fix up entrypoints
This commit is contained in:
Chris PeBenito
parent
27881870eb
commit
d40c0ecf7a
@ -41,6 +41,7 @@ template(`games_per_userdomain_template',`
|
|||||||
|
|
||||||
type $1_games_t;
|
type $1_games_t;
|
||||||
domain_type($1_games_t)
|
domain_type($1_games_t)
|
||||||
|
domain_entry_file($1_games_t,games_exec_t)
|
||||||
role $3 types $1_games_t;
|
role $3 types $1_games_t;
|
||||||
|
|
||||||
type $1_games_devpts_t;
|
type $1_games_devpts_t;
|
||||||
|
|||||||
@ -44,6 +44,7 @@ template(`java_per_userdomain_template',`
|
|||||||
|
|
||||||
type $1_javaplugin_t;
|
type $1_javaplugin_t;
|
||||||
domain_type($1_javaplugin_t)
|
domain_type($1_javaplugin_t)
|
||||||
|
domain_entry_file($1_javaplugin_t,java_exec_t)
|
||||||
role $3 types $1_javaplugin_t;
|
role $3 types $1_javaplugin_t;
|
||||||
|
|
||||||
type $1_javaplugin_tmp_t;
|
type $1_javaplugin_tmp_t;
|
||||||
|
|||||||
@ -49,11 +49,6 @@ interface(`dbus_stub',`
|
|||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
template(`dbus_per_userdomain_template',`
|
template(`dbus_per_userdomain_template',`
|
||||||
gen_require(`
|
|
||||||
type system_dbusd_t, dbusd_etc_t;
|
|
||||||
type system_dbusd_exec_t;
|
|
||||||
class dbus { send_msg acquire_svc };
|
|
||||||
')
|
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
@ -61,6 +56,7 @@ template(`dbus_per_userdomain_template',`
|
|||||||
#
|
#
|
||||||
type $1_dbusd_t;
|
type $1_dbusd_t;
|
||||||
domain_type($1_dbusd_t)
|
domain_type($1_dbusd_t)
|
||||||
|
domain_entry_file($1_dbusd_t,system_dbusd_exec_t)
|
||||||
role $3 types $1_dbusd_t;
|
role $3 types $1_dbusd_t;
|
||||||
|
|
||||||
type $1_dbusd_$1_t;
|
type $1_dbusd_$1_t;
|
||||||
|
|||||||
@ -26,6 +26,7 @@ files_pid_file(ipsec_var_run_t)
|
|||||||
type ipsec_mgmt_t;
|
type ipsec_mgmt_t;
|
||||||
type ipsec_mgmt_exec_t;
|
type ipsec_mgmt_exec_t;
|
||||||
init_system_domain(ipsec_mgmt_t,ipsec_mgmt_exec_t)
|
init_system_domain(ipsec_mgmt_t,ipsec_mgmt_exec_t)
|
||||||
|
corecmd_shell_entry_type(ipsec_mgmt_t)
|
||||||
role system_r types ipsec_mgmt_t;
|
role system_r types ipsec_mgmt_t;
|
||||||
|
|
||||||
type ipsec_mgmt_lock_t;
|
type ipsec_mgmt_lock_t;
|
||||||
|
|||||||
@ -31,6 +31,8 @@ template(`base_user_template',`
|
|||||||
type $1_t, userdomain;
|
type $1_t, userdomain;
|
||||||
domain_type($1_t)
|
domain_type($1_t)
|
||||||
corecmd_shell_entry_type($1_t)
|
corecmd_shell_entry_type($1_t)
|
||||||
|
corecmd_bin_entry_type($1_t)
|
||||||
|
corecmd_sbin_entry_type($1_t)
|
||||||
domain_user_exemption_target($1_t)
|
domain_user_exemption_target($1_t)
|
||||||
role $1_r types $1_t;
|
role $1_r types $1_t;
|
||||||
allow system_r $1_r;
|
allow system_r $1_r;
|
||||||
@ -105,7 +107,7 @@ template(`base_user_template',`
|
|||||||
can_exec($1_t,$1_home_t)
|
can_exec($1_t,$1_home_t)
|
||||||
|
|
||||||
# full control of the home directory
|
# full control of the home directory
|
||||||
allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
|
allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto entrypoint };
|
||||||
allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
|
allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
|
||||||
allow $1_t $1_home_t:dir { create_dir_perms relabelfrom relabelto };
|
allow $1_t $1_home_t:dir { create_dir_perms relabelfrom relabelto };
|
||||||
allow $1_t $1_home_t:sock_file { create_file_perms relabelfrom relabelto };
|
allow $1_t $1_home_t:sock_file { create_file_perms relabelfrom relabelto };
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user