- Add cyphesis policy
This commit is contained in:
Daniel J Walsh
parent
063999dd85
commit
c092cc1478
@ -270,6 +270,13 @@ cups = base
|
|||||||
#
|
#
|
||||||
cvs = base
|
cvs = base
|
||||||
|
|
||||||
|
# Layer: services
|
||||||
|
# Module: cyphesis
|
||||||
|
#
|
||||||
|
# cyphesis game server
|
||||||
|
#
|
||||||
|
cyphesis
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: cyrus
|
# Module: cyrus
|
||||||
#
|
#
|
||||||
|
|||||||
@ -3878,7 +3878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
|
|||||||
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
|
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
|
||||||
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 08:56:02.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 08:56:02.000000000 -0400
|
||||||
+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 16:14:55.000000000 -0500
|
||||||
@@ -32,7 +32,7 @@
|
@@ -32,7 +32,7 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
@ -3903,8 +3903,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
|
|||||||
+ allow $1_javaplugin_t $1_t:unix_stream_socket connectto;
|
+ allow $1_javaplugin_t $1_t:unix_stream_socket connectto;
|
||||||
+ allow $1_t $1_javaplugin_t:unix_stream_socket connectto;
|
+ allow $1_t $1_javaplugin_t:unix_stream_socket connectto;
|
||||||
allow $1_javaplugin_t $2:unix_stream_socket connectto;
|
allow $1_javaplugin_t $2:unix_stream_socket connectto;
|
||||||
allow $1_javaplugin_t $2:unix_stream_socket { read write };
|
- allow $1_javaplugin_t $2:unix_stream_socket { read write };
|
||||||
- userdom_write_user_tmp_sockets($1,$1_javaplugin_t)
|
- userdom_write_user_tmp_sockets($1,$1_javaplugin_t)
|
||||||
|
+ allow $1_javaplugin_t $2:tcp_socket { read write };
|
||||||
|
|
||||||
manage_dirs_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
|
manage_dirs_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
|
||||||
manage_files_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
|
manage_files_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
|
||||||
@ -3972,7 +3973,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
|
|||||||
userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
|
userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
|
||||||
userdom_manage_user_home_content_files($1,$1_javaplugin_t)
|
userdom_manage_user_home_content_files($1,$1_javaplugin_t)
|
||||||
userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
|
userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
|
||||||
@@ -156,15 +162,66 @@
|
@@ -156,15 +162,67 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -4028,6 +4029,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
|
|||||||
+ allow $1_java_t self:process { getsched sigkill execheap execmem execstack };
|
+ allow $1_java_t self:process { getsched sigkill execheap execmem execstack };
|
||||||
+
|
+
|
||||||
+ allow $2 $1_java_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh };
|
+ allow $2 $1_java_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh };
|
||||||
|
+ allow $1_javaplugin_t $2:tcp_socket { read write };
|
||||||
+
|
+
|
||||||
+ domtrans_pattern($2, java_exec_t, $1_java_t)
|
+ domtrans_pattern($2, java_exec_t, $1_java_t)
|
||||||
+
|
+
|
||||||
@ -4043,7 +4045,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -219,3 +276,67 @@
|
@@ -219,3 +277,67 @@
|
||||||
corecmd_search_bin($1)
|
corecmd_search_bin($1)
|
||||||
domtrans_pattern($1, java_exec_t, java_t)
|
domtrans_pattern($1, java_exec_t, java_t)
|
||||||
')
|
')
|
||||||
@ -4920,7 +4922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
|||||||
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
|
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
|
||||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-02-26 16:13:57.000000000 -0500
|
||||||
@@ -0,0 +1,339 @@
|
@@ -0,0 +1,339 @@
|
||||||
+
|
+
|
||||||
+## <summary>policy for nsplugin</summary>
|
+## <summary>policy for nsplugin</summary>
|
||||||
@ -6776,7 +6778,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
|
||||||
+++ serefpolicy-3.3.1/policy/modules/kernel/files.if 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/kernel/files.if 2008-02-26 16:54:46.000000000 -0500
|
||||||
@@ -1266,6 +1266,24 @@
|
@@ -1266,6 +1266,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -6904,7 +6906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
|||||||
# etc_runtime_t is the type of various
|
# etc_runtime_t is the type of various
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-10-24 15:00:24.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-10-24 15:00:24.000000000 -0400
|
||||||
+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if 2008-02-26 16:54:33.000000000 -0500
|
||||||
@@ -310,6 +310,25 @@
|
@@ -310,6 +310,25 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -6992,7 +6994,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
