diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if index 5198bc81..b9dd5e3c 100644 --- a/policy/modules/services/certmaster.if +++ b/policy/modules/services/certmaster.if @@ -120,7 +120,7 @@ interface(`certmaster_admin',` logging_list_logs($1) admin_pattern($1, certmaster_var_log_t) - + files_list_var_lib($1) admin_pattern($1, certmaster_var_lib_t) ') diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te index 6180428d..faf5bb29 100644 --- a/policy/modules/services/mysql.te +++ b/policy/modules/services/mysql.te @@ -135,23 +135,23 @@ allow mysqld_safe_t self:capability { dac_override fowner chown }; allow mysqld_safe_t self:fifo_file rw_fifo_file_perms; domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t) - + allow mysqld_safe_t mysqld_log_t:file manage_file_perms; logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file) kernel_read_system_state(mysqld_safe_t) dev_list_sysfs(mysqld_safe_t) - + files_read_etc_files(mysqld_safe_t) files_read_usr_files(mysqld_safe_t) corecmd_exec_bin(mysqld_safe_t) hostname_exec(mysqld_safe_t) - + miscfiles_read_localization(mysqld_safe_t) - + mysql_append_db_files(mysqld_safe_t) mysql_read_config(mysqld_safe_t) mysql_search_pid_files(mysqld_safe_t) diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if index 170f7424..0666bb61 100644 --- a/policy/modules/system/lvm.if +++ b/policy/modules/system/lvm.if @@ -62,7 +62,7 @@ interface(`lvm_read_config',` files_search_etc($1) allow $1 lvm_etc_t:dir list_dir_perms; - read_files_pattern($1,lvm_etc_t,lvm_etc_t) + read_files_pattern($1, lvm_etc_t, lvm_etc_t) ') ######################################## @@ -82,6 +82,6 @@ interface(`lvm_manage_config',` ') files_search_etc($1) - manage_dirs_pattern($1,lvm_etc_t,lvm_etc_t) - manage_files_pattern($1,lvm_etc_t,lvm_etc_t) + manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t) + manage_files_pattern($1, lvm_etc_t, lvm_etc_t) ') diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index bbe2c042..224131e8 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -8,14 +8,14 @@ policy_module(lvm, 1.10.3) type clvmd_t; type clvmd_exec_t; -init_daemon_domain(clvmd_t,clvmd_exec_t) +init_daemon_domain(clvmd_t, clvmd_exec_t) type clvmd_var_run_t; files_pid_file(clvmd_var_run_t) type lvm_t; type lvm_exec_t; -init_system_domain(lvm_t,lvm_exec_t) +init_system_domain(lvm_t, lvm_exec_t) # needs privowner because it assigns the identity system_u to device nodes # but runs as the identity of the sysadmin domain_obj_id_change_exemption(lvm_t) @@ -54,10 +54,10 @@ allow clvmd_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow clvmd_t self:tcp_socket create_stream_socket_perms; allow clvmd_t self:udp_socket create_socket_perms; -manage_files_pattern(clvmd_t,clvmd_var_run_t,clvmd_var_run_t) -files_pid_filetrans(clvmd_t,clvmd_var_run_t,file) +manage_files_pattern(clvmd_t, clvmd_var_run_t, clvmd_var_run_t) +files_pid_filetrans(clvmd_t, clvmd_var_run_t, file) -read_files_pattern(clvmd_t,lvm_metadata_t,lvm_metadata_t) +read_files_pattern(clvmd_t, lvm_metadata_t, lvm_metadata_t) kernel_read_kernel_sysctls(clvmd_t) kernel_read_system_state(clvmd_t) @@ -175,36 +175,36 @@ allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms; allow lvm_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow lvm_t clvmd_t:unix_stream_socket { connectto rw_socket_perms }; -manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t) -manage_files_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t) +manage_dirs_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t) +manage_files_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t) files_tmp_filetrans(lvm_t, lvm_tmp_t, { file dir }) # /lib/lvm- holds the actual LVM binaries (and symlinks) -read_files_pattern(lvm_t,lvm_exec_t,lvm_exec_t) -read_lnk_files_pattern(lvm_t,lvm_exec_t,lvm_exec_t) +read_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t) +read_lnk_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t) # LVM is split into many individual binaries can_exec(lvm_t, lvm_exec_t) # Creating lock files -manage_files_pattern(lvm_t,lvm_lock_t,lvm_lock_t) -files_lock_filetrans(lvm_t,lvm_lock_t,file) +manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t) +files_lock_filetrans(lvm_t, lvm_lock_t, file) -manage_dirs_pattern(lvm_t,lvm_var_lib_t,lvm_var_lib_t) -manage_files_pattern(lvm_t,lvm_var_lib_t,lvm_var_lib_t) -files_var_lib_filetrans(lvm_t,lvm_var_lib_t,{ dir file }) +manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) +manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) +files_var_lib_filetrans(lvm_t, lvm_var_lib_t,{ dir file }) -manage_dirs_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t) -manage_files_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t) -manage_sock_files_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t) -files_pid_filetrans(lvm_t,lvm_var_run_t,{ file sock_file }) +manage_dirs_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t) +manage_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t) +manage_sock_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t) +files_pid_filetrans(lvm_t, lvm_var_run_t,{ file sock_file }) -read_files_pattern(lvm_t,lvm_etc_t,lvm_etc_t) -read_lnk_files_pattern(lvm_t,lvm_etc_t,lvm_etc_t) +read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t) +read_lnk_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t) # Write to /etc/lvm, /etc/lvmtab, /etc/lvmtab.d -manage_files_pattern(lvm_t,lvm_metadata_t,lvm_metadata_t) -filetrans_pattern(lvm_t,lvm_etc_t,lvm_metadata_t,file) -files_etc_filetrans(lvm_t,lvm_metadata_t,file) +manage_files_pattern(lvm_t, lvm_metadata_t, lvm_metadata_t) +filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, file) +files_etc_filetrans(lvm_t, lvm_metadata_t, file) files_search_mnt(lvm_t) kernel_read_system_state(lvm_t)