- Add back xserver_manage_home_fonts
This commit is contained in:
parent
550cc5f4f4
commit
d88a5e9f45
@ -12627,8 +12627,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
|
|||||||
+/var/run/cgred.* gen_context(system_u:object_r:cgred_var_run_t, s0)
|
+/var/run/cgred.* gen_context(system_u:object_r:cgred_var_run_t, s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.5/policy/modules/services/cgroup.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.5/policy/modules/services/cgroup.if
|
||||||
--- nsaserefpolicy/policy/modules/services/cgroup.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/cgroup.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.7.5/policy/modules/services/cgroup.if 2009-12-22 11:07:12.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/services/cgroup.if 2009-12-22 14:42:11.000000000 -0500
|
||||||
@@ -0,0 +1,52 @@
|
@@ -0,0 +1,34 @@
|
||||||
+## <summary>Control group rules engine daemon.</summary>
|
+## <summary>Control group rules engine daemon.</summary>
|
||||||
+## <desc>
|
+## <desc>
|
||||||
+## <p>
|
+## <p>
|
||||||
@ -12655,35 +12655,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
|
|||||||
+## </summary>
|
+## </summary>
|
||||||
+## </param>
|
+## </param>
|
||||||
+#
|
+#
|
||||||
+interface(`cgroup_cgred_rw_pid_sock_file', `
|
+interface(`cgroup_stream_connect', `
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type cgred_var_run_t;
|
+ type cgred_var_run_t, cgred_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ rw_sock_files_pattern($1, cgred_var_run_t, cgred_var_run_t)
|
|
||||||
+ files_search_pids($1)
|
+ files_search_pids($1)
|
||||||
+')
|
+ stream_connect_pattern($1, cgred_var_run_t, cgred_var_run_t, cgred_t)
|
||||||
+
|
|
||||||
+########################################
|
|
||||||
+## <summary>
|
|
||||||
+## Unix stream socket connect to cgred.
|
|
||||||
+## </summary>
|
|
||||||
+## <param name="domain">
|
|
||||||
+## <summary>
|
|
||||||
+## Domain allowed access.
|
|
||||||
+## </summary>
|
|
||||||
+## </param>
|
|
||||||
+#
|
|
||||||
+interface(`cgroup_cgred_stream_connect', `
|
|
||||||
+ gen_require(`
|
|
||||||
+ type cgred_t;
|
|
||||||
+ ')
|
|
||||||
+
|
|
||||||
+ allow $1 cgred_t:unix_stream_socket connectto;
|
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.5/policy/modules/services/cgroup.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.5/policy/modules/services/cgroup.te
|
||||||
--- nsaserefpolicy/policy/modules/services/cgroup.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/cgroup.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.7.5/policy/modules/services/cgroup.te 2009-12-22 11:05:59.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/services/cgroup.te 2009-12-22 14:55:46.000000000 -0500
|
||||||
@@ -0,0 +1,88 @@
|
@@ -0,0 +1,88 @@
|
||||||
+policy_module(cgroup, 1.0.0)
|
+policy_module(cgroup, 1.0.0)
|
||||||
+
|
+
|
||||||
@ -15011,7 +14993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
|
|||||||
/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
|
/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.5/policy/modules/services/dovecot.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.5/policy/modules/services/dovecot.te
|
||||||
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.5/policy/modules/services/dovecot.te 2009-12-21 13:07:09.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/services/dovecot.te 2009-12-22 15:39:45.000000000 -0500
|
||||||
@@ -56,7 +56,7 @@
|
@@ -56,7 +56,7 @@
|
||||||
|
|
||||||
allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot };
|
allow dovecot_t self:capability { dac_override dac_read_search chown net_bind_service setgid setuid sys_chroot };
|
||||||
@ -15084,7 +15066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
|
|||||||
allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
|
allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
|
||||||
allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
