fix execmod all files rule in wine
This commit is contained in:
parent
fc2dac60c9
commit
e51048a4e8
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(wine,1.1.0)
|
||||
policy_module(wine,1.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -20,6 +20,5 @@ domain_entry_file(wine_t,wine_exec_t)
|
||||
ifdef(`targeted_policy',`
|
||||
allow wine_t self:process { execstack execmem };
|
||||
unconfined_domain_noaudit(wine_t)
|
||||
role system_r types wine_t;
|
||||
allow wine_t file_type:file execmod;
|
||||
files_execmod_all_files(wine_t)
|
||||
')
|
||||
|
@ -450,6 +450,37 @@ interface(`files_read_all_files',`
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow shared library text relocations in all files.
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow shared library text relocations in all files.
|
||||
## </p>
|
||||
## <p>
|
||||
## This is added to support WINE in the targeted
|
||||
## policy. It has no effect on the strict policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`files_execmod_all_files',`
|
||||
ifdef(`targeted_policy',`
|
||||
gen_require(`
|
||||
attribute file_type;
|
||||
')
|
||||
|
||||
allow $1 file_type:file execmod;
|
||||
',`
|
||||
errprint(__file__:__line__:` $0($1) has no effect in strict policy.'__endline__)
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read all non-security files.
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(files,1.2.9)
|
||||
policy_module(files,1.2.10)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user