t; type named_var_run_t;
class dir setattr;
') ')
allow $1 named_var_run_t:dir setattr; allow $1 named_var_run_t:dir setattr;

View File

@ -105,7 +105,8 @@ ifdef(`targeted_policy',`
allow system_mail_t mqueue_spool_t:file create_file_perms; allow system_mail_t mqueue_spool_t:file create_file_perms;
allow system_mail_t mqueue_spool_t:lnk_file create_lnk_perms; allow system_mail_t mqueue_spool_t:lnk_file create_lnk_perms;
optional_policy(`postfix.te',`',` # cjp: another require-in-else to resolve
# optional_policy(`postfix.te',`',`
corecmd_exec_bin(system_mail_t) corecmd_exec_bin(system_mail_t)
corecmd_exec_sbin(system_mail_t) corecmd_exec_sbin(system_mail_t)
@ -117,7 +118,7 @@ ifdef(`targeted_policy',`
libs_use_shared_libs(system_mail_t) libs_use_shared_libs(system_mail_t)
libs_exec_ld_so(system_mail_t) libs_exec_ld_so(system_mail_t)
libs_exec_lib_files(system_mail_t) libs_exec_lib_files(system_mail_t)
') # ')
') ')
optional_policy(`apache.te',` optional_policy(`apache.te',`

View File

@ -99,7 +99,7 @@ interface(`mysql_rw_db_dir',`
# #
interface(`mysql_manage_db_dir',` interface(`mysql_manage_db_dir',`
gen_require(` gen_require(`
type mysql_db_t; type mysqld_db_t;
') ')
files_search_var_lib($1) files_search_var_lib($1)

View File

@ -1560,11 +1560,15 @@ interface(`userdom_read_staff_home_files',`
## </param> ## </param>
# #
interface(`userdom_sigchld_sysadm',` interface(`userdom_sigchld_sysadm',`
ifdef(`targeted_policy',`
unconfined_sigchld($1)
',`
gen_require(` gen_require(`
type sysadm_t; type sysadm_t;
') ')
allow $1 sysadm_t:process sigchld; allow $1 sysadm_t:process sigchld;
')
') ')
######################################## ########################################