trunk: two small updates from dan.
This commit is contained in:
parent
131634a581
commit
c54eb87d43
@ -67,6 +67,12 @@ ifdef(`distro_redhat',`
|
|||||||
|
|
||||||
/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
|
|
||||||
|
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/etc/sysconfig/netconsole -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/etc/sysconfig/readonly-root -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/sysconfig/network-scripts/ifup-.* -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/sysconfig/network-scripts/ifup-.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0)
|
/etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -100,11 +106,6 @@ ifdef(`distro_gentoo',`
|
|||||||
/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
|
/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
|
||||||
/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
')
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# /sbin
|
# /sbin
|
||||||
#
|
#
|
||||||
@ -132,8 +133,10 @@ ifdef(`distro_gentoo',`
|
|||||||
# /usr
|
# /usr
|
||||||
#
|
#
|
||||||
/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
|
/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
|
|
||||||
/usr/lib(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -145,10 +148,7 @@ ifdef(`distro_gentoo',`
|
|||||||
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
|
|
||||||
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -179,6 +179,8 @@ ifdef(`distro_gentoo',`
|
|||||||
/usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/libsexec/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
|
|
||||||
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -186,8 +188,11 @@ ifdef(`distro_gentoo',`
|
|||||||
/usr/local/Brother(/.*)?/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/local/Brother(/.*)?/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
|
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
|
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
|
|
||||||
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -214,9 +219,11 @@ ifdef(`distro_redhat', `
|
|||||||
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
|
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(corecommands,1.9.1)
|
policy_module(corecommands,1.9.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(kernel,1.9.5)
|
policy_module(kernel,1.9.6)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -44,6 +44,15 @@ mls_rangetrans_source(kernel_t)
|
|||||||
role system_r types kernel_t;
|
role system_r types kernel_t;
|
||||||
sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
|
sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
|
||||||
|
|
||||||
|
#
|
||||||
|
# cgroup fs
|
||||||
|
#
|
||||||
|
|
||||||
|
type cgroup_t;
|
||||||
|
fs_type(cgroup_t)
|
||||||
|
allow cgroup_t self:filesystem associate;
|
||||||
|
genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
|
||||||
|
|
||||||
#
|
#
|
||||||
# DebugFS
|
# DebugFS
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user