|
allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
|
||||||
|
|
||||||
@@ -260,3 +274,14 @@
|
@@ -260,3 +274,17 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mta_manage_spool(dovecot_deliver_t)
|
mta_manage_spool(dovecot_deliver_t)
|
||||||
')
|
')
|
||||||
@ -15092,13 +15074,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
|
|||||||
+tunable_policy(`use_nfs_home_dirs',`
|
+tunable_policy(`use_nfs_home_dirs',`
|
||||||
+ fs_manage_nfs_files(dovecot_deliver_t)
|
+ fs_manage_nfs_files(dovecot_deliver_t)
|
||||||
+ fs_manage_nfs_symlinks(dovecot_deliver_t)
|
+ fs_manage_nfs_symlinks(dovecot_deliver_t)
|
||||||
|
+ fs_manage_nfs_files(dovecot_t)
|
||||||
|
+ fs_manage_nfs_symlinks(dovecot_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+tunable_policy(`use_samba_home_dirs',`
|
+tunable_policy(`use_samba_home_dirs',`
|
||||||
+ fs_manage_cifs_files(dovecot_deliver_t)
|
+ fs_manage_cifs_files(dovecot_deliver_t)
|
||||||
+ fs_manage_cifs_symlinks(dovecot_deliver_t)
|
+ fs_manage_cifs_symlinks(dovecot_deliver_t)
|
||||||
|
+ fs_manage_cifs_files(dovecot_t)
|
||||||
|
+ fs_manage_cifs_symlinks(dovecot_t)
|
||||||
+')
|
+')
|
||||||
+
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.5/policy/modules/services/exim.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.5/policy/modules/services/exim.te
|
||||||
--- nsaserefpolicy/policy/modules/services/exim.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/exim.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.5/policy/modules/services/exim.te 2009-12-21 13:07:09.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/services/exim.te 2009-12-21 13:07:09.000000000 -0500
|
||||||
@ -22975,7 +22960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.5/policy/modules/services/sendmail.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.5/policy/modules/services/sendmail.te
|
||||||
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.5/policy/modules/services/sendmail.te 2009-12-21 13:07:09.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/services/sendmail.te 2009-12-22 14:55:43.000000000 -0500
|
||||||
@@ -20,13 +20,17 @@
|
@@ -20,13 +20,17 @@
|
||||||
mta_mailserver_delivery(sendmail_t)
|
mta_mailserver_delivery(sendmail_t)
|
||||||
mta_mailserver_sender(sendmail_t)
|
mta_mailserver_sender(sendmail_t)
|
||||||
@ -22992,7 +22977,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
-allow sendmail_t self:capability { setuid setgid net_bind_service sys_nice chown sys_tty_config };
|
-allow sendmail_t self:capability { setuid setgid net_bind_service sys_nice chown sys_tty_config };
|
||||||
-allow sendmail_t self:process signal;
|
-allow sendmail_t self:process signal;
|
||||||
+allow sendmail_t self:capability { dac_override setuid setgid net_bind_service sys_nice chown sys_tty_config };
|
+allow sendmail_t self:capability { dac_override setuid setgid net_bind_service sys_nice chown sys_tty_config };
|
||||||
+allow sendmail_t self:process { setrlimit signal signull };
|
+allow sendmail_t self:process { setpgid setrlimit signal signull };
|
||||||
allow sendmail_t self:fifo_file rw_fifo_file_perms;
|
allow sendmail_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
|
allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow sendmail_t self:unix_dgram_socket create_socket_perms;
|
allow sendmail_t self:unix_dgram_socket create_socket_perms;
|
||||||
@ -28068,7 +28053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.5/policy/modules/system/init.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.5/policy/modules/system/init.te
|
||||||
--- nsaserefpolicy/policy/modules/system/init.te 2009-11-12 12:51:51.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/init.te 2009-11-12 12:51:51.000000000 -0500
|
||||||
+++ serefpolicy-3.7.5/policy/modules/system/init.te 2009-12-22 10:22:45.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/system/init.te 2009-12-22 14:38:31.000000000 -0500
|
||||||
