try to fix associations

This commit is contained in:
Chris PeBenito 2005-10-25 20:06:27 +00:00
parent b7e1825b68
commit c3cf6693c7
7 changed files with 51 additions and 43 deletions

View File

@ -62,7 +62,7 @@ files_type(system_map_t)
# cjp: this probably can be removed, I do not # cjp: this probably can be removed, I do not
# think it is used on 2.6 kernels # think it is used on 2.6 kernels
type var_log_ksyms_t; type var_log_ksyms_t;
files_type(var_log_ksyms_t) logging_log_file(var_log_ksyms_t)
######################################## ########################################
# #

View File

@ -17,6 +17,8 @@ interface(`fs_type',`
') ')
typeattribute $1 filesystem_type; typeattribute $1 filesystem_type;
allow $1 self:filesystem associate;
') ')
######################################## ########################################

View File

@ -14,7 +14,8 @@ attribute noxattrfs;
# fs_t is the default type for persistent # fs_t is the default type for persistent
# filesystems with extended attributes # filesystems with extended attributes
# #
type fs_t, filesystem_type; type fs_t;
fs_type(fs_t)
sid fs gen_context(system_u:object_r:fs_t,s0) sid fs gen_context(system_u:object_r:fs_t,s0)
# Use xattrs for the following filesystem types. # Use xattrs for the following filesystem types.
@ -37,59 +38,62 @@ fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
# #
# Non-persistent/pseudo filesystems # Non-persistent/pseudo filesystems
# #
type bdev_t, filesystem_type; type bdev_t;
fs_type(bdev_t)
genfscon bdev / gen_context(system_u:object_r:bdev_t,s0) genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
type binfmt_misc_fs_t, filesystem_type; type binfmt_misc_fs_t;
fs_type(binfmt_misc_fs_t)
files_mountpoint(binfmt_misc_fs_t) files_mountpoint(binfmt_misc_fs_t)
genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0) genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
type capifs_t, filesystem_type; type capifs_t;
allow capifs_t self:filesystem associate; fs_type(capifs_t)
genfscon capifs / gen_context(system_u:object_r:capifs_t,s0) genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
type configfs_t, filesystem_type; type configfs_t;
allow configfs_t self:filesystem associate; fs_type(configfs_t)
genfscon configfs / gen_context(system_u:object_r:configfs_t,s0) genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
type eventpollfs_t, filesystem_type; type eventpollfs_t;
allow eventpollfs_t self:filesystem associate; fs_type(eventpollfs_t)
genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0) genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
type futexfs_t, filesystem_type; type futexfs_t;
allow futexfs_t self:filesystem associate; fs_type(futexfs_t)
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
type hugetlbfs_t, filesystem_type; type hugetlbfs_t;
fs_type(hugetlbfs_t)
files_mountpoint(hugetlbfs_t) files_mountpoint(hugetlbfs_t)
allow hugetlbfs_t self:filesystem associate;
genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0) genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0)
type inotifyfs_t, filesystem_type; type inotifyfs_t;
allow inotifyfs_t self:filesystem associate; fs_type(inotifyfs_t)
genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0) genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
type nfsd_fs_t, filesystem_type; type nfsd_fs_t;
allow nfsd_fs_t self:filesystem associate; fs_type(nfsd_fs_t)
genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0) genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
type ramfs_t, filesystem_type; type ramfs_t;
allow ramfs_t self:filesystem associate; fs_type(ramfs_t)
genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0) genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0)
type romfs_t, filesystem_type; type romfs_t;
allow romfs_t self:filesystem associate; fs_type(romfs_t)
genfscon romfs / gen_context(system_u:object_r:romfs_t,s0) genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0) genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)
type rpc_pipefs_t, filesystem_type; type rpc_pipefs_t;
allow rpc_pipefs_t self:filesystem associate; fs_type(rpc_pipefs_t)
genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0) genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)
# #
# tmpfs_t is the type for tmpfs filesystems # tmpfs_t is the type for tmpfs filesystems
# #
type tmpfs_t, filesystem_type; type tmpfs_t;
fs_type(tmpfs_t)
files_type(tmpfs_t) files_type(tmpfs_t)
files_mountpoint(tmpfs_t) files_mountpoint(tmpfs_t)
@ -102,15 +106,14 @@ fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0); fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0); fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
allow tmpfs_t self:filesystem associate;
allow tmpfs_t noxattrfs:filesystem associate; allow tmpfs_t noxattrfs:filesystem associate;
############################## ##############################
# #
# Filesystems without extended attribute support # Filesystems without extended attribute support
# #
type autofs_t, filesystem_type, noxattrfs; type autofs_t, noxattrfs;
allow autofs_t self:filesystem associate; fs_type(autofs_t)
genfscon autofs / gen_context(system_u:object_r:autofs_t,s0) genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
genfscon automount / gen_context(system_u:object_r:autofs_t,s0) genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
@ -118,8 +121,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
# cifs_t is the type for filesystems and their # cifs_t is the type for filesystems and their
# files shared from Windows servers # files shared from Windows servers
# #
type cifs_t alias sambafs_t, filesystem_type, noxattrfs; type cifs_t alias sambafs_t, noxattrfs;
allow cifs_t self:filesystem associate; fs_type(cifs_t)
genfscon cifs / gen_context(system_u:object_r:cifs_t,s0) genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0) genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
@ -127,8 +130,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
# dosfs_t is the type for fat and vfat # dosfs_t is the type for fat and vfat
# filesystems and their files. # filesystems and their files.
# #
type dosfs_t, filesystem_type, noxattrfs; type dosfs_t, noxattrfs;
allow dosfs_t self:filesystem associate; fs_type(dosfs_t)
genfscon fat / gen_context(system_u:object_r:dosfs_t,s0) genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0) genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0) genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
@ -139,15 +142,16 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
# and their files. # and their files.
# #
type iso9660_t, filesystem_type, noxattrfs; type iso9660_t, filesystem_type, noxattrfs;
allow iso9660_t self:filesystem associate; fs_type(iso9660_t)
genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0) genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
genfscon udf / gen_context(system_u:object_r:iso9660_t,s0) genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
# #
# removable_t is the default type of all removable media # removable_t is the default type of all removable media
# #
type removable_t, filesystem_type, noxattrfs; type removable_t, noxattrfs;
allow removable_t noxattrfs:filesystem associate; allow removable_t noxattrfs:filesystem associate;
fs_type(removable_t)
files_config_file(removable_t) files_config_file(removable_t)
# #
@ -155,8 +159,8 @@ files_config_file(removable_t)
# and their files. # and their files.
# #
type nfs_t, filesystem_type, noxattrfs; type nfs_t, filesystem_type, noxattrfs;
fs_type(nfs_t)
files_mountpoint(nfs_t) files_mountpoint(nfs_t)
allow nfs_t self:filesystem associate;
genfscon nfs / gen_context(system_u:object_r:nfs_t,s0) genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0) genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
genfscon afs / gen_context(system_u:object_r:nfs_t,s0) genfscon afs / gen_context(system_u:object_r:nfs_t,s0)

