fix ordering in sysnetwork.
This commit is contained in:
Chris PeBenito
parent
48bf6397fc
commit
d69616c625
@ -83,6 +83,9 @@ kernel_read_network_state(dhcpc_t)
|
|||||||
kernel_read_kernel_sysctls(dhcpc_t)
|
kernel_read_kernel_sysctls(dhcpc_t)
|
||||||
kernel_use_fds(dhcpc_t)
|
kernel_use_fds(dhcpc_t)
|
||||||
|
|
||||||
|
corecmd_exec_bin(dhcpc_t)
|
||||||
|
corecmd_exec_shell(dhcpc_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(dhcpc_t)
|
corenet_all_recvfrom_unlabeled(dhcpc_t)
|
||||||
corenet_all_recvfrom_netlabel(dhcpc_t)
|
corenet_all_recvfrom_netlabel(dhcpc_t)
|
||||||
corenet_tcp_sendrecv_all_if(dhcpc_t)
|
corenet_tcp_sendrecv_all_if(dhcpc_t)
|
||||||
@ -104,17 +107,6 @@ dev_read_sysfs(dhcpc_t)
|
|||||||
# for SSP:
|
# for SSP:
|
||||||
dev_read_urand(dhcpc_t)
|
dev_read_urand(dhcpc_t)
|
||||||
|
|
||||||
fs_getattr_all_fs(dhcpc_t)
|
|
||||||
fs_search_auto_mountpoints(dhcpc_t)
|
|
||||||
|
|
||||||
term_dontaudit_use_all_user_ttys(dhcpc_t)
|
|
||||||
term_dontaudit_use_all_user_ptys(dhcpc_t)
|
|
||||||
term_dontaudit_use_unallocated_ttys(dhcpc_t)
|
|
||||||
term_dontaudit_use_generic_ptys(dhcpc_t)
|
|
||||||
|
|
||||||
corecmd_exec_bin(dhcpc_t)
|
|
||||||
corecmd_exec_shell(dhcpc_t)
|
|
||||||
|
|
||||||
domain_use_interactive_fds(dhcpc_t)
|
domain_use_interactive_fds(dhcpc_t)
|
||||||
domain_dontaudit_list_all_domains_state(dhcpc_t)
|
domain_dontaudit_list_all_domains_state(dhcpc_t)
|
||||||
|
|
||||||
@ -124,6 +116,14 @@ files_search_home(dhcpc_t)
|
|||||||
files_search_var_lib(dhcpc_t)
|
files_search_var_lib(dhcpc_t)
|
||||||
files_dontaudit_search_locks(dhcpc_t)
|
files_dontaudit_search_locks(dhcpc_t)
|
||||||
|
|
||||||
|
fs_getattr_all_fs(dhcpc_t)
|
||||||
|
fs_search_auto_mountpoints(dhcpc_t)
|
||||||
|
|
||||||
|
term_dontaudit_use_all_user_ttys(dhcpc_t)
|
||||||
|
term_dontaudit_use_all_user_ptys(dhcpc_t)
|
||||||
|
term_dontaudit_use_unallocated_ttys(dhcpc_t)
|
||||||
|
term_dontaudit_use_generic_ptys(dhcpc_t)
|
||||||
|
|
||||||
init_rw_utmp(dhcpc_t)
|
init_rw_utmp(dhcpc_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(dhcpc_t)
|
logging_send_syslog_msg(dhcpc_t)
|
||||||
@ -234,10 +234,9 @@ optional_policy(`
|
|||||||
# Ifconfig local policy
|
# Ifconfig local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
|
|
||||||
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
|
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
|
||||||
dontaudit ifconfig_t self:capability sys_module;
|
dontaudit ifconfig_t self:capability sys_module;
|
||||||
|
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
|
||||||
allow ifconfig_t self:fd use;
|
allow ifconfig_t self:fd use;
|
||||||
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
|
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow ifconfig_t self:sock_file read_sock_file_perms;
|
allow ifconfig_t self:sock_file read_sock_file_perms;
|
||||||
@ -250,16 +249,13 @@ allow ifconfig_t self:shm create_shm_perms;
|
|||||||
allow ifconfig_t self:sem create_sem_perms;
|
allow ifconfig_t self:sem create_sem_perms;
|
||||||
allow ifconfig_t self:msgq create_msgq_perms;
|
allow ifconfig_t self:msgq create_msgq_perms;
|
||||||
allow ifconfig_t self:msg { send receive };
|
allow ifconfig_t self:msg { send receive };
|
||||||
|
|
||||||
# Create UDP sockets, necessary when called from dhcpc
|
# Create UDP sockets, necessary when called from dhcpc
|
||||||
allow ifconfig_t self:udp_socket create_socket_perms;
|
allow ifconfig_t self:udp_socket create_socket_perms;
|
||||||
|
|
||||||
# for /sbin/ip
|
# for /sbin/ip
|
||||||
allow ifconfig_t self:packet_socket create_socket_perms;
|
allow ifconfig_t self:packet_socket create_socket_perms;
|
||||||
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
|
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
|
||||||
allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
|
allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
|
||||||
allow ifconfig_t self:tcp_socket { create ioctl };
|
allow ifconfig_t self:tcp_socket { create ioctl };
|
||||||
files_read_etc_files(ifconfig_t)
|
|
||||||
|
|
||||||
kernel_use_fds(ifconfig_t)
|
kernel_use_fds(ifconfig_t)
|
||||||
kernel_read_system_state(ifconfig_t)
|
kernel_read_system_state(ifconfig_t)
|
||||||
@ -273,14 +269,16 @@ dev_read_sysfs(ifconfig_t)
|
|||||||
# for IPSEC setup:
|
# for IPSEC setup:
|
||||||
dev_read_urand(ifconfig_t)
|
dev_read_urand(ifconfig_t)
|
||||||
|
|
||||||
|
domain_use_interactive_fds(ifconfig_t)
|
||||||
|
|
||||||
|
files_read_etc_files(ifconfig_t)
|
||||||
|
|
||||||
fs_getattr_xattr_fs(ifconfig_t)
|
fs_getattr_xattr_fs(ifconfig_t)
|
||||||
fs_search_auto_mountpoints(ifconfig_t)
|
fs_search_auto_mountpoints(ifconfig_t)
|
||||||
|
|
||||||
term_dontaudit_use_all_user_ttys(ifconfig_t)
|
term_dontaudit_use_all_user_ttys(ifconfig_t)
|
||||||
term_dontaudit_use_all_user_ptys(ifconfig_t)
|
term_dontaudit_use_all_user_ptys(ifconfig_t)
|
||||||
|
|
||||||
domain_use_interactive_fds(ifconfig_t)
|
|
||||||
|
|
||||||
files_dontaudit_read_root_files(ifconfig_t)
|
files_dontaudit_read_root_files(ifconfig_t)
|
||||||
|
|
||||||
init_use_fds(ifconfig_t)
|
init_use_fds(ifconfig_t)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user