rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

move rhgb_domain into TODO so modules can compile as binary modules

Browse Source
This commit is contained in:
Chris PeBenito 2005-09-01 13:52:59 +00:00
parent 631ee4d3cf
commit c0d1566a13
16 changed files with 74 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
refpolicy/policy/modules/admin/acct.te
View File

@ -85,10 +85,6 @@ optional_policy(`cron.te',`
cron_system_entry(acct_t,acct_exec_t) cron_system_entry(acct_t,acct_exec_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(acct_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(acct_t) seutil_sigchld_newrole(acct_t)
') ')
@ -96,3 +92,9 @@ optional_policy(`selinuxutil.te',`
optional_policy(`udev.te', ` optional_policy(`udev.te', `
udev_read_db(acct_t) udev_read_db(acct_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(acct_t)
')
')

7
refpolicy/policy/modules/admin/quota.te
View File

@ -67,10 +67,6 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(quota_t) files_dontaudit_read_root_file(quota_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(quota_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(quota_t) seutil_sigchld_newrole(quota_t)
') ')
@ -86,4 +82,7 @@ file_type_auto_trans(quota_t, { root_t home_root_t var_t usr_t src_t var_spool_t
allow quota_t file_t:file quotaon; allow quota_t file_t:file quotaon;
allow quota_t proc_t:file getattr; allow quota_t proc_t:file getattr;
optional_policy(`rhgb.te',`
rhgb_domain(quota_t)
')
') dnl end TODO ') dnl end TODO

10
refpolicy/policy/modules/admin/updfstab.te
View File

@ -104,10 +104,6 @@ optional_policy(`modutils.te',`
modutils_read_mods_deps(updfstab_t) modutils_read_mods_deps(updfstab_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(updfstab_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(updfstab_t) seutil_sigchld_newrole(updfstab_t)
') ')
@ -115,3 +111,9 @@ optional_policy(`selinuxutil.te',`
optional_policy(`udev.te',` optional_policy(`udev.te',`
udev_read_db(updfstab_t) udev_read_db(updfstab_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(updfstab_t)
')
')

19
refpolicy/policy/modules/services/bind.te
View File

@ -146,10 +146,6 @@ optional_policy(`nscd.te',`
nscd_use_socket(named_t) nscd_use_socket(named_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(named_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(named_t) seutil_sigchld_newrole(named_t)
') ')
@ -158,6 +154,15 @@ optional_policy(`udev.te',`
udev_read_db(named_t) udev_read_db(named_t)
') ')
ifdef(`TODO',`
can_udp_send(domain, named_t)
can_udp_send(named_t, domain)
can_tcp_connect(domain, named_t)
optional_policy(`rhgb.te',`
rhgb_domain(named_t)
')
')
######################################## ########################################
# #
# NDC local policy # NDC local policy
@ -241,9 +246,3 @@ optional_policy(`nis.te',`
optional_policy(`nscd.te',` optional_policy(`nscd.te',`
nscd_use_socket(ndc_t) nscd_use_socket(ndc_t)
') ')
ifdef(`TODO',`
can_udp_send(domain, named_t)
can_udp_send(named_t, domain)
can_tcp_connect(domain, named_t)
')

10
refpolicy/policy/modules/services/dbus.te
View File

@ -125,10 +125,12 @@ optional_policy(`nscd.te',`
nscd_use_socket(system_dbusd_t) nscd_use_socket(system_dbusd_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(system_dbusd_t)
')
optional_policy(`udev.te', ` optional_policy(`udev.te', `
udev_read_db(system_dbusd_t) udev_read_db(system_dbusd_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(system_dbusd_t)
')
')

7
refpolicy/policy/modules/services/gpm.te
View File

@ -83,10 +83,6 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(gpm_t) files_dontaudit_read_root_file(gpm_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(gpm_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(gpm_t) seutil_sigchld_newrole(gpm_t)
') ')
@ -99,4 +95,7 @@ ifdef(`TODO',`
# Access the mouse. # Access the mouse.
# cjp: why write? # cjp: why write?
allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms; allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms;
optional_policy(`rhgb.te',`
rhgb_domain(gpm_t)
')
') ')

