fix execmod all files rule in wine
This commit is contained in:
Chris PeBenito
parent
fc2dac60c9
commit
e51048a4e8
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(wine,1.1.0)
|
policy_module(wine,1.1.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -20,6 +20,5 @@ domain_entry_file(wine_t,wine_exec_t)
|
|||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
allow wine_t self:process { execstack execmem };
|
allow wine_t self:process { execstack execmem };
|
||||||
unconfined_domain_noaudit(wine_t)
|
unconfined_domain_noaudit(wine_t)
|
||||||
role system_r types wine_t;
|
files_execmod_all_files(wine_t)
|
||||||
allow wine_t file_type:file execmod;
|
|
||||||
')
|
')
|
||||||
|
|||||||
@ -450,6 +450,37 @@ interface(`files_read_all_files',`
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Allow shared library text relocations in all files.
|
||||||
|
## </summary>
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Allow shared library text relocations in all files.
|
||||||
|
## </p>
|
||||||
|
## <p>
|
||||||
|
## This is added to support WINE in the targeted
|
||||||
|
## policy. It has no effect on the strict policy.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`files_execmod_all_files',`
|
||||||
|
ifdef(`targeted_policy',`
|
||||||
|
gen_require(`
|
||||||
|
attribute file_type;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 file_type:file execmod;
|
||||||
|
',`
|
||||||
|
errprint(__file__:__line__:` $0($1) has no effect in strict policy.'__endline__)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read all non-security files.
|
## Read all non-security files.
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(files,1.2.9)
|
policy_module(files,1.2.10)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user