testing fixes
This commit is contained in:
Chris PeBenito
parent
fb2817da70
commit
b53f93a41f
@ -50,6 +50,7 @@ files_create_tmp_files(system_dbusd_t, system_dbusd_tmp_t, { file dir })
|
||||
|
||||
allow system_dbusd_t system_dbusd_var_run_t:file create_file_perms;
|
||||
allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;
|
||||
allow system_dbusd_t system_dbusd_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid(system_dbusd_t,system_dbusd_var_run_t)
|
||||
|
||||
kernel_read_system_state(system_dbusd_t)
|
||||
|
||||
@ -20,8 +20,10 @@ files_pid_file(howl_var_run_t)
|
||||
|
||||
allow howl_t self:capability { kill net_admin };
|
||||
dontaudit howl_t self:capability sys_tty_config;
|
||||
allow howl_t self:process signal_perms;
|
||||
allow howl_t self:fifo_file rw_file_perms;
|
||||
allow howl_t self:tcp_socket create_stream_socket_perms;
|
||||
allow howl_t self:udp_socket create_socket_perms;
|
||||
|
||||
allow howl_t howl_var_run_t:file create_file_perms;
|
||||
files_create_pid(howl_t,howl_var_run_t)
|
||||
@ -33,13 +35,16 @@ kernel_list_proc(howl_t)
|
||||
kernel_read_proc_symlinks(howl_t)
|
||||
|
||||
corenet_tcp_sendrecv_all_if(howl_t)
|
||||
corenet_udp_sendrecv_all_if(howl_t)
|
||||
corenet_raw_sendrecv_all_if(howl_t)
|
||||
corenet_tcp_sendrecv_all_nodes(howl_t)
|
||||
corenet_udp_sendrecv_all_nodes(howl_t)
|
||||
corenet_raw_sendrecv_all_nodes(howl_t)
|
||||
corenet_tcp_sendrecv_all_ports(howl_t)
|
||||
corenet_udp_sendrecv_all_ports(howl_t)
|
||||
corenet_tcp_bind_all_nodes(howl_t)
|
||||
corenet_udp_bind_all_nodes(howl_t)
|
||||
corenet_tcp_bind_howl_port(howl_t)
|
||||
# cjp: why udp bind if it has no other UDP perms?
|
||||
corenet_udp_bind_howl_port(howl_t)
|
||||
|
||||
dev_read_sysfs(howl_t)
|
||||
|
||||
@ -9,7 +9,7 @@ policy_module(hotplug, 1.0)
|
||||
type hotplug_t;
|
||||
type hotplug_exec_t;
|
||||
kernel_userland_entry(hotplug_t,hotplug_exec_t)
|
||||
init_system_domain(hotplug_t,hotplug_exec_t)
|
||||
init_daemon_domain(hotplug_t,hotplug_exec_t)
|
||||
|
||||
type hotplug_etc_t; #, usercanread;
|
||||
files_type(hotplug_etc_t)
|
||||
@ -52,11 +52,15 @@ kernel_read_net_sysctl(hotplug_t)
|
||||
bootloader_read_kernel_modules(hotplug_t)
|
||||
|
||||
corenet_tcp_sendrecv_all_if(hotplug_t)
|
||||
corenet_udp_sendrecv_all_if(hotplug_t)
|
||||
corenet_raw_sendrecv_all_if(hotplug_t)
|
||||
corenet_tcp_sendrecv_all_nodes(hotplug_t)
|
||||
corenet_udp_sendrecv_all_nodes(hotplug_t)
|
||||
corenet_raw_sendrecv_all_nodes(hotplug_t)
|
||||
corenet_tcp_sendrecv_all_ports(hotplug_t)
|
||||
corenet_udp_sendrecv_all_ports(hotplug_t)
|
||||
corenet_tcp_bind_all_nodes(hotplug_t)
|
||||
corenet_udp_bind_all_nodes(hotplug_t)
|
||||
|
||||
dev_rw_sysfs(hotplug_t)
|
||||
dev_read_usbfs(hotplug_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user