Fix syntax error after merge with upstream
This commit is contained in:
Lukas Vrabec
parent
9a31f2128c
commit
ca40d14c20
@ -39874,7 +39874,7 @@ index b50c5fe..9eacd9b 100644
|
||||
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
|
||||
+
|
||||
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
|
||||
index 4e94884..e82be7a 100644
|
||||
index 4e94884..7b39545 100644
|
||||
--- a/policy/modules/system/logging.if
|
||||
+++ b/policy/modules/system/logging.if
|
||||
@@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
|
||||
@ -39970,18 +39970,11 @@ index 4e94884..e82be7a 100644
|
||||
gen_require(`
|
||||
- type syslogd_t, devlog_t;
|
||||
+ attribute syslog_client_type;
|
||||
')
|
||||
|
||||
- allow $1 devlog_t:lnk_file read_lnk_file_perms;
|
||||
- allow $1 devlog_t:sock_file write_sock_file_perms;
|
||||
+ ')
|
||||
+
|
||||
+ typeattribute $1 syslog_client_type;
|
||||
+')
|
||||
|
||||
- # the type of socket depends on the syslog daemon
|
||||
- allow $1 syslogd_t:unix_dgram_socket sendto;
|
||||
- allow $1 syslogd_t:unix_stream_socket connectto;
|
||||
- allow $1 self:unix_dgram_socket create_socket_perms;
|
||||
- allow $1 self:unix_stream_socket create_socket_perms;
|
||||
+
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Connect to the syslog control unix stream socket.
|
||||
@ -39996,11 +39989,7 @@ index 4e94884..e82be7a 100644
|
||||
+ gen_require(`
|
||||
+ type devlog_t;
|
||||
+ ')
|
||||
|
||||
- # If syslog is down, the glibc syslog() function
|
||||
- # will write to the console.
|
||||
- term_write_console($1)
|
||||
- term_dontaudit_read_console($1)
|
||||
+
|
||||
+ allow $1 devlog_t:lnk_file manage_lnk_file_perms;
|
||||
+ allow $1 devlog_t:sock_file manage_sock_file_perms;
|
||||
+ dev_filetrans($1, devlog_t, lnk_file, "log")
|
||||
@ -40021,12 +40010,19 @@ index 4e94884..e82be7a 100644
|
||||
+interface(`logging_relabel_devlog_dev',`
|
||||
+ gen_require(`
|
||||
+ type devlog_t;
|
||||
+ ')
|
||||
+
|
||||
')
|
||||
|
||||
- allow $1 devlog_t:lnk_file read_lnk_file_perms;
|
||||
- allow $1 devlog_t:sock_file write_sock_file_perms;
|
||||
+ allow $1 devlog_t:sock_file relabel_sock_file_perms;
|
||||
+ allow $1 devlog_t:lnk_file relabelto_lnk_file_perms;
|
||||
+')
|
||||
+
|
||||
|
||||
- # the type of socket depends on the syslog daemon
|
||||
- allow $1 syslogd_t:unix_dgram_socket sendto;
|
||||
- allow $1 syslogd_t:unix_stream_socket connectto;
|
||||
- allow $1 self:unix_dgram_socket create_socket_perms;
|
||||
- allow $1 self:unix_stream_socket create_socket_perms;
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Allow domain to read the syslog pid files.
|
||||
@ -40041,7 +40037,11 @@ index 4e94884..e82be7a 100644
|
||||
+ gen_require(`
|
||||
+ type syslogd_var_run_t;
|
||||
+ ')
|
||||
+
|
||||
|
||||
- # If syslog is down, the glibc syslog() function
|
||||
- # will write to the console.
