trunk: 5 patches from dan.
This commit is contained in:
Chris PeBenito
parent
11c944faf1
commit
da04234f32
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(alsa, 1.7.0)
|
||||
policy_module(alsa, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -43,6 +43,7 @@ kernel_read_system_state(alsa_t)
|
||||
|
||||
dev_read_sound(alsa_t)
|
||||
dev_write_sound(alsa_t)
|
||||
dev_read_sysfs(alsa_t)
|
||||
|
||||
corecmd_exec_bin(alsa_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(consoletype, 1.7.0)
|
||||
policy_module(consoletype, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -18,7 +18,7 @@ role system_r types consoletype_t;
|
||||
# Local declarations
|
||||
#
|
||||
|
||||
allow consoletype_t self:capability sys_admin;
|
||||
allow consoletype_t self:capability { sys_admin sys_tty_config };
|
||||
allow consoletype_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||
allow consoletype_t self:fd use;
|
||||
allow consoletype_t self:fifo_file rw_fifo_file_perms;
|
||||
@ -38,6 +38,7 @@ kernel_dontaudit_read_system_state(consoletype_t)
|
||||
fs_getattr_all_fs(consoletype_t)
|
||||
fs_search_auto_mountpoints(consoletype_t)
|
||||
fs_write_nfs_files(consoletype_t)
|
||||
fs_list_inotifyfs(consoletype_t)
|
||||
|
||||
mls_file_read_all_levels(consoletype_t)
|
||||
mls_file_write_all_levels(consoletype_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(netutils, 1.8.2)
|
||||
policy_module(netutils, 1.8.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -128,6 +128,8 @@ domain_use_interactive_fds(ping_t)
|
||||
files_read_etc_files(ping_t)
|
||||
files_dontaudit_search_var(ping_t)
|
||||
|
||||
kernel_read_system_state(ping_t)
|
||||
|
||||
auth_use_nsswitch(ping_t)
|
||||
|
||||
logging_send_syslog_msg(ping_t)
|
||||
@ -145,6 +147,10 @@ tunable_policy(`user_ping',`
|
||||
term_use_all_user_ptys(ping_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
munin_append_log(ping_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
pcmcia_use_cardmgr_fds(ping_t)
|
||||
')
|
||||
|
||||
@ -18,3 +18,28 @@ interface(`vbetool_domtrans',`
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1, vbetool_exec_t, vbetool_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute vbetool in the vbetool domain, and
|
||||
## allow the specified role the vbetool domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed the vbetool domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`vbetool_run',`
|
||||
gen_require(`
|
||||
type vbetool_t;
|
||||
')
|
||||
|
||||
vbetool_domtrans($1)
|
||||
role $2 types vbetool_t;
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(vbetool, 1.3.0)
|
||||
policy_module(vbetool, 1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -23,6 +23,8 @@ dev_read_raw_memory(vbetool_t)
|
||||
dev_rwx_zero(vbetool_t)
|
||||
dev_read_sysfs(vbetool_t)
|
||||
|
||||
domain_mmap_low(vbetool_t)
|
||||
|
||||
term_use_unallocated_ttys(vbetool_t)
|
||||
|
||||
miscfiles_read_localization(vbetool_t)
|
||||
|
||||
@ -45,6 +45,24 @@ interface(`vpn_run',`
|
||||
sysnet_run_ifconfig(vpnc_t, $2)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send VPN clients the kill signal.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`vpn_kill',`
|
||||
gen_require(`
|
||||
type vpnc_t;
|
||||
')
|
||||
|
||||
allow $1 vpnc_t:process sigkill;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send generic signals to VPN clients.
|
||||
@ -63,6 +81,24 @@ interface(`vpn_signal',`
|
||||
allow $1 vpnc_t:process signal;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send signull to VPN clients.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`vpn_signull',`
|
||||
gen_require(`
|
||||
type vpnc_t;
|
||||
')
|
||||
|
||||
allow $1 vpnc_t:process signull;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive messages from
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(vpn, 1.10.2)
|
||||
policy_module(vpn, 1.10.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -43,6 +43,26 @@ interface(`munin_read_config',`
|
||||
files_search_etc($1)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Append to the munin log.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`munin_append_log',`
|
||||
gen_require(`
|
||||
type munin_log_t;
|
||||
')
|
||||
|
||||
allow $1 munin_log_t:file append_file_perms;
|
||||
logging_search_logs($1)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Search munin library directories.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(munin, 1.6.1)
|
||||
policy_module(munin, 1.6.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user