fix duplicate /usr/bin/mplayer fc match for targeted
This commit is contained in:
Chris PeBenito
parent
d4a48c41c2
commit
b04eccd87b
@ -6,8 +6,9 @@
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/bin/mplayer -- gen_context(system_u:object_r:mplayer_exec_t,s0)
|
||||
/usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0)
|
||||
/usr/bin/mplayer -- gen_context(system_u:object_r:mplayer_exec_t,s0)
|
||||
/usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0)
|
||||
/usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
|
||||
|
||||
ifdef(`strict_policy',`
|
||||
HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:ROLE_mplayer_home_t,s0)
|
||||
|
||||
@ -1,16 +1,23 @@
|
||||
|
||||
policy_module(mplayer,1.0.2)
|
||||
policy_module(mplayer,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type mplayer_exec_t;
|
||||
corecmd_executable_file(mplayer_exec_t)
|
||||
|
||||
type mencoder_exec_t;
|
||||
corecmd_executable_file(mencoder_exec_t)
|
||||
|
||||
type mplayer_etc_t;
|
||||
files_config_file(mplayer_etc_t)
|
||||
|
||||
ifdef(`strict_policy',`
|
||||
type mencoder_exec_t;
|
||||
corecmd_executable_file(mencoder_exec_t)
|
||||
|
||||
type mplayer_exec_t;
|
||||
corecmd_executable_file(mplayer_exec_t)
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
unconfined_execmem_alias_program(mencoder_exec_t)
|
||||
unconfined_execmem_alias_program(mplayer_exec_t)
|
||||
')
|
||||
|
||||
@ -8,7 +8,5 @@ ifdef(`targeted_policy',`
|
||||
/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
/usr/local/RealPlay/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
/usr/bin/mplayer -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
/usr/bin/xine -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
')
|
||||
|
||||
@ -488,6 +488,40 @@ interface(`unconfined_alias_domain',`
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Add an alias type to the unconfined execmem
|
||||
## program file type.
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Add an alias type to the unconfined execmem
|
||||
## program file type.
|
||||
## </p>
|
||||
## <p>
|
||||
## This is added to support targeted policy. Its
|
||||
## use should be limited. It has no effect
|
||||
## on the strict policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## New alias of the unconfined execmem program type.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`unconfined_execmem_alias_program',`
|
||||
ifdef(`targeted_policy',`
|
||||
gen_require(`
|
||||
type unconfined_execmem_exec_t;
|
||||
')
|
||||
|
||||
typealias unconfined_execmem_exec_t alias $1;
|
||||
',`
|
||||
refpolicywarn(`$0($1) has no effect in strict policy.')
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Connect to the the unconfined DBUS
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(unconfined,1.3.15)
|
||||
policy_module(unconfined,1.3.16)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user