- Fix to add xguest account when inititial install
- Allow mono, java, wine to run in userdomains
This commit is contained in:
Daniel J Walsh
parent
a9d4b80f50
commit
c003dbaafb
|
|
@ -5184,7 +5184,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-09-20 12:01:41.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2007-09-20 15:31:09.000000000 -0400
|
||||
@@ -50,6 +50,12 @@
|
||||
## </param>
|
||||
#
|
||||
|
|
@ -5206,6 +5206,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
allow $1_dbusd_t self:file { getattr read write };
|
||||
allow $1_dbusd_t self:fifo_file rw_fifo_file_perms;
|
||||
allow $1_dbusd_t self:dbus { send_msg acquire_svc };
|
||||
@@ -86,7 +93,7 @@
|
||||
# SE-DBus specific permissions
|
||||
allow $1_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
|
||||
allow $2 $1_dbusd_t:dbus { send_msg acquire_svc };
|
||||
- allow $1_t system_dbusd_t:dbus { send_msg acquire_svc };
|
||||
+ allow $2 system_dbusd_t:dbus { send_msg acquire_svc };
|
||||
|
||||
allow $1_dbusd_t dbusd_etc_t:dir list_dir_perms;
|
||||
read_files_pattern($1_dbusd_t,dbusd_etc_t,dbusd_etc_t)
|
||||
@@ -135,7 +142,21 @@
|
||||
selinux_compute_relabel_context($1_dbusd_t)
|
||||
selinux_compute_user_contexts($1_dbusd_t)
|
||||
|
|
@ -5213,12 +5222,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
+ corecmd_bin_domtrans($1_dbusd_t, $1_t)
|
||||
+ allow $1_dbusd_t $1_t:process sigkill;
|
||||
+
|
||||
+ allow $1_t $1_dbusd_t:fd use;
|
||||
+ allow $1_t $1_dbusd_t:fifo_file rw_fifo_file_perms;
|
||||
+ allow $1_t $1_dbusd_t:process sigchld;
|
||||
+ allow $2 $1_dbusd_t:fd use;
|
||||
+ allow $2 $1_dbusd_t:fifo_file rw_fifo_file_perms;
|
||||
+ allow $2 $1_dbusd_t:process sigchld;
|
||||
+
|
||||
+ ifdef(`hide_broken_symptoms', `
|
||||
+ dontaudit $1_t $1_dbusd_t:netlink_selinux_socket { read write };
|
||||
+ dontaudit $2 $1_dbusd_t:netlink_selinux_socket { read write };
|
||||
+ ');
|
||||
+
|
||||
+ userdom_read_user_home_content_files($1, $1_dbusd_t)
|
||||
|
|
@ -9530,7 +9539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.8/policy/modules/services/xserver.if
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.if 2007-09-20 12:07:15.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.if 2007-09-20 15:27:25.000000000 -0400
|
||||
@@ -126,6 +126,8 @@
|
||||
# read events - the synaptics touchpad driver reads raw events
|
||||
dev_rw_input_dev($1_xserver_t)
|
||||
|
|
@ -9611,7 +9620,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
# for when /tmp/.X11-unix is created by the system
|
||||
allow $2 xdm_t:fd use;
|
||||
@@ -555,25 +559,52 @@
|
||||
@@ -555,25 +559,53 @@
|
||||
allow $2 xdm_tmp_t:sock_file { read write };
|
||||
dontaudit $2 xdm_t:tcp_socket { read write };
|
||||
|
||||
|
|
@ -9649,6 +9658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
+ optional_policy(`
|
||||
+ userdom_read_all_users_home_content_files(xdm_t)
|
||||
+ userdom_read_all_users_home_content_files(xdm_xserver_t)
|
||||
+ userdom_rw_user_tmpfs_files($1, xdm_xserver_t)
|
||||
+#Compiler is broken so these wont work
|
||||
+ gnome_read_user_gnome_config($1, xdm_t)
|
||||
+ gnome_read_user_gnome_config($1, xdm_xserver_t)
|
||||
|
|
@ -9672,7 +9682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
')
|
||||
|
||||
@@ -626,6 +657,24 @@
|
||||
@@ -626,6 +658,24 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -9697,7 +9707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