View File

@ -123,9 +123,8 @@ fs_associate_noxattr(src_t)
# #
# tmp_t is the type of the temporary directories # tmp_t is the type of the temporary directories
# #
type tmp_t, file_type, tmpfile, mountpoint; #, polydir type tmp_t, mountpoint; #, polydir
fs_associate(tmp_t) files_tmp_file(tmp_t)
fs_associate_noxattr(tmp_t)
# #
# usr_t is the type for /usr. # usr_t is the type for /usr.
@ -166,6 +165,5 @@ fs_associate_noxattr(var_run_t)
# #
# var_spool_t is the type of /var/spool # var_spool_t is the type of /var/spool
# #
type var_spool_t, file_type; type var_spool_t;
fs_associate(var_spool_t) files_tmp_file(var_spool_t)
fs_associate_noxattr(var_spool_t)

View File

@ -19,7 +19,7 @@ type local_login_lock_t;
files_lock_file(local_login_lock_t) files_lock_file(local_login_lock_t)
type local_login_tmp_t; type local_login_tmp_t;
files_type(local_login_tmp_t) files_tmp_file(local_login_tmp_t)
type sulogin_t; type sulogin_t;
type sulogin_exec_t; type sulogin_exec_t;

View File

@ -8,7 +8,7 @@ policy_module(logging,1.0)
attribute logfile; attribute logfile;
type auditctl_t; #, privlog; type auditctl_t;
type auditctl_exec_t; type auditctl_exec_t;
init_system_domain(auditctl_t,auditctl_exec_t) init_system_domain(auditctl_t,auditctl_exec_t)
role system_r types auditctl_t; role system_r types auditctl_t;

View File

@ -56,9 +56,13 @@ ifdef(`targeted_policy',`
# User home directory type. # User home directory type.
type user_home_t alias { staff_home_t sysadm_home_t }, home_type; type user_home_t alias { staff_home_t sysadm_home_t }, home_type;
files_type(user_home_t) files_type(user_home_t)
files_associate_tmp(user_home_t)
fs_associate_tmpfs(user_home_t)
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t }, home_dir_type, home_type; type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t }, home_dir_type, home_type;
files_type(user_home_dir_t) files_type(user_home_dir_t)
files_associate_tmp(user_home_dir_t)
fs_associate_tmpfs(user_home_dir_t)
unconfined_role(user_r) unconfined_role(user_r)
unconfined_role(sysadm_r) unconfined_role(sysadm_r)