10
refpolicy/policy/modules/services/howl.te
View File

@ -79,10 +79,6 @@ optional_policy(`nis.te',`
nis_use_ypbind(howl_t) nis_use_ypbind(howl_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(howl_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(howl_t) seutil_sigchld_newrole(howl_t)
') ')
@ -90,3 +86,9 @@ optional_policy(`selinuxutil.te',`
optional_policy(`udev.te', ` optional_policy(`udev.te', `
udev_read_db(howl_t) udev_read_db(howl_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(howl_t)
')
')

7
refpolicy/policy/modules/services/inetd.te
View File

@ -147,13 +147,6 @@ optional_policy(`rhgb.te',`
rhgb_domain(inetd_t) rhgb_domain(inetd_t)
') ')
# Bind to the telnet, ftp, rlogin and rsh ports.
# cjp: these ports currently dont exist in the NSA example
ifdef(`talk.te', `
allow inetd_t talk_port_t:tcp_socket name_bind;
allow inetd_t ntalk_port_t:tcp_socket name_bind;
')
# Communicate with the portmapper. # Communicate with the portmapper.
ifdef(`portmap.te', `can_udp_send(inetd_t, portmap_t)') ifdef(`portmap.te', `can_udp_send(inetd_t, portmap_t)')
') dnl TODO ') dnl TODO

7
refpolicy/policy/modules/services/ldap.te
View File

@ -110,10 +110,6 @@ optional_policy(`nis.te',`
nis_use_ypbind(slapd_t) nis_use_ypbind(slapd_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(slapd_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(slapd_t) seutil_sigchld_newrole(slapd_t)
') ')
@ -123,6 +119,9 @@ optional_policy(`udev.te', `
') ')
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(slapd_t)
')
# allow any domain to connect to the LDAP server # allow any domain to connect to the LDAP server
# cjp: how does this relate to the old can_ldap() macro? # cjp: how does this relate to the old can_ldap() macro?
can_tcp_connect(domain, slapd_t) can_tcp_connect(domain, slapd_t)

9
refpolicy/policy/modules/services/mysql.te
View File

@ -111,10 +111,6 @@ optional_policy(`nis.te',`
nis_use_ypbind(mysqld_t) nis_use_ypbind(mysqld_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(mysqld_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(mysqld_t) seutil_sigchld_newrole(mysqld_t)
') ')
@ -123,7 +119,10 @@ optional_policy(`udev.te', `
udev_read_db(mysqld_t) udev_read_db(mysqld_t)
') ')
ifdef(`TODO', ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(mysqld_t)
')
optional_policy(`daemontools.te',` optional_policy(`daemontools.te',`
domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t) domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t)
mysqld_signal(svc_start_t) mysqld_signal(svc_start_t)

8
refpolicy/policy/modules/services/nscd.te
View File

@ -95,10 +95,6 @@ optional_policy(`nis.te',`
nis_use_ypbind(nscd_t) nis_use_ypbind(nscd_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(nscd_t)
')
optional_policy(`selinuxutils.te',` optional_policy(`selinuxutils.te',`
seutil_sigchld_newrole(nscd_t) seutil_sigchld_newrole(nscd_t)
') ')
@ -119,7 +115,9 @@ optional_policy(`winbind.te', `
allow nscd_t samba_var_t:dir search; allow nscd_t samba_var_t:dir search;
allow nscd_t winbind_var_run_t:dir { getattr search }; allow nscd_t winbind_var_run_t:dir { getattr search };
') ')
optional_policy(`rhgb.te',`
rhgb_domain(nscd_t)
')
allow nscd_t tmp_t:dir { search getattr }; allow nscd_t tmp_t:dir { search getattr };
allow nscd_t tmp_t:lnk_file read; allow nscd_t tmp_t:lnk_file read;
') dnl end TODO ') dnl end TODO