## Transition to a user Xauthority domain.
|
||||
## </summary>
|
||||
## <desc>
|
||||
@@ -659,6 +708,73 @@
|
||||
@@ -659,6 +709,73 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -9771,7 +9781,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
## Transition to a user Xauthority domain.
|
||||
## </summary>
|
||||
## <desc>
|
||||
@@ -927,6 +1043,7 @@
|
||||
@@ -927,6 +1044,7 @@
|
||||
files_search_tmp($1)
|
||||
allow $1 xdm_tmp_t:dir list_dir_perms;
|
||||
create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
|
||||
|
|
@ -9779,7 +9789,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -987,6 +1104,37 @@
|
||||
@@ -987,6 +1105,37 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -9817,7 +9827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
## Make an X session script an entrypoint for the specified domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -1136,7 +1284,7 @@
|
||||
@@ -1136,7 +1285,7 @@
|
||||
type xdm_xserver_tmp_t;
|
||||
')
|
||||
|
||||
|
|
@ -9826,7 +9836,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -1325,3 +1473,62 @@
|
||||
@@ -1325,3 +1474,62 @@
|
||||
files_search_tmp($1)
|
||||
stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
|
||||
')
|
||||
|
|
@ -9891,7 +9901,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-20 10:44:00.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-20 15:44:32.000000000 -0400
|
||||
@@ -16,6 +16,13 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -9951,7 +9961,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
miscfiles_read_localization(xdm_t)
|
||||
miscfiles_read_fonts(xdm_t)
|
||||
@@ -271,6 +285,10 @@
|
||||
@@ -268,9 +282,14 @@
|
||||
userdom_create_all_users_keys(xdm_t)
|
||||
# for .dmrc
|
||||
userdom_read_unpriv_users_home_content_files(xdm_t)
|
||||
+
|
||||
# Search /proc for any user domain processes.
|
||||
userdom_read_all_users_state(xdm_t)
|
||||
userdom_signal_all_users(xdm_t)
|
||||
|
|
@ -9962,7 +9976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
|
||||
|
||||
@@ -306,6 +324,11 @@
|
||||
@@ -306,6 +325,11 @@
|
||||
|
||||
optional_policy(`
|
||||
consolekit_dbus_chat(xdm_t)
|
||||
|
|
@ -9974,7 +9988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -348,12 +371,8 @@
|
||||
@@ -348,12 +372,8 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -9988,7 +10002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
ifdef(`distro_rhel4',`
|
||||
allow xdm_t self:process { execheap execmem };
