On Tue, 2006-11-07 at 16:51 -0500, James Antill wrote:
> Here is the policy changes needed for the context contains security > checking in PAM and cron.
This commit is contained in:
parent
59f8539306
commit
c6a60bb28d
@ -1,3 +1,4 @@
|
||||
- Context contains checking for PAM and cron from James Antill.
|
||||
- Add a reload target to Modules.devel and change the load
|
||||
target to only insert modules that were changed.
|
||||
- Allow semanage to read from /root on strict non-MLS for
|
||||
|
@ -635,4 +635,5 @@ class key
|
||||
class context
|
||||
{
|
||||
translate
|
||||
contains
|
||||
}
|
||||
|
@ -597,4 +597,7 @@ mlsconstrain association { polmatch }
|
||||
mlsconstrain context translate
|
||||
(( h1 dom h2 ) or ( t1 == mlstranslate ));
|
||||
|
||||
mlsconstrain context contains
|
||||
( h1 dom h2 );
|
||||
|
||||
') dnl end enable_mls
|
||||
|
@ -22,6 +22,11 @@
|
||||
## <rolebase/>
|
||||
#
|
||||
template(`userdom_base_user_template',`
|
||||
|
||||
gen_require(`
|
||||
class context contains;
|
||||
')
|
||||
|
||||
attribute $1_file_type;
|
||||
|
||||
type $1_t, userdomain;
|
||||
@ -49,6 +54,7 @@ template(`userdom_base_user_template',`
|
||||
allow $1_t self:sem create_sem_perms;
|
||||
allow $1_t self:msgq create_msgq_perms;
|
||||
allow $1_t self:msg { send receive };
|
||||
allow $1_t self:context contains;
|
||||
dontaudit $1_t self:socket create;
|
||||
|
||||
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(userdomain,2.0.2)
|
||||
policy_module(userdomain,2.0.3)
|
||||
|
||||
gen_require(`
|
||||
role sysadm_r, staff_r, user_r;
|
||||
|
Loading…
Reference in New Issue
Block a user