fix execmod all files rule in wine

This commit is contained in:
Chris PeBenito 2006-06-06 17:51:24 +00:00
parent fc2dac60c9
commit e51048a4e8
3 changed files with 34 additions and 4 deletions

View File

@ -1,5 +1,5 @@
policy_module(wine,1.1.0)
policy_module(wine,1.1.1)
########################################
#
@ -20,6 +20,5 @@ domain_entry_file(wine_t,wine_exec_t)
ifdef(`targeted_policy',`
allow wine_t self:process { execstack execmem };
unconfined_domain_noaudit(wine_t)
role system_r types wine_t;
allow wine_t file_type:file execmod;
files_execmod_all_files(wine_t)
')

View File

@ -450,6 +450,37 @@ interface(`files_read_all_files',`
')
')
########################################
## <summary>
## Allow shared library text relocations in all files.
## </summary>
## <desc>
## <p>
## Allow shared library text relocations in all files.
## </p>
## <p>
## This is added to support WINE in the targeted
## policy. It has no effect on the strict policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`files_execmod_all_files',`
ifdef(`targeted_policy',`
gen_require(`
attribute file_type;
')
allow $1 file_type:file execmod;
',`
errprint(__file__:__line__:` $0($1) has no effect in strict policy.'__endline__)
')
')
########################################
## <summary>
## Read all non-security files.

View File

@ -1,5 +1,5 @@
policy_module(files,1.2.9)
policy_module(files,1.2.10)
########################################
#