rename create verb to filetrans for type transitioning ifs
This commit is contained in:
Chris PeBenito
parent
9d594986b7
commit
ce96df7580
@ -819,7 +819,7 @@ dontaudit $1_t self:capability sys_tty_config;
|
||||
allow $1_t self:process signal_perms;
|
||||
allow $1_t $1_var_run_t:file create_file_perms;
|
||||
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid($1_t,$1_var_run_t)
|
||||
files_filetrans_pid($1_t,$1_var_run_t)
|
||||
kernel_read_kernel_sysctl($1_t)
|
||||
kernel_list_proc($1_t)
|
||||
kernel_read_proc_symlinks($1_t)
|
||||
@ -987,10 +987,10 @@ optional_policy(`kerberos',`
|
||||
#end for identd
|
||||
allow $1_t $1_tmp_t:dir create_dir_perms;
|
||||
allow $1_t $1_tmp_t:file create_file_perms;
|
||||
files_create_tmp_files($1_t, $1_tmp_t, { file dir })
|
||||
files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
|
||||
allow $1_t $1_var_run_t:file create_file_perms;
|
||||
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid($1_t,$1_var_run_t)
|
||||
files_filetrans_pid($1_t,$1_var_run_t)
|
||||
kernel_read_kernel_sysctl($1_t)
|
||||
kernel_read_system_state($1_t)
|
||||
kernel_read_network_state($1_t)
|
||||
@ -1033,7 +1033,7 @@ libs_legacy_use_ld_so($1_t)
|
||||
type $1_lock_t;
|
||||
files_lock_file($1_lock_t)
|
||||
allow $1_t $1_lock_t:file create_file_perms;
|
||||
files_create_lock($1_t,$1_lock_t)
|
||||
files_filetrans_lock($1_t,$1_lock_t)
|
||||
|
||||
#
|
||||
# log_domain(): complete
|
||||
@ -1041,7 +1041,7 @@ files_create_lock($1_t,$1_lock_t)
|
||||
type $1_log_t;
|
||||
logging_log_file($1_log_t)
|
||||
allow $1_t $1_log_t:file create_file_perms;
|
||||
logging_create_log($1_t,$1_log_t)
|
||||
logging_filetrans_log($1_t,$1_log_t)
|
||||
|
||||
#
|
||||
# logdir_domain(): complete
|
||||
@ -1050,7 +1050,7 @@ type $1_log_t;
|
||||
logging_log_file($1_log_t)
|
||||
allow $1_t $1_log_t:file create_file_perms;
|
||||
allow $1_t $1_log_t:dir rw_dir_perms;
|
||||
logging_create_log($1_t,$1_log_t,{ file dir })
|
||||
logging_filetrans_log($1_t,$1_log_t,{ file dir })
|
||||
|
||||
#
|
||||
# network_home_dir():
|
||||
@ -1060,28 +1060,9 @@ can_exec($1, $2)
|
||||
allow $1 $2:{ sock_file fifo_file } { create ioctl read getattr lock write setattr append link unlink rename };
|
||||
|
||||
#
|
||||
# polyinstantiater():
|
||||
# polyinstantiater(): complete
|
||||
#
|
||||
ifdef(`support_polyinstantiation', `
|
||||
# Need to give access to /selinux/member
|
||||
selinux_compute_member($1)
|
||||
# Need sys_admin capability for mounting
|
||||
allow $1 self:capability sys_admin;
|
||||
# Need to give access to the directories to be polyinstantiated
|
||||
allow $1 polydir:dir { getattr mounton add_name create setattr write search };
|
||||
# Need to give access to the polyinstantiated subdirectories
|
||||
allow $1 polymember:dir {getattr search };
|
||||
# Need to give access to parent directories where original
|
||||
# is remounted for polyinstantiation aware programs (like gdm)
|
||||
allow $1 polyparent:dir { getattr mounton };
|
||||
# Need to give permission to create directories where applicable
|
||||
allow $1 polymember: dir { create setattr };
|
||||
allow $1 polydir: dir { write add_name };
|
||||
allow $1 self:process setfscreate;
|
||||
allow $1 polyparent:dir { write add_name };
|
||||
# Default type for mountpoints
|
||||
allow $1 poly_t:dir { create mounton };
|
||||
')
|
||||
files_polyinstantiate_all($1)
|
||||
|
||||
#
|
||||
# pty_slave_label():
|
||||
@ -1172,7 +1153,7 @@ type $1_tmp_t;
|
||||
files_tmp_file($1_tmp_t)
|
||||
allow $1_t $1_tmp_t:dir create_dir_perms;
|
||||
allow $1_t $1_tmp_t:file create_file_perms;
|
||||
files_create_tmp_files($1_t, $1_tmp_t, { file dir })
|
||||
files_filetrans_tmp($1_t, $1_tmp_t, { file dir })
|
||||
|
||||
#
|
||||
# tmp_domain($1,$2,$3): complete
|
||||
@ -1182,7 +1163,7 @@ files_create_tmp_files($1_t, $1_tmp_t, { file dir })
|
||||
type $1_tmp_t $2;
|
||||
files_tmp_file($1_tmp_t)
|
||||
allow $1_t $1_tmp_t:$3 manage_obj_perms;
|
||||
files_create_tmp_files($1_t, $1_tmp_t, $3)
|
||||
files_filetrans_tmp($1_t, $1_tmp_t, $3)
|
||||
|
||||
#
|
||||
# tmpfs_domain(): complete
|
||||
@ -1222,7 +1203,7 @@ type $1_var_lib_t;
|
||||
files_type($1_var_lib_t)
|
||||
allow $1_t $1_var_lib_t:file create_file_perms;
|
||||
allow $1_t $1_var_lib_t:dir rw_dir_perms;
|
||||
files_create_var_lib($1_t,$1_var_lib_t)
|
||||
files_filetrans_var_lib($1_t,$1_var_lib_t)
|
||||
|
||||
#
|
||||
# var_run_domain($1): complete
|
||||
@ -1231,14 +1212,14 @@ type $1_var_run_t;
|
||||
files_pid_file($1_var_run_t)
|
||||
allow $1_t $1_var_run_t:file create_file_perms;
|
||||
allow $1_t $1_var_run_t:dir rw_dir_perms;
|
||||
files_create_pid($1_t,$1_var_run_t)
|
||||
files_filetrans_pid($1_t,$1_var_run_t)
|
||||
|
||||
#
|
||||
# var_run_domain($1,$2): complete
|
||||
#
|
||||
type $1_var_run_t;
|
||||
files_pid_file($1_var_run_t)
|
||||
files_create_pid($1_t,$1_var_run_t,$2)
|
||||
files_filetrans_pid($1_t,$1_var_run_t,$2)
|
||||
# for each object class in $2:
|
||||
# if dir:
|
||||
allow $1 $1_var_run_t:dir create_dir_perms;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user