Start adding support for use_fusefs_home_dirs
Add /var/lib/syslog directory file context Add /etc/localtime as locale file context
This commit is contained in:
parent
ddd1ccaa93
commit
d1c6ba20d5
@ -87,6 +87,13 @@ gen_tunable(use_nfs_home_dirs,false)
|
|||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(use_samba_home_dirs,false)
|
gen_tunable(use_samba_home_dirs,false)
|
||||||
|
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Support fusefs home directories
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
gen_tunable(use_fusefs_home_dirs,false)
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
## Allow users to run TCP servers (bind to ports and accept connection from
|
## Allow users to run TCP servers (bind to ports and accept connection from
|
||||||
|
@ -369,6 +369,7 @@ userdom_dontaudit_use_user_ptys(mozilla_plugin_t)
|
|||||||
userdom_manage_user_tmp_sockets(mozilla_plugin_t)
|
userdom_manage_user_tmp_sockets(mozilla_plugin_t)
|
||||||
|
|
||||||
userdom_list_user_tmp(mozilla_plugin_t)
|
userdom_list_user_tmp(mozilla_plugin_t)
|
||||||
|
userdom_manage_user_tmp_dirs(mozilla_plugin_t)
|
||||||
userdom_read_user_tmp_files(mozilla_plugin_t)
|
userdom_read_user_tmp_files(mozilla_plugin_t)
|
||||||
userdom_read_user_tmp_symlinks(mozilla_plugin_t)
|
userdom_read_user_tmp_symlinks(mozilla_plugin_t)
|
||||||
userdom_read_user_home_content_files(mozilla_plugin_t)
|
userdom_read_user_home_content_files(mozilla_plugin_t)
|
||||||
|
@ -280,6 +280,10 @@ userdom_use_user_terminals(iceauth_t)
|
|||||||
userdom_read_user_tmp_files(iceauth_t)
|
userdom_read_user_tmp_files(iceauth_t)
|
||||||
userdom_read_all_users_state(iceauth_t)
|
userdom_read_all_users_state(iceauth_t)
|
||||||
|
|
||||||
|
tunable_policy(`use_fusefs_home_dirs',`
|
||||||
|
fs_manage_fusefs_files(iceauth_t)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_manage_nfs_files(iceauth_t)
|
fs_manage_nfs_files(iceauth_t)
|
||||||
')
|
')
|
||||||
@ -369,6 +373,11 @@ ifdef(`hide_broken_symptoms',`
|
|||||||
miscfiles_read_fonts(xauth_t)
|
miscfiles_read_fonts(xauth_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`use_fusefs_home_dirs',`
|
||||||
|
fs_manage_fusefs_files(xauth_t)
|
||||||
|
fs_read_fusefs_symlinks(xauth_t)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_manage_nfs_files(xauth_t)
|
fs_manage_nfs_files(xauth_t)
|
||||||
fs_read_nfs_symlinks(xauth_t)
|
fs_read_nfs_symlinks(xauth_t)
|
||||||
@ -661,6 +670,13 @@ ifdef(`distro_rhel4',`
|
|||||||
allow xdm_t self:process { execheap execmem };
|
allow xdm_t self:process { execheap execmem };
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`use_fusefs_home_dirs',`
|
||||||
|
fs_manage_fusefs_dirs(xdm_t)
|
||||||
|
fs_manage_fusefs_files(xdm_t)
|
||||||
|
fs_manage_fusefs_symlinks(xdm_t)
|
||||||
|
fs_exec_fusefs_files(xdm_t)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_manage_nfs_dirs(xdm_t)
|
fs_manage_nfs_dirs(xdm_t)
|
||||||
fs_manage_nfs_files(xdm_t)
|
fs_manage_nfs_files(xdm_t)
|
||||||
@ -1151,6 +1167,12 @@ tunable_policy(`use_nfs_home_dirs',`
|
|||||||
fs_manage_nfs_symlinks(xserver_t)
|
fs_manage_nfs_symlinks(xserver_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`use_fusefs_home_dirs',`
|
||||||
|
fs_manage_fusefs_dirs(xserver_t)
|
||||||
|
fs_manage_fusefs_files(xserver_t)
|
||||||
|
fs_manage_fusefs_symlinks(xserver_t)
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`use_samba_home_dirs',`
|
tunable_policy(`use_samba_home_dirs',`
|
||||||
fs_manage_cifs_dirs(xserver_t)
|
fs_manage_cifs_dirs(xserver_t)
|
||||||
fs_manage_cifs_files(xserver_t)
|
fs_manage_cifs_files(xserver_t)
|
||||||
@ -1338,8 +1360,8 @@ tunable_policy(`use_nfs_home_dirs',`
|
|||||||
fs_append_nfs_files(xdmhomewriter)
|
fs_append_nfs_files(xdmhomewriter)
|
||||||
')
|
')
|
||||||
|
|
||||||
tunable_policy(`use_samba_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_append_cifs_files(xdmhomewriter)
|
fs_append_nfs_files(xdmhomewriter)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||||
|
|
||||||
/var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
|
/var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
|
||||||
|
/var/lib/syslog(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
|
||||||
/var/lib/syslog-ng.persist -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
|
/var/lib/syslog-ng.persist -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
|
||||||
|
|
||||||
ifdef(`distro_suse', `
|
ifdef(`distro_suse', `
|
||||||
|
@ -10,6 +10,7 @@ ifdef(`distro_gentoo',`
|
|||||||
#
|
#
|
||||||
/etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
|
/etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
|
||||||
/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
|
/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
|
||||||
|
/etc/timezone -- gen_context(system_u:object_r:locale_t,s0)
|
||||||
/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
|
/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
|
||||||
/etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
|
/etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user