fix ordering in sysnetwork.
This commit is contained in:
Chris PeBenito
parent
48bf6397fc
commit
d69616c625
@ -83,6 +83,9 @@ kernel_read_network_state(dhcpc_t)
|
||||
kernel_read_kernel_sysctls(dhcpc_t)
|
||||
kernel_use_fds(dhcpc_t)
|
||||
|
||||
corecmd_exec_bin(dhcpc_t)
|
||||
corecmd_exec_shell(dhcpc_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dhcpc_t)
|
||||
corenet_all_recvfrom_netlabel(dhcpc_t)
|
||||
corenet_tcp_sendrecv_all_if(dhcpc_t)
|
||||
@ -104,17 +107,6 @@ dev_read_sysfs(dhcpc_t)
|
||||
# for SSP:
|
||||
dev_read_urand(dhcpc_t)
|
||||
|
||||
fs_getattr_all_fs(dhcpc_t)
|
||||
fs_search_auto_mountpoints(dhcpc_t)
|
||||
|
||||
term_dontaudit_use_all_user_ttys(dhcpc_t)
|
||||
term_dontaudit_use_all_user_ptys(dhcpc_t)
|
||||
term_dontaudit_use_unallocated_ttys(dhcpc_t)
|
||||
term_dontaudit_use_generic_ptys(dhcpc_t)
|
||||
|
||||
corecmd_exec_bin(dhcpc_t)
|
||||
corecmd_exec_shell(dhcpc_t)
|
||||
|
||||
domain_use_interactive_fds(dhcpc_t)
|
||||
domain_dontaudit_list_all_domains_state(dhcpc_t)
|
||||
|
||||
@ -124,6 +116,14 @@ files_search_home(dhcpc_t)
|
||||
files_search_var_lib(dhcpc_t)
|
||||
files_dontaudit_search_locks(dhcpc_t)
|
||||
|
||||
fs_getattr_all_fs(dhcpc_t)
|
||||
fs_search_auto_mountpoints(dhcpc_t)
|
||||
|
||||
term_dontaudit_use_all_user_ttys(dhcpc_t)
|
||||
term_dontaudit_use_all_user_ptys(dhcpc_t)
|
||||
term_dontaudit_use_unallocated_ttys(dhcpc_t)
|
||||
term_dontaudit_use_generic_ptys(dhcpc_t)
|
||||
|
||||
init_rw_utmp(dhcpc_t)
|
||||
|
||||
logging_send_syslog_msg(dhcpc_t)
|
||||
@ -234,10 +234,9 @@ optional_policy(`
|
||||
# Ifconfig local policy
|
||||
#
|
||||
|
||||
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
|
||||
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
|
||||
dontaudit ifconfig_t self:capability sys_module;
|
||||
|
||||
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
|
||||
allow ifconfig_t self:fd use;
|
||||
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
|
||||
allow ifconfig_t self:sock_file read_sock_file_perms;
|
||||
@ -250,16 +249,13 @@ allow ifconfig_t self:shm create_shm_perms;
|
||||
allow ifconfig_t self:sem create_sem_perms;
|
||||
allow ifconfig_t self:msgq create_msgq_perms;
|
||||
allow ifconfig_t self:msg { send receive };
|
||||
|
||||
# Create UDP sockets, necessary when called from dhcpc
|
||||
allow ifconfig_t self:udp_socket create_socket_perms;
|
||||
|
||||
# for /sbin/ip
|
||||
allow ifconfig_t self:packet_socket create_socket_perms;
|
||||
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
|
||||
allow ifconfig_t self:tcp_socket { create ioctl };
|
||||
files_read_etc_files(ifconfig_t)
|
||||
|
||||
kernel_use_fds(ifconfig_t)
|
||||
kernel_read_system_state(ifconfig_t)
|
||||
@ -273,14 +269,16 @@ dev_read_sysfs(ifconfig_t)
|
||||
# for IPSEC setup:
|
||||
dev_read_urand(ifconfig_t)
|
||||
|
||||
domain_use_interactive_fds(ifconfig_t)
|
||||
|
||||
files_read_etc_files(ifconfig_t)
|
||||
|
||||
fs_getattr_xattr_fs(ifconfig_t)
|
||||
fs_search_auto_mountpoints(ifconfig_t)
|
||||
|
||||
term_dontaudit_use_all_user_ttys(ifconfig_t)
|
||||
term_dontaudit_use_all_user_ptys(ifconfig_t)
|
||||
|
||||
domain_use_interactive_fds(ifconfig_t)
|
||||
|
||||
files_dontaudit_read_root_files(ifconfig_t)
|
||||
|
||||
init_use_fds(ifconfig_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user