|
|||||||
## Relabel block nodes on tmpfs filesystems.
|
## Relabel block nodes on tmpfs filesystems.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -3551,3 +3608,103 @@
|
@@ -3224,6 +3281,7 @@
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 filesystem_type:filesystem getattr;
|
||||||
|
+ files_getattr_all_file_type_fs($1)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
@@ -3551,3 +3609,103 @@
|
||||||
relabelfrom_blk_files_pattern($1,noxattrfs,noxattrfs)
|
relabelfrom_blk_files_pattern($1,noxattrfs,noxattrfs)
|
||||||
relabelfrom_chr_files_pattern($1,noxattrfs,noxattrfs)
|
relabelfrom_chr_files_pattern($1,noxattrfs,noxattrfs)
|
||||||
')
|
')
|
||||||
@ -7543,7 +7553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
|
|||||||
# amavis local policy
|
# amavis local policy
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-10-12 08:56:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-10-12 08:56:07.000000000 -0400
|
||||||
+++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2008-02-26 16:33:46.000000000 -0500
|
||||||
@@ -16,7 +16,6 @@
|
@@ -16,7 +16,6 @@
|
||||||
|
|
||||||
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||||
@ -7552,7 +7562,27 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
|
|||||||
/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||||
/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||||
/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||||
@@ -71,5 +70,16 @@
|
@@ -33,6 +32,7 @@
|
||||||
|
/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||||
|
')
|
||||||
|
|
||||||
|
+/usr/share/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
@@ -48,9 +48,11 @@
|
||||||
|
|
||||||
|
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||||
|
+/var/lib/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
|
||||||
|
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||||
|
/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||||
|
+
|
||||||
|
/var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
|
||||||
|
|
||||||
|
/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||||
|
@@ -71,5 +73,16 @@
|
||||||
|
|
||||||
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||||
@ -9278,7 +9308,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
|
||||||
--- nsaserefpolicy/policy/modules/services/bitlbee.te 2007-09-17 15:56:47.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/bitlbee.te 2007-09-17 15:56:47.000000000 -0400
|
||||||
+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te 2008-02-26 16:46:31.000000000 -0500
|
||||||
@@ -17,6 +17,9 @@
|
@@ -17,6 +17,9 @@
|
||||||
type bitlbee_var_t;
|
type bitlbee_var_t;
|
||||||
files_type(bitlbee_var_t)
|
files_type(bitlbee_var_t)
|
||||||
@ -9289,10 +9319,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Local policy
|
# Local policy
|
||||||
@@ -54,6 +57,9 @@
|
@@ -54,6 +57,12 @@
|
||||||
corenet_tcp_connect_msnp_port(bitlbee_t)
|
corenet_tcp_connect_msnp_port(bitlbee_t)
|
||||||
corenet_tcp_sendrecv_msnp_port(bitlbee_t)
|
corenet_tcp_sendrecv_msnp_port(bitlbee_t)
|
||||||
|
|
||||||
|
+corenet_tcp_connect_http_port(bitlbee_t)
|
||||||
|
+corenet_tcp_sendrecv_http_port(bitlbee_t)
|
||||||
|
+
|
||||||
+dev_read_rand(bitlbee_t)
|
+dev_read_rand(bitlbee_t)
|
||||||
+dev_read_urand(bitlbee_t)
|
+dev_read_urand(bitlbee_t)
|
||||||
+
|
+
|
||||||
@ -11113,7 +11146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
|
||||||
--- nsaserefpolicy/policy/modules/services/cyphesis.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/cyphesis.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te 2008-02-26 16:19:56.000000000 -0500
|
||||||
@@ -0,0 +1,92 @@
|
@@ -0,0 +1,92 @@
|
||||||
+policy_module(cyphesis,1.0.0)
|
+policy_module(cyphesis,1.0.0)
|
||||||
+
|
+
|
||||||
@ -19249,8 +19282,73 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
+/etc/rc.d/init.d/smb -- gen_context(system_u:object_r:samba_script_exec_t,s0)
|
+/etc/rc.d/init.d/smb -- gen_context(system_u:object_r:samba_script_exec_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
|
||||||
--- nsaserefpolicy/policy/modules/services/samba.if 2007-10-12 08:56:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/samba.if 2007-10-12 08:56:07.000000000 -0400
|
||||||
+++ serefpolicy-3.3.1/policy/modules/services/samba.if 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/services/samba.if 2008-02-26 17:31:18.000000000 -0500
|
||||||
@@ -331,6 +331,25 @@
|
@@ -63,6 +63,25 @@
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
+## Execute samba net in the samba_unconfined_net domain.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## The type of the process performing this action.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`samba_domtrans_unconfined_net',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type samba_unconfined_net_t, samba_net_exec_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ corecmd_search_bin($1)
|
||||||
|
+ domtrans_pattern($1,samba_net_exec_t,samba_unconfined_net_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