|
||||
- term_write_console($1)
|
||||
- term_dontaudit_read_console($1)
|
||||
+ read_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
|
||||
+ list_dirs_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
|
||||
+')
|
||||
@ -40388,7 +40388,7 @@ index 4e94884..e82be7a 100644
|
||||
|
||||
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
|
||||
domain_system_change_exemption($1)
|
||||
@@ -1085,3 +1443,107 @@ interface(`logging_admin',`
|
||||
@@ -1085,3 +1443,110 @@ interface(`logging_admin',`
|
||||
logging_admin_audit($1, $2)
|
||||
logging_admin_syslog($1, $2)
|
||||
')
|
||||
@ -40496,7 +40496,9 @@ index 4e94884..e82be7a 100644
|
||||
+ ')
|
||||
+
|
||||
+ allow $1 syslogd_var_run_t:file map;
|
||||
\ No newline at end of file
|
||||
+
|
||||
+')
|
||||
+
|
||||
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
|
||||
index 59b04c1..2ad89c5 100644
|
||||
--- a/policy/modules/system/logging.te
|
||||
@ -56368,10 +56370,10 @@ index f4ac38d..1589d60 100644
|
||||
+ ssh_signal(confined_admindomain)
|
||||
+')
|
||||
diff --git a/policy/policy_capabilities b/policy/policy_capabilities
|
||||
index db3cbca..e677b81 100644
|
||||
index db3cbca..710bd7c 100644
|
||||
--- a/policy/policy_capabilities
|
||||
+++ b/policy/policy_capabilities
|
||||
@@ -31,3 +31,12 @@ policycap network_peer_controls;
|
||||
@@ -31,3 +31,14 @@ policycap network_peer_controls;
|
||||
# blk_file: open
|
||||
#
|
||||
policycap open_perms;
|
||||
@ -56384,7 +56386,8 @@ index db3cbca..e677b81 100644
|
||||
+# process2: nnp_transition, nosuid_transition
|
||||
+#
|
||||
+#policycap nnp_nosuid_transition;
|
||||
\ No newline at end of file
|
||||
+
|
||||
+
|
||||
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
|
||||
index e79d545..101086d 100644
|
||||
--- a/policy/support/misc_patterns.spt
|
||||
|
||||
@ -23432,7 +23432,7 @@ index 62d22cb..01f6380 100644
|
||||
+
|
||||
')
|
||||
diff --git a/dbus.te b/dbus.te
|
||||
index c9998c8..b3f7ab2 100644
|
||||
index c9998c8..b697f66 100644
|
||||
--- a/dbus.te
|
||||
+++ b/dbus.te
|
||||
@@ -4,17 +4,15 @@ gen_require(`
|
||||
@ -23559,7 +23559,7 @@ index c9998c8..b3f7ab2 100644
|
||||
mls_fd_use_all_levels(system_dbusd_t)
|
||||
mls_rangetrans_target(system_dbusd_t)
|
||||
mls_file_read_all_levels(system_dbusd_t)
|
||||
@@ -123,66 +124,174 @@ term_dontaudit_use_console(system_dbusd_t)
|
||||
@@ -123,66 +124,175 @@ term_dontaudit_use_console(system_dbusd_t)
|
||||
auth_use_nsswitch(system_dbusd_t)
|
||||
auth_read_pam_console_data(system_dbusd_t)
|
||||
|
||||
@ -23743,12 +23743,13 @@ index c9998c8..b3f7ab2 100644
|
||||
manage_files_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t)
|
||||
-files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { dir file })
|
||||
+files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { file dir })
|
||||
+userdom_user_tmp_filetrans(session_bus_type, sessions_dbusd_tmp_t, { file dir })
|
||||
|
||||
-kernel_read_system_state(session_bus_type)
|
||||
kernel_read_kernel_sysctls(session_bus_type)
|
||||
|
||||
corecmd_list_bin(session_bus_type)
|
||||
@@ -191,23 +300,18 @@ corecmd_read_bin_files(session_bus_type)
|
||||
@@ -191,23 +301,18 @@ corecmd_read_bin_files(session_bus_type)
|
||||
corecmd_read_bin_pipes(session_bus_type)
|
||||
corecmd_read_bin_sockets(session_bus_type)
|
||||
|
||||
@ -23773,7 +23774,7 @@ index c9998c8..b3f7ab2 100644
|
||||
files_dontaudit_search_var(session_bus_type)
|
||||
|
||||
fs_getattr_romfs(session_bus_type)
|
||||
@@ -215,7 +319,6 @@ fs_getattr_xattr_fs(session_bus_type)
|
||||
@@ -215,7 +320,6 @@ fs_getattr_xattr_fs(session_bus_type)
|
||||
fs_list_inotifyfs(session_bus_type)
|
||||
fs_dontaudit_list_nfs(session_bus_type)
|
||||
|
||||
@ -23781,7 +23782,7 @@ index c9998c8..b3f7ab2 100644
|
||||
selinux_validate_context(session_bus_type)
|
||||
selinux_compute_access_vector(session_bus_type)
|
||||
selinux_compute_create_context(session_bus_type)
|
||||
@@ -225,18 +328,36 @@ selinux_compute_user_contexts(session_bus_type)
|
||||
@@ -225,18 +329,36 @@ selinux_compute_user_contexts(session_bus_type)
|
||||
auth_read_pam_console_data(session_bus_type)
|
||||
|
||||
logging_send_audit_msgs(session_bus_type)
|
||||
@ -23823,7 +23824,7 @@ index c9998c8..b3f7ab2 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -244,5 +365,9 @@ optional_policy(`
|
||||
@@ -244,5 +366,9 @@ optional_policy(`
|
||||
# Unconfined access to this module
|
||||
#
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user