rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

add appconfig for mls and mcs

Browse Source
This commit is contained in:
Chris PeBenito 2005-09-20 14:20:02 +00:00
parent 200f453ff5
commit c0e4fe2c9c
38 changed files with 120 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
refpolicy/Changelog
View File

@ -1,4 +1,5 @@
- Add experimental MCS support.
- Add appconfig for MLS.
- Add equivalents for old can_resolve(), can_ldap(), and
can_portmap() to sysnetwork.
- Fix base module compile issues.

7
refpolicy/Makefile
View File

@ -152,14 +152,9 @@ endif
FC := file_contexts
POLVER := policy.$(PV)
ifneq ($(findstring targeted,$(TYPE)),)
APPCONF := config/appconfig-targeted
else
APPCONF := config/appconfig-strict
endif
M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
APPCONF := config/appconfig-$(TYPE)
APPDIR := $(CONTEXTPATH)
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media $(INSTALLDIR)/booleans
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media

6
refpolicy/config/appconfig-strict-mcs/dbus_contexts Normal file
View File

@ -0,0 +1,6 @@
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<selinux>
</selinux>
</busconfig>

12
refpolicy/config/appconfig-strict-mcs/default_contexts Normal file
View File

@ -0,0 +1,12 @@
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
system_r:local_login_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
system_r:xdm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
user_r:user_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0

3
refpolicy/config/appconfig-strict-mcs/default_type Normal file
View File

@ -0,0 +1,3 @@
sysadm_r:sysadm_t:s0
staff_r:staff_t:s0
user_r:user_t:s0

1
refpolicy/config/appconfig-strict-mcs/failsafe_context Normal file
View File

@ -0,0 +1 @@
sysadm_r:sysadm_t:s0

1
refpolicy/config/appconfig-strict-mcs/initrc_context Normal file
View File

@ -0,0 +1 @@
system_u:system_r:initrc_t:s0

3
refpolicy/config/appconfig-strict-mcs/media Normal file
View File

@ -0,0 +1,3 @@
cdrom system_u:object_r:removable_device_t:s0
floppy system_u:object_r:removable_device_t:s0
disk system_u:object_r:fixed_disk_device_t:s0

1
refpolicy/config/appconfig-strict-mcs/removable_context Normal file
View File

@ -0,0 +1 @@
system_u:object_r:removable_t:s0

9
refpolicy/config/appconfig-strict-mcs/root_default_contexts Normal file
View File

@ -0,0 +1,9 @@
system_r:local_login_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
system_r:crond_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
staff_r:staff_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
user_r:user_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
#
# Uncomment if you want to automatically login as sysadm_r
#
#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0

1
refpolicy/config/appconfig-strict-mcs/userhelper_context Normal file
View File

@ -0,0 +1 @@
system_u:sysadm_r:sysadm_t:s0

6
refpolicy/config/appconfig-strict-mls/dbus_contexts Normal file
View File

@ -0,0 +1,6 @@
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<selinux>
</selinux>
</busconfig>

12
refpolicy/config/appconfig-strict-mls/default_contexts Normal file
View File

@ -0,0 +1,12 @@
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
system_r:local_login_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
system_r:xdm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
user_r:user_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0

3
refpolicy/config/appconfig-strict-mls/default_type Normal file
View File

@ -0,0 +1,3 @@
sysadm_r:sysadm_t:s0
staff_r:staff_t:s0
user_r:user_t:s0

1
refpolicy/config/appconfig-strict-mls/failsafe_context Normal file
View File

@ -0,0 +1 @@
sysadm_r:sysadm_t:s0

1
refpolicy/config/appconfig-strict-mls/initrc_context Normal file
View File

@ -0,0 +1 @@
system_u:system_r:initrc_t:s0

3
refpolicy/config/appconfig-strict-mls/media Normal file
View File

@ -0,0 +1,3 @@
cdrom system_u:object_r:removable_device_t:s0
floppy system_u:object_r:removable_device_t:s0
disk system_u:object_r:fixed_disk_device_t:s0