## Execute samba net in the samba_net domain, and
|
||||||
|
## allow the specified role the samba_net domain.
|
||||||
|
## </summary>
|
||||||
|
@@ -95,6 +114,38 @@
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
+## Execute samba net in the samba_unconfined_net domain, and
|
||||||
|
+## allow the specified role the samba_unconfined_net domain.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## The type of the process performing this action.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+## <param name="role">
|
||||||
|
+## <summary>
|
||||||
|
+## The role to be allowed the samba_unconfined_net domain.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+## <param name="terminal">
|
||||||
|
+## <summary>
|
||||||
|
+## The type of the terminal allow the samba_unconfined_net domain to use.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+## <rolecap/>
|
||||||
|
+#
|
||||||
|
+interface(`samba_run_net',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type samba_unconfined_net_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ samba_domtrans_unconfined_net($1)
|
||||||
|
+ role $2 types samba_unconfined_net_t;
|
||||||
|
+ allow samba_unconfined_net_t $3:chr_file rw_term_perms;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
## Execute smbmount in the smbmount domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
@@ -331,6 +382,25 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -19276,7 +19374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
## Allow the specified domain to
|
## Allow the specified domain to
|
||||||
## read and write samba /var files.
|
## read and write samba /var files.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -348,6 +367,7 @@
|
@@ -348,6 +418,7 @@
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
manage_files_pattern($1,samba_var_t,samba_var_t)
|
manage_files_pattern($1,samba_var_t,samba_var_t)
|
||||||
@ -19284,7 +19382,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -492,3 +512,221 @@
|
@@ -492,3 +563,221 @@
|
||||||
allow $1 samba_var_t:dir search_dir_perms;
|
allow $1 samba_var_t:dir search_dir_perms;
|
||||||
stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t)
|
stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t)
|
||||||
')
|
')
|
||||||
@ -19508,7 +19606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
|
||||||
--- nsaserefpolicy/policy/modules/services/samba.te 2008-02-19 17:24:26.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/samba.te 2008-02-19 17:24:26.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/services/samba.te 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/services/samba.te 2008-02-26 17:23:36.000000000 -0500
|
||||||
@@ -59,6 +59,13 @@
|
@@ -59,6 +59,13 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(samba_share_nfs,false)
|
gen_tunable(samba_share_nfs,false)
|
||||||
@ -19776,7 +19874,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -790,3 +852,37 @@
|
@@ -774,6 +836,12 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
+ type samba_unconfined_net_t;
|
||||||
|
+ domain_type(samba_unconfined_net_t)
|
||||||
|
+ unconfined_domain(samba_unconfined_net_t)
|
||||||
|
+ manage_files_pattern(samba_unconfined_net_t,samba_etc_t,samba_secrets_t)
|
||||||
|
+ filetrans_pattern(samba_unconfined_net_t,samba_etc_t,samba_secrets_t,file)
|
||||||
|
+
|
||||||
|
type samba_unconfined_script_t;
|
||||||
|
type samba_unconfined_script_exec_t;
|
||||||
|
domain_type(samba_unconfined_script_t)
|
||||||
|
@@ -790,3 +858,37 @@
|
||||||
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
|
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
@ -27865,7 +27976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
|
||||||
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-02-13 16:26:06.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-02-13 16:26:06.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2008-02-26 08:29:22.000000000 -0500
|
+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2008-02-26 17:21:16.000000000 -0500
|
||||||
@@ -6,35 +6,67 @@
|
@@ -6,35 +6,67 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -28082,7 +28193,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
samba_per_role_template(unconfined)
|
samba_per_role_template(unconfined)
|
||||||
samba_run_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
- samba_run_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||||
|
+ samba_run_unconfined_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||||
samba_run_winbind_helper(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
samba_run_winbind_helper(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||||
+ samba_run_smbcontrol(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
+ samba_run_smbcontrol(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||||
')
|
')
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.3.1
|
Version: 3.3.1
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -388,7 +388,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-3
|
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-4
|
||||||
|
- Add cyphesis policy
|
||||||
|
|
||||||
|
|
||||||
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-2
|
* Tue Feb 26 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-2
|
||||||
- Fix Makefile.devel to build mls modules
|
- Fix Makefile.devel to build mls modules
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user