@@ -17,6 +17,20 @@
|
@@ -17,6 +17,20 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(init_upstart, false)
|
gen_tunable(init_upstart, false)
|
||||||
@ -28427,7 +28412,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
files_create_boot_flag(initrc_t)
|
files_create_boot_flag(initrc_t)
|
||||||
files_rw_boot_symlinks(initrc_t)
|
files_rw_boot_symlinks(initrc_t)
|
||||||
# wants to read /.fonts directory
|
# wants to read /.fonts directory
|
||||||
@@ -492,15 +554,27 @@
|
@@ -492,15 +554,26 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
bind_manage_config_dirs(initrc_t)
|
bind_manage_config_dirs(initrc_t)
|
||||||
bind_write_config(initrc_t)
|
bind_write_config(initrc_t)
|
||||||
@ -28435,8 +28420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ optional_policy(`
|
+ optional_policy(`
|
||||||
+ cgroup_cgrulesengd_rw_pid_sock_file(initrc_t)
|
+ cgroup_stream_connect(initrc_t)
|
||||||
+ cgroup_cgrulesengd_stream_connect(initrc_t)
|
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ optional_policy(`
|
+ optional_policy(`
|
||||||
@ -28455,7 +28439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -515,6 +589,33 @@
|
@@ -515,6 +588,33 @@
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -28489,7 +28473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -567,10 +668,19 @@
|
@@ -567,10 +667,19 @@
|
||||||
dbus_connect_system_bus(initrc_t)
|
dbus_connect_system_bus(initrc_t)
|
||||||
dbus_system_bus_client(initrc_t)
|
dbus_system_bus_client(initrc_t)
|
||||||
dbus_read_config(initrc_t)
|
dbus_read_config(initrc_t)
|
||||||
@ -28509,7 +28493,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -590,6 +700,10 @@
|
@@ -590,6 +699,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28520,7 +28504,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
dev_read_usbfs(initrc_t)
|
dev_read_usbfs(initrc_t)
|
||||||
|
|
||||||
# init scripts run /etc/hotplug/usb.rc
|
# init scripts run /etc/hotplug/usb.rc
|
||||||
@@ -646,20 +760,20 @@
|
@@ -646,20 +759,20 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28547,7 +28531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@@ -668,6 +782,7 @@
|
@@ -668,6 +781,7 @@
|
||||||
|
|
||||||
mysql_stream_connect(initrc_t)
|
mysql_stream_connect(initrc_t)
|
||||||
mysql_write_log(initrc_t)
|
mysql_write_log(initrc_t)
|
||||||
@ -28555,7 +28539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -700,7 +815,6 @@
|
@@ -700,7 +814,6 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28563,7 +28547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
fs_write_ramfs_sockets(initrc_t)
|
fs_write_ramfs_sockets(initrc_t)
|
||||||
fs_search_ramfs(initrc_t)
|
fs_search_ramfs(initrc_t)
|
||||||
|
|
||||||
@@ -722,8 +836,6 @@
|
@@ -722,8 +835,6 @@
|
||||||
# bash tries ioctl for some reason
|
# bash tries ioctl for some reason
|
||||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||||
|
|
||||||
@ -28572,7 +28556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -736,13 +848,16 @@
|
@@ -736,13 +847,16 @@
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -28589,7 +28573,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -751,6 +866,7 @@
|
@@ -751,6 +865,7 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
udev_rw_db(initrc_t)
|
udev_rw_db(initrc_t)
|
||||||
@ -28597,7 +28581,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -758,6 +874,15 @@
|
@@ -758,6 +873,15 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28613,7 +28597,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
unconfined_domain(initrc_t)
|
unconfined_domain(initrc_t)
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@@ -768,6 +893,21 @@
|
@@ -768,6 +892,21 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mono_domtrans(initrc_t)
|
mono_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@ -28635,7 +28619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -793,3 +933,31 @@
|
@@ -793,3 +932,31 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user