|
||||
@@ -385,7 +404,7 @@
|
||||
@@ -385,7 +405,7 @@
|
||||
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
|
||||
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
|
||||
|
||||
|
|
@ -9997,7 +10011,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
# Label pid and temporary files with derived types.
|
||||
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
|
||||
@@ -425,6 +444,10 @@
|
||||
@@ -425,6 +445,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -10008,7 +10022,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
resmgr_stream_connect(xdm_t)
|
||||
')
|
||||
|
||||
@@ -434,47 +457,19 @@
|
||||
@@ -434,47 +458,19 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -10109,7 +10123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-08-22 07:14:13.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-20 11:14:45.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-20 16:27:52.000000000 -0400
|
||||
@@ -26,7 +26,8 @@
|
||||
type $1_chkpwd_t, can_read_shadow_passwords;
|
||||
application_domain($1_chkpwd_t,chkpwd_exec_t)
|
||||
|
|
@ -10140,7 +10154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
|
||||
domain_type($1)
|
||||
domain_subj_id_change_exemption($1)
|
||||
@@ -176,11 +177,24 @@
|
||||
@@ -176,11 +177,23 @@
|
||||
domain_obj_id_change_exemption($1)
|
||||
role system_r types $1;
|
||||
|
||||
|
|
@ -10150,7 +10164,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
+
|
||||
+ auth_keyring_domain($1)
|
||||
+ allow $1 keyring_type:key { search link };
|
||||
+ auth_domtrans_chk_passwd($1)
|
||||
+
|
||||
+ files_list_var_lib($1)
|
||||
+ manage_files_pattern($1, var_auth_t, var_auth_t)
|
||||
|
|
@ -10165,7 +10178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
selinux_get_fs_mount($1)
|
||||
selinux_validate_context($1)
|
||||
selinux_compute_access_vector($1)
|
||||
@@ -196,22 +210,33 @@
|
||||
@@ -196,22 +209,33 @@
|
||||
mls_fd_share_all_levels($1)
|
||||
|
||||
auth_domtrans_chk_passwd($1)
|
||||
|
|
@ -10200,7 +10213,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
')
|
||||
|
||||
@@ -309,9 +334,6 @@
|
||||
@@ -309,9 +333,6 @@
|
||||
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
|
||||
')
|
||||
|
||||
|
|
@ -10210,7 +10223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
|
||||
|
||||
@@ -329,6 +351,7 @@
|
||||
@@ -329,6 +350,7 @@
|
||||
|
||||
optional_policy(`
|
||||
kerberos_use($1)
|
||||
|
|
@ -10218,7 +10231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -347,6 +370,37 @@
|
||||
@@ -347,6 +369,37 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -10256,7 +10269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
## Get the attributes of the shadow passwords file.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -695,6 +749,24 @@
|
||||
@@ -695,6 +748,24 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -10281,7 +10294,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
## Execute pam programs in the PAM domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -1318,14 +1390,9 @@
|
||||
@@ -1318,14 +1389,9 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`auth_use_nsswitch',`
|
||||
|
|
@ -10296,7 +10309,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
files_list_var_lib($1)
|
||||
|
||||
miscfiles_read_certs($1)
|
||||
@@ -1381,3 +1448,163 @@
|
||||
@@ -1381,3 +1447,163 @@
|
||||
typeattribute $1 can_write_shadow_passwords;
|
||||
typeattribute $1 can_relabelto_shadow_passwords;
|
||||
')
|
||||
|
|
@ -11327,8 +11340,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
+/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_script_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.0.8/policy/modules/system/logging.if
|
||||
--- nsaserefpolicy/policy/modules/system/logging.if 2007-09-12 10:34:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/logging.if 2007-09-17 16:20:18.000000000 -0400
|
||||
@@ -33,8 +33,13 @@
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/logging.if 2007-09-20 15:21:10.000000000 -0400
|
||||
@@ -33,8 +33,27 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`logging_send_audit_msgs',`
|
||||
|
|
@ -11340,10 +11353,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
allow $1 self:capability audit_write;
|
||||
- allow $1 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
|
||||
+ allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
|
||||
+')
|
||||
+
|
||||
+#######################################
|
||||
+## <summary>
|
||||
+## dontaudit attempts to send audit messages.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
+## Domain allowed access.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+#
|
||||
+interface(`logging_dontaudit_send_audit_msgs',`
|
||||
+ dontaudit $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -238,6 +243,63 @@
|
||||
@@ -238,6 +257,63 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -11407,7 +11434,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
