try to fix associations

This commit is contained in:
Chris PeBenito 2005-10-25 20:06:27 +00:00
parent b7e1825b68
commit c3cf6693c7
7 changed files with 51 additions and 43 deletions

View File

@ -62,7 +62,7 @@ files_type(system_map_t)
# cjp: this probably can be removed, I do not
# think it is used on 2.6 kernels
type var_log_ksyms_t;
files_type(var_log_ksyms_t)
logging_log_file(var_log_ksyms_t)
########################################
#

View File

@ -17,6 +17,8 @@ interface(`fs_type',`
')
typeattribute $1 filesystem_type;
allow $1 self:filesystem associate;
')
########################################

View File

@ -14,7 +14,8 @@ attribute noxattrfs;
# fs_t is the default type for persistent
# filesystems with extended attributes
#
type fs_t, filesystem_type;
type fs_t;
fs_type(fs_t)
sid fs gen_context(system_u:object_r:fs_t,s0)
# Use xattrs for the following filesystem types.
@ -37,59 +38,62 @@ fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
#
# Non-persistent/pseudo filesystems
#
type bdev_t, filesystem_type;
type bdev_t;
fs_type(bdev_t)
genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
type binfmt_misc_fs_t, filesystem_type;
type binfmt_misc_fs_t;
fs_type(binfmt_misc_fs_t)
files_mountpoint(binfmt_misc_fs_t)
genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
type capifs_t, filesystem_type;
allow capifs_t self:filesystem associate;
type capifs_t;
fs_type(capifs_t)
genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
type configfs_t, filesystem_type;
allow configfs_t self:filesystem associate;
type configfs_t;
fs_type(configfs_t)
genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
type eventpollfs_t, filesystem_type;
allow eventpollfs_t self:filesystem associate;
type eventpollfs_t;
fs_type(eventpollfs_t)
genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
type futexfs_t, filesystem_type;
allow futexfs_t self:filesystem associate;
type futexfs_t;
fs_type(futexfs_t)
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
type hugetlbfs_t, filesystem_type;
type hugetlbfs_t;
fs_type(hugetlbfs_t)
files_mountpoint(hugetlbfs_t)
allow hugetlbfs_t self:filesystem associate;
genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0)
type inotifyfs_t, filesystem_type;
allow inotifyfs_t self:filesystem associate;
type inotifyfs_t;
fs_type(inotifyfs_t)
genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
type nfsd_fs_t, filesystem_type;
allow nfsd_fs_t self:filesystem associate;
type nfsd_fs_t;
fs_type(nfsd_fs_t)
genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
type ramfs_t, filesystem_type;
allow ramfs_t self:filesystem associate;
type ramfs_t;
fs_type(ramfs_t)
genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0)
type romfs_t, filesystem_type;
allow romfs_t self:filesystem associate;
type romfs_t;
fs_type(romfs_t)
genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)
type rpc_pipefs_t, filesystem_type;
allow rpc_pipefs_t self:filesystem associate;
type rpc_pipefs_t;
fs_type(rpc_pipefs_t)
genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)
#
# tmpfs_t is the type for tmpfs filesystems
#
type tmpfs_t, filesystem_type;
type tmpfs_t;
fs_type(tmpfs_t)
files_type(tmpfs_t)
files_mountpoint(tmpfs_t)
@ -102,15 +106,14 @@ fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
allow tmpfs_t self:filesystem associate;
allow tmpfs_t noxattrfs:filesystem associate;
##############################
#
# Filesystems without extended attribute support
#
type autofs_t, filesystem_type, noxattrfs;
allow autofs_t self:filesystem associate;
type autofs_t, noxattrfs;
fs_type(autofs_t)
genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
@ -118,8 +121,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
# cifs_t is the type for filesystems and their
# files shared from Windows servers
#
type cifs_t alias sambafs_t, filesystem_type, noxattrfs;
allow cifs_t self:filesystem associate;
type cifs_t alias sambafs_t, noxattrfs;
fs_type(cifs_t)
genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
@ -127,8 +130,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
# dosfs_t is the type for fat and vfat
# filesystems and their files.
#
type dosfs_t, filesystem_type, noxattrfs;
allow dosfs_t self:filesystem associate;
type dosfs_t, noxattrfs;
fs_type(dosfs_t)
genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
@ -139,15 +142,16 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
# and their files.
#
type iso9660_t, filesystem_type, noxattrfs;
allow iso9660_t self:filesystem associate;
fs_type(iso9660_t)
genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
#
# removable_t is the default type of all removable media
#
type removable_t, filesystem_type, noxattrfs;
type removable_t, noxattrfs;
allow removable_t noxattrfs:filesystem associate;
fs_type(removable_t)
files_config_file(removable_t)
#
@ -155,8 +159,8 @@ files_config_file(removable_t)
# and their files.
#
type nfs_t, filesystem_type, noxattrfs;
fs_type(nfs_t)
files_mountpoint(nfs_t)
allow nfs_t self:filesystem associate;
genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)

View File

@ -123,9 +123,8 @@ fs_associate_noxattr(src_t)
#
# tmp_t is the type of the temporary directories
#
type tmp_t, file_type, tmpfile, mountpoint; #, polydir
fs_associate(tmp_t)
fs_associate_noxattr(tmp_t)
type tmp_t, mountpoint; #, polydir
files_tmp_file(tmp_t)
#
# usr_t is the type for /usr.
@ -166,6 +165,5 @@ fs_associate_noxattr(var_run_t)
#
# var_spool_t is the type of /var/spool
#
type var_spool_t, file_type;
fs_associate(var_spool_t)
fs_associate_noxattr(var_spool_t)
type var_spool_t;
files_tmp_file(var_spool_t)

View File

@ -19,7 +19,7 @@ type local_login_lock_t;
files_lock_file(local_login_lock_t)
type local_login_tmp_t;
files_type(local_login_tmp_t)
files_tmp_file(local_login_tmp_t)
type sulogin_t;
type sulogin_exec_t;

View File

@ -8,7 +8,7 @@ policy_module(logging,1.0)
attribute logfile;
type auditctl_t; #, privlog;
type auditctl_t;
type auditctl_exec_t;
init_system_domain(auditctl_t,auditctl_exec_t)
role system_r types auditctl_t;

View File

@ -56,9 +56,13 @@ ifdef(`targeted_policy',`
# User home directory type.
type user_home_t alias { staff_home_t sysadm_home_t }, home_type;
files_type(user_home_t)
files_associate_tmp(user_home_t)
fs_associate_tmpfs(user_home_t)
type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t }, home_dir_type, home_type;
files_type(user_home_dir_t)
files_associate_tmp(user_home_dir_t)
fs_associate_tmpfs(user_home_dir_t)
unconfined_role(user_r)
unconfined_role(sysadm_r)