testing fixes

This commit is contained in:
Chris PeBenito 2005-09-22 15:32:53 +00:00
parent fb2817da70
commit b53f93a41f
3 changed files with 12 additions and 2 deletions

View File

@ -50,6 +50,7 @@ files_create_tmp_files(system_dbusd_t, system_dbusd_tmp_t, { file dir })
allow system_dbusd_t system_dbusd_var_run_t:file create_file_perms; allow system_dbusd_t system_dbusd_var_run_t:file create_file_perms;
allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms; allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;
allow system_dbusd_t system_dbusd_var_run_t:dir rw_dir_perms;
files_create_pid(system_dbusd_t,system_dbusd_var_run_t) files_create_pid(system_dbusd_t,system_dbusd_var_run_t)
kernel_read_system_state(system_dbusd_t) kernel_read_system_state(system_dbusd_t)

View File

@ -20,8 +20,10 @@ files_pid_file(howl_var_run_t)
allow howl_t self:capability { kill net_admin }; allow howl_t self:capability { kill net_admin };
dontaudit howl_t self:capability sys_tty_config; dontaudit howl_t self:capability sys_tty_config;
allow howl_t self:process signal_perms;
allow howl_t self:fifo_file rw_file_perms; allow howl_t self:fifo_file rw_file_perms;
allow howl_t self:tcp_socket create_stream_socket_perms; allow howl_t self:tcp_socket create_stream_socket_perms;
allow howl_t self:udp_socket create_socket_perms;
allow howl_t howl_var_run_t:file create_file_perms; allow howl_t howl_var_run_t:file create_file_perms;
files_create_pid(howl_t,howl_var_run_t) files_create_pid(howl_t,howl_var_run_t)
@ -33,13 +35,16 @@ kernel_list_proc(howl_t)
kernel_read_proc_symlinks(howl_t) kernel_read_proc_symlinks(howl_t)
corenet_tcp_sendrecv_all_if(howl_t) corenet_tcp_sendrecv_all_if(howl_t)
corenet_udp_sendrecv_all_if(howl_t)
corenet_raw_sendrecv_all_if(howl_t) corenet_raw_sendrecv_all_if(howl_t)
corenet_tcp_sendrecv_all_nodes(howl_t) corenet_tcp_sendrecv_all_nodes(howl_t)
corenet_udp_sendrecv_all_nodes(howl_t)
corenet_raw_sendrecv_all_nodes(howl_t) corenet_raw_sendrecv_all_nodes(howl_t)
corenet_tcp_sendrecv_all_ports(howl_t) corenet_tcp_sendrecv_all_ports(howl_t)
corenet_udp_sendrecv_all_ports(howl_t)
corenet_tcp_bind_all_nodes(howl_t) corenet_tcp_bind_all_nodes(howl_t)
corenet_udp_bind_all_nodes(howl_t)
corenet_tcp_bind_howl_port(howl_t) corenet_tcp_bind_howl_port(howl_t)
# cjp: why udp bind if it has no other UDP perms?
corenet_udp_bind_howl_port(howl_t) corenet_udp_bind_howl_port(howl_t)
dev_read_sysfs(howl_t) dev_read_sysfs(howl_t)

View File

@ -9,7 +9,7 @@ policy_module(hotplug, 1.0)
type hotplug_t; type hotplug_t;
type hotplug_exec_t; type hotplug_exec_t;
kernel_userland_entry(hotplug_t,hotplug_exec_t) kernel_userland_entry(hotplug_t,hotplug_exec_t)
init_system_domain(hotplug_t,hotplug_exec_t) init_daemon_domain(hotplug_t,hotplug_exec_t)
type hotplug_etc_t; #, usercanread; type hotplug_etc_t; #, usercanread;
files_type(hotplug_etc_t) files_type(hotplug_etc_t)
@ -52,11 +52,15 @@ kernel_read_net_sysctl(hotplug_t)
bootloader_read_kernel_modules(hotplug_t) bootloader_read_kernel_modules(hotplug_t)
corenet_tcp_sendrecv_all_if(hotplug_t) corenet_tcp_sendrecv_all_if(hotplug_t)
corenet_udp_sendrecv_all_if(hotplug_t)
corenet_raw_sendrecv_all_if(hotplug_t) corenet_raw_sendrecv_all_if(hotplug_t)
corenet_tcp_sendrecv_all_nodes(hotplug_t) corenet_tcp_sendrecv_all_nodes(hotplug_t)
corenet_udp_sendrecv_all_nodes(hotplug_t)
corenet_raw_sendrecv_all_nodes(hotplug_t) corenet_raw_sendrecv_all_nodes(hotplug_t)
corenet_tcp_sendrecv_all_ports(hotplug_t) corenet_tcp_sendrecv_all_ports(hotplug_t)
corenet_udp_sendrecv_all_ports(hotplug_t)
corenet_tcp_bind_all_nodes(hotplug_t) corenet_tcp_bind_all_nodes(hotplug_t)
corenet_udp_bind_all_nodes(hotplug_t)
dev_rw_sysfs(hotplug_t) dev_rw_sysfs(hotplug_t)
dev_read_usbfs(hotplug_t) dev_read_usbfs(hotplug_t)