## Create an object in the log directory, with a private
|
||||
## type using a type transition.
|
||||
## </summary>
|
||||
@@ -470,7 +532,7 @@
|
||||
@@ -470,7 +546,7 @@
|
||||
|
||||
files_search_var($1)
|
||||
allow $1 var_log_t:dir list_dir_perms;
|
||||
|
|
@ -11416,7 +11443,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -514,6 +576,8 @@
|
||||
@@ -514,6 +590,8 @@
|
||||
files_search_var($1)
|
||||
manage_files_pattern($1,logfile,logfile)
|
||||
read_lnk_files_pattern($1,logfile,logfile)
|
||||
|
|
@ -11425,7 +11452,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -597,3 +661,258 @@
|
||||
@@ -597,3 +675,258 @@
|
||||
files_search_var($1)
|
||||
manage_files_pattern($1,var_log_t,var_log_t)
|
||||
')
|
||||
|
|
@ -13219,16 +13246,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
+corecmd_exec_all_executables(unconfined_t)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.0.8/policy/modules/system/userdomain.fc
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2007-05-29 14:10:58.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.fc 2007-09-17 16:20:18.000000000 -0400
|
||||
@@ -1,4 +1,5 @@
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.fc 2007-09-20 15:47:36.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
|
||||
+HOME_DIR -l gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
|
||||
HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
|
||||
|
||||
-
|
||||
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-09-20 12:06:52.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-09-20 15:46:46.000000000 -0400
|
||||
@@ -29,8 +29,9 @@
|
||||
')
|
||||
|
||||
|
|
@ -14121,7 +14148,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
|
||||
kernel_read_software_raid_state($1_t)
|
||||
kernel_getattr_core_if($1_t)
|
||||
@@ -1894,10 +1979,46 @@
|
||||
@@ -1642,9 +1727,11 @@
|
||||
template(`userdom_user_home_content',`
|
||||
gen_require(`
|
||||
attribute $1_file_type;
|
||||
+ attribute user_home_type;
|
||||
')
|
||||
|
||||
typeattribute $2 $1_file_type;
|
||||
+ typeattribute $2 user_home_type;
|
||||
files_type($2)
|
||||
')
|
||||
|
||||
@@ -1894,10 +1981,46 @@
|
||||
template(`userdom_manage_user_home_content_dirs',`
|
||||
gen_require(`
|
||||
type $1_home_dir_t, $1_home_t;
|
||||
|
|
@ -14169,7 +14208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -3078,7 +3199,7 @@
|
||||
@@ -3078,7 +3201,7 @@
|
||||
#
|
||||
template(`userdom_tmp_filetrans_user_tmp',`
|
||||
gen_require(`
|
||||
|
|
@ -14178,7 +14217,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
')
|
||||
|
||||
files_tmp_filetrans($2,$1_tmp_t,$3)
|
||||
@@ -4615,6 +4736,24 @@
|
||||
@@ -4615,6 +4738,24 @@
|
||||
files_list_home($1)
|
||||
allow $1 home_dir_type:dir search_dir_perms;
|
||||
')
|
||||
|
|
@ -14203,7 +14242,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
|
||||
########################################
|
||||
## <summary>
|
||||
@@ -4633,6 +4772,14 @@
|
||||
@@ -4633,6 +4774,14 @@
|
||||
|
||||
files_list_home($1)
|
||||
allow $1 home_dir_type:dir list_dir_perms;
|
||||
|
|
@ -14218,7 +14257,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -5323,7 +5470,7 @@
|
||||
@@ -5323,7 +5472,7 @@
|
||||
attribute user_tmpfile;
|
||||
')
|
||||
|
||||
|
|
@ -14227,7 +14266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -5559,3 +5706,375 @@
|
||||
@@ -5559,3 +5708,376 @@
|
||||
interface(`userdom_unconfined',`
|
||||
refpolicywarn(`$0($*) has been deprecated.')
|
||||
')
|
||||
|
|
@ -14417,13 +14456,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
+# Should be optional but policy will not build because of compiler problems
|
||||
+# Must be before xwindows calls
|
||||
+#optional_policy(`
|
||||
+ gnome_per_role_template($1, $1_t, $1_r)
|
||||
+ gnome_exec_gconf($1_t)
|
||||
+ gnome_per_role_template($1, $1_usertype, $1_r)
|
||||
+ gnome_exec_gconf($1_usertype)
|
||||
+#')
|
||||
+
|
||||
+userdom_xwindows_client_template($1)
|
||||
+
|
||||
+logging_send_syslog_msg($1_usertype)
|
||||
+logging_dontaudit_send_audit_msgs($1_usertype)
|
||||
+
|
||||
+optional_policy(`
|
||||
+ alsa_read_rw_config($1_usertype)
|
||||
|
|
@ -14448,7 +14488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ consolekit_dontaudit_dbus_chat($1_usertype)
|
||||
+ consolekit_dbus_chat($1_usertype)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
|
|
|
|||
Loading…
Reference in New Issue