1
refpolicy/config/appconfig-strict-mls/removable_context Normal file
View File

@ -0,0 +1 @@
system_u:object_r:removable_t:s0

9
refpolicy/config/appconfig-strict-mls/root_default_contexts Normal file
View File

@ -0,0 +1,9 @@
system_r:local_login_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
system_r:crond_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
staff_r:staff_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
user_r:user_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
#
# Uncomment if you want to automatically login as sysadm_r
#
#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0

1
refpolicy/config/appconfig-strict-mls/userhelper_context Normal file
View File

@ -0,0 +1 @@
system_u:sysadm_r:sysadm_t:s0

6
refpolicy/config/appconfig-targeted-mcs/dbus_contexts Normal file
View File

@ -0,0 +1,6 @@
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<selinux>
</selinux>
</busconfig>

6
refpolicy/config/appconfig-targeted-mcs/default_contexts Normal file
View File

@ -0,0 +1,6 @@
system_r:unconfined_t:s0 system_r:unconfined_t:s0
system_r:initrc_t:s0 system_r:unconfined_t:s0
system_r:local_login_t:s0 system_r:unconfined_t:s0
system_r:remote_login_t:s0 system_r:unconfined_t:s0
system_r:rshd_t:s0 system_r:unconfined_t:s0
system_r:crond_t:s0 system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mcs/default_type Normal file
View File

@ -0,0 +1 @@
system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mcs/failsafe_context Normal file
View File

@ -0,0 +1 @@
system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mcs/initrc_context Normal file
View File

@ -0,0 +1 @@
user_u:system_r:unconfined_t:s0

3
refpolicy/config/appconfig-targeted-mcs/media Normal file
View File

@ -0,0 +1,3 @@
cdrom system_u:object_r:removable_device_t:s0
floppy system_u:object_r:removable_device_t:s0
disk system_u:object_r:fixed_disk_device_t:s0

1
refpolicy/config/appconfig-targeted-mcs/removable_context Normal file
View File

@ -0,0 +1 @@
system_u:object_r:removable_t:s0

2
refpolicy/config/appconfig-targeted-mcs/root_default_contexts Normal file
View File

@ -0,0 +1,2 @@
system_r:unconfined_t:s0 system_r:unconfined_t:s0
system_r:initrc_t:s0 system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mcs/userhelper_context Normal file
View File

@ -0,0 +1 @@
system_u:system_r:unconfined_t:s0

6
refpolicy/config/appconfig-targeted-mls/dbus_contexts Normal file
View File

@ -0,0 +1,6 @@
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<selinux>
</selinux>
</busconfig>

6
refpolicy/config/appconfig-targeted-mls/default_contexts Normal file
View File

@ -0,0 +1,6 @@
system_r:unconfined_t:s0 system_r:unconfined_t:s0
system_r:initrc_t:s0 system_r:unconfined_t:s0
system_r:local_login_t:s0 system_r:unconfined_t:s0
system_r:remote_login_t:s0 system_r:unconfined_t:s0
system_r:rshd_t:s0 system_r:unconfined_t:s0
system_r:crond_t:s0 system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mls/default_type Normal file
View File

@ -0,0 +1 @@
system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mls/failsafe_context Normal file
View File

@ -0,0 +1 @@
system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mls/initrc_context Normal file
View File

@ -0,0 +1 @@
user_u:system_r:unconfined_t:s0

3
refpolicy/config/appconfig-targeted-mls/media Normal file
View File

@ -0,0 +1,3 @@
cdrom system_u:object_r:removable_device_t:s0
floppy system_u:object_r:removable_device_t:s0
disk system_u:object_r:fixed_disk_device_t:s0

1
refpolicy/config/appconfig-targeted-mls/removable_context Normal file
View File

@ -0,0 +1 @@
system_u:object_r:removable_t:s0

2
refpolicy/config/appconfig-targeted-mls/root_default_contexts Normal file
View File

@ -0,0 +1,2 @@
system_r:unconfined_t:s0 system_r:unconfined_t:s0
system_r:initrc_t:s0 system_r:unconfined_t:s0

1
refpolicy/config/appconfig-targeted-mls/userhelper_context Normal file
View File

@ -0,0 +1 @@
system_u:system_r:unconfined_t:s0