trunk: 2 patches from dan.
This commit is contained in:
Chris PeBenito
parent
cdf98fedc0
commit
bc01b352f6
@ -141,3 +141,23 @@ interface(`amanda_append_log_files',`
|
|||||||
|
|
||||||
allow $1 amanda_log_t:file { read_file_perms append_file_perms };
|
allow $1 amanda_log_t:file { read_file_perms append_file_perms };
|
||||||
')
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Search amanda var library directories.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## The type of the process performing this action.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`amanda_search_var_lib',`
|
||||||
|
gen_require(`
|
||||||
|
type amanda_var_lib_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_var_lib($1)
|
||||||
|
allow $1 amanda_var_lib_t:dir search_dir_perms;
|
||||||
|
|
||||||
|
')
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(amanda,1.7.0)
|
policy_module(amanda,1.7.1)
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
#
|
#
|
||||||
@ -74,7 +74,6 @@ allow amanda_t self:unix_stream_socket create_stream_socket_perms;
|
|||||||
allow amanda_t self:unix_dgram_socket create_socket_perms;
|
allow amanda_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow amanda_t self:tcp_socket create_stream_socket_perms;
|
allow amanda_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow amanda_t self:udp_socket create_socket_perms;
|
allow amanda_t self:udp_socket create_socket_perms;
|
||||||
allow amanda_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
# access to amanda_amandates_t
|
# access to amanda_amandates_t
|
||||||
allow amanda_t amanda_amandates_t:file { getattr lock read write };
|
allow amanda_t amanda_amandates_t:file { getattr lock read write };
|
||||||
@ -151,27 +150,17 @@ files_getattr_all_sockets(amanda_t)
|
|||||||
corecmd_exec_shell(amanda_t)
|
corecmd_exec_shell(amanda_t)
|
||||||
corecmd_exec_bin(amanda_t)
|
corecmd_exec_bin(amanda_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(amanda_t)
|
||||||
|
auth_read_shadow(amanda_t)
|
||||||
|
|
||||||
libs_use_ld_so(amanda_t)
|
libs_use_ld_so(amanda_t)
|
||||||
libs_use_shared_libs(amanda_t)
|
libs_use_shared_libs(amanda_t)
|
||||||
|
|
||||||
sysnet_read_config(amanda_t)
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
auth_read_shadow(amanda_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
logging_send_syslog_msg(amanda_t)
|
logging_send_syslog_msg(amanda_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(amanda_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(amanda_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Amanda recover local policy
|
# Amanda recover local policy
|
||||||
@ -228,6 +217,8 @@ files_read_etc_runtime_files(amanda_recover_t)
|
|||||||
files_search_tmp(amanda_recover_t)
|
files_search_tmp(amanda_recover_t)
|
||||||
files_search_pids(amanda_recover_t)
|
files_search_pids(amanda_recover_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(amanda_recover_t)
|
||||||
|
|
||||||
fstools_domtrans(amanda_t)
|
fstools_domtrans(amanda_t)
|
||||||
|
|
||||||
libs_use_ld_so(amanda_recover_t)
|
libs_use_ld_so(amanda_recover_t)
|
||||||
@ -237,14 +228,4 @@ logging_search_logs(amanda_recover_t)
|
|||||||
|
|
||||||
miscfiles_read_localization(amanda_recover_t)
|
miscfiles_read_localization(amanda_recover_t)
|
||||||
|
|
||||||
sysnet_read_config(amanda_recover_t)
|
|
||||||
|
|
||||||
userdom_search_sysadm_home_content_dirs(amanda_recover_t)
|
userdom_search_sysadm_home_content_dirs(amanda_recover_t)
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(amanda_recover_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(amanda_recover_t)
|
|
||||||
')
|
|
||||||
|
|||||||
@ -44,5 +44,8 @@ ifdef(`distro_redhat',`
|
|||||||
/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||||
/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||||
/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||||
|
/var/named/chroot/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||||
/var/named/chroot/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
|
/var/named/chroot/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||||
|
/var/named/chroot/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
|
||||||
|
/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(bind,1.5.1)
|
policy_module(bind,1.5.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -66,7 +66,6 @@ allow named_t self:unix_stream_socket create_stream_socket_perms;
|
|||||||
allow named_t self:unix_dgram_socket create_socket_perms;
|
allow named_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow named_t self:tcp_socket create_stream_socket_perms;
|
allow named_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow named_t self:udp_socket create_socket_perms;
|
allow named_t self:udp_socket create_socket_perms;
|
||||||
allow named_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
allow named_t dnssec_t:file { getattr read };
|
allow named_t dnssec_t:file { getattr read };
|
||||||
|
|
||||||
@ -119,6 +118,7 @@ corenet_sendrecv_dns_server_packets(named_t)
|
|||||||
corenet_sendrecv_dns_client_packets(named_t)
|
corenet_sendrecv_dns_client_packets(named_t)
|
||||||
corenet_sendrecv_rndc_server_packets(named_t)
|
corenet_sendrecv_rndc_server_packets(named_t)
|
||||||
corenet_sendrecv_rndc_client_packets(named_t)
|
corenet_sendrecv_rndc_client_packets(named_t)
|
||||||
|
corenet_udp_bind_all_unreserved_ports(named_t)
|
||||||
|
|
||||||
dev_read_sysfs(named_t)
|
dev_read_sysfs(named_t)
|
||||||
dev_read_rand(named_t)
|
dev_read_rand(named_t)
|
||||||
@ -135,6 +135,8 @@ domain_use_interactive_fds(named_t)
|
|||||||
files_read_etc_files(named_t)
|
files_read_etc_files(named_t)
|
||||||
files_read_etc_runtime_files(named_t)
|
files_read_etc_runtime_files(named_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(named_t)
|
||||||
|
|
||||||
libs_use_ld_so(named_t)
|
libs_use_ld_so(named_t)
|
||||||
libs_use_shared_libs(named_t)
|
libs_use_shared_libs(named_t)
|
||||||
|
|
||||||
@ -174,6 +176,10 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
kerberos_use(named_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
# this seems like fds that arent being
|
# this seems like fds that arent being
|
||||||
# closed. these should probably be
|
# closed. these should probably be
|
||||||
@ -183,14 +189,6 @@ optional_policy(`
|
|||||||
networkmanager_rw_routing_sockets(named_t)
|
networkmanager_rw_routing_sockets(named_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(named_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(named_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(named_t)
|
seutil_sigchld_newrole(named_t)
|
||||||
')
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user