Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.

Tunable, optional and if(n)def blocks go below.
This commit is contained in:
Dominick Grift 2010-09-22 11:23:25 +02:00
parent 68ac47d8c5
commit ef521e9919
5 changed files with 24 additions and 25 deletions

View File

@ -252,16 +252,15 @@ ifdef(`hide_broken_symptoms',`
domain_dontaudit_leaks(abrt_helper_t)
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
optional_policy(`
rpm_dontaudit_leaks(abrt_helper_t)
')
dev_dontaudit_read_all_blk_files(abrt_helper_t)
dev_dontaudit_read_all_chr_files(abrt_helper_t)
dev_dontaudit_write_all_chr_files(abrt_helper_t)
dev_dontaudit_write_all_blk_files(abrt_helper_t)
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
optional_policy(`
rpm_dontaudit_leaks(abrt_helper_t)
')
')
ifdef(`hide_broken_symptoms',`

View File

@ -82,10 +82,6 @@ files_var_filetrans(afs_t, afs_cache_t, { file dir })
kernel_rw_afs_state(afs_t)
ifdef(`hide_broken_symptoms',`
kernel_rw_unlabeled_files(afs_t)
')
corenet_all_recvfrom_unlabeled(afs_t)
corenet_all_recvfrom_netlabel(afs_t)
corenet_tcp_sendrecv_generic_if(afs_t)
@ -111,6 +107,10 @@ miscfiles_read_localization(afs_t)
sysnet_dns_name_resolve(afs_t)
ifdef(`hide_broken_symptoms',`
kernel_rw_unlabeled_files(afs_t)
')
########################################
#
# AFS bossserver local policy

View File

@ -220,16 +220,16 @@ clamav_stream_connect(freshclam_t)
userdom_stream_connect(freshclam_t)
optional_policy(`
cron_system_entry(freshclam_t, freshclam_exec_t)
')
tunable_policy(`clamd_use_jit',`
allow freshclam_t self:process execmem;
',`
dontaudit freshclam_t self:process execmem;
')
optional_policy(`
cron_system_entry(freshclam_t, freshclam_exec_t)
')
########################################
#
# clamscam local policy

View File

@ -99,10 +99,6 @@ files_lock_file(system_cronjob_lock_t)
type system_cronjob_tmp_t alias system_crond_tmp_t;
files_tmp_file(system_cronjob_tmp_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
')
type unconfined_cronjob_t;
domain_type(unconfined_cronjob_t)
domain_cron_exemption_target(unconfined_cronjob_t)
@ -122,6 +118,10 @@ typealias system_cronjob_var_lib_t alias system_crond_var_lib_t;
type system_cronjob_var_run_t;
files_pid_file(system_cronjob_var_run_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
')
########################################
#
# Admin crontab local policy
@ -263,6 +263,10 @@ tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all(crond_t)
')
tunable_policy(`fcron_crond',`
allow crond_t system_cron_spool_t:file manage_file_perms;
')
optional_policy(`
apache_search_sys_content(crond_t)
')
@ -287,10 +291,6 @@ optional_policy(`
mono_domtrans(crond_t)
')
tunable_policy(`fcron_crond',`
allow crond_t system_cron_spool_t:file manage_file_perms;
')
optional_policy(`
amanda_search_var_lib(crond_t)
')

View File

@ -609,10 +609,6 @@ userdom_dontaudit_search_admin_dir(cups_pdf_t)
lpd_manage_spool(cups_pdf_t)
optional_policy(`
gnome_read_config(cups_pdf_t)
')
tunable_policy(`use_nfs_home_dirs',`
fs_search_auto_mountpoints(cups_pdf_t)
fs_manage_nfs_dirs(cups_pdf_t)
@ -624,6 +620,10 @@ tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files(cups_pdf_t)
')
optional_policy(`
gnome_read_config(cups_pdf_t)
')
########################################
#
# HPLIP local policy