10
refpolicy/policy/modules/services/privoxy.te
View File

@ -83,10 +83,6 @@ optional_policy(`mount.te',`
mount_send_nfs_client_request(privoxy_t) mount_send_nfs_client_request(privoxy_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(privoxy_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(privoxy_t) seutil_sigchld_newrole(privoxy_t)
') ')
@ -94,3 +90,9 @@ optional_policy(`selinuxutil.te',`
optional_policy(`udev.te', ` optional_policy(`udev.te', `
udev_read_db(privoxy_t) udev_read_db(privoxy_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(privoxy_t)
')
')

12
refpolicy/policy/modules/services/ssh.te
View File

@ -24,7 +24,7 @@ role system_r types ssh_keygen_t;
ssh_server_template(sshd) ssh_server_template(sshd)
optional_policy(`inetd.te',` optional_policy(`inetd.te',`
# CJP: commenting this out until typeattribute works in a conditional # cjp: commenting this out until typeattribute works in a conditional
# tunable_policy(`run_ssh_inetd',` # tunable_policy(`run_ssh_inetd',`
inetd_tcp_service_domain(sshd_t,sshd_exec_t) inetd_tcp_service_domain(sshd_t,sshd_exec_t)
# ',` # ',`
@ -221,10 +221,6 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ssh_keygen_t) files_dontaudit_read_root_file(ssh_keygen_t)
') ')
optional_policy(`rhgb.te', `
rhgb_domain(ssh_keygen_t)
')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole(ssh_keygen_t) seutil_sigchld_newrole(ssh_keygen_t)
') ')
@ -232,3 +228,9 @@ optional_policy(`selinuxutil.te',`
optional_policy(`udev.te', ` optional_policy(`udev.te', `
udev_read_db(ssh_keygen_t) udev_read_db(ssh_keygen_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te', `
rhgb_domain(ssh_keygen_t)
')
')

10
refpolicy/policy/modules/system/ipsec.te
View File

@ -128,10 +128,6 @@ optional_policy(`nis.te',`
nis_use_ypbind(ipsec_t) nis_use_ypbind(ipsec_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(ipsec_t)
')
optional_policy(`selinuxutils.te',` optional_policy(`selinuxutils.te',`
seutil_sigchld_newrole(ipsec_t) seutil_sigchld_newrole(ipsec_t)
') ')
@ -140,6 +136,12 @@ optional_policy(`udev.te', `
udev_read_db(ipsec_t) udev_read_db(ipsec_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(ipsec_t)
')
')
######################################## ########################################
# #
# ipsec_mgmt Local policy # ipsec_mgmt Local policy

7
refpolicy/policy/modules/system/pcmcia.te
View File

@ -116,10 +116,6 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(cardmgr_t) files_dontaudit_read_root_file(cardmgr_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(cardmgr_t)
')
optional_policy(`selinuxutils.te',` optional_policy(`selinuxutils.te',`
seutil_sigchld_newrole(cardmgr_t) seutil_sigchld_newrole(cardmgr_t)
') ')
@ -157,4 +153,7 @@ optional_policy(`pcmcia.te',`
pcmcia_manage_pid(hald_t) pcmcia_manage_pid(hald_t)
pcmcia_manage_runtime_chr(hald_t) pcmcia_manage_runtime_chr(hald_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(cardmgr_t)
')
') dnl end TODO ') dnl end TODO

7
refpolicy/policy/modules/system/raid.te
View File

@ -73,10 +73,6 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(mdadm_t) files_dontaudit_read_root_file(mdadm_t)
') ')
optional_policy(`rhgb.te',`
rhgb_domain(mdadm_t)
')
optional_policy(`selinux.te',` optional_policy(`selinux.te',`
seutil_sigchld_newrole(mdadm_t) seutil_sigchld_newrole(mdadm_t)
') ')
@ -90,4 +86,7 @@ ifdef(`TODO',`
dontaudit mdadm_t device_t:{ fifo_file file chr_file blk_file } { read getattr }; dontaudit mdadm_t device_t:{ fifo_file file chr_file blk_file } { read getattr };
allow mdadm_t var_t:dir getattr; allow mdadm_t var_t:dir getattr;
optional_policy(`rhgb.te',`
rhgb_domain(mdadm_t)
')
') dnl TODO ') dnl TODO