trunk: reorganize amanda and bind
This commit is contained in:
parent
bc01b352f6
commit
f48782758e
@ -112,8 +112,8 @@ kernel_read_kernel_sysctls(amanda_t)
|
|||||||
kernel_dontaudit_getattr_unlabeled_files(amanda_t)
|
kernel_dontaudit_getattr_unlabeled_files(amanda_t)
|
||||||
kernel_dontaudit_read_proc_symlinks(amanda_t)
|
kernel_dontaudit_read_proc_symlinks(amanda_t)
|
||||||
|
|
||||||
# Added for targeted policy
|
corecmd_exec_shell(amanda_t)
|
||||||
term_use_unallocated_ttys(amanda_t)
|
corecmd_exec_bin(amanda_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(amanda_t)
|
corenet_all_recvfrom_unlabeled(amanda_t)
|
||||||
corenet_all_recvfrom_netlabel(amanda_t)
|
corenet_all_recvfrom_netlabel(amanda_t)
|
||||||
@ -132,11 +132,6 @@ corenet_tcp_bind_all_rpc_ports(amanda_t)
|
|||||||
dev_getattr_all_blk_files(amanda_t)
|
dev_getattr_all_blk_files(amanda_t)
|
||||||
dev_getattr_all_chr_files(amanda_t)
|
dev_getattr_all_chr_files(amanda_t)
|
||||||
|
|
||||||
fs_getattr_xattr_fs(amanda_t)
|
|
||||||
fs_list_all(amanda_t)
|
|
||||||
|
|
||||||
storage_raw_read_fixed_disk(amanda_t)
|
|
||||||
|
|
||||||
files_read_etc_files(amanda_t)
|
files_read_etc_files(amanda_t)
|
||||||
files_read_etc_runtime_files(amanda_t)
|
files_read_etc_runtime_files(amanda_t)
|
||||||
files_list_all(amanda_t)
|
files_list_all(amanda_t)
|
||||||
@ -147,8 +142,13 @@ files_read_all_chr_files(amanda_t)
|
|||||||
files_getattr_all_pipes(amanda_t)
|
files_getattr_all_pipes(amanda_t)
|
||||||
files_getattr_all_sockets(amanda_t)
|
files_getattr_all_sockets(amanda_t)
|
||||||
|
|
||||||
corecmd_exec_shell(amanda_t)
|
fs_getattr_xattr_fs(amanda_t)
|
||||||
corecmd_exec_bin(amanda_t)
|
fs_list_all(amanda_t)
|
||||||
|
|
||||||
|
storage_raw_read_fixed_disk(amanda_t)
|
||||||
|
|
||||||
|
# Added for targeted policy
|
||||||
|
term_use_unallocated_ttys(amanda_t)
|
||||||
|
|
||||||
auth_use_nsswitch(amanda_t)
|
auth_use_nsswitch(amanda_t)
|
||||||
auth_read_shadow(amanda_t)
|
auth_read_shadow(amanda_t)
|
||||||
@ -193,6 +193,9 @@ files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file
|
|||||||
kernel_read_system_state(amanda_recover_t)
|
kernel_read_system_state(amanda_recover_t)
|
||||||
kernel_read_kernel_sysctls(amanda_recover_t)
|
kernel_read_kernel_sysctls(amanda_recover_t)
|
||||||
|
|
||||||
|
corecmd_exec_shell(amanda_recover_t)
|
||||||
|
corecmd_exec_bin(amanda_recover_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(amanda_recover_t)
|
corenet_all_recvfrom_unlabeled(amanda_recover_t)
|
||||||
corenet_all_recvfrom_netlabel(amanda_recover_t)
|
corenet_all_recvfrom_netlabel(amanda_recover_t)
|
||||||
corenet_tcp_sendrecv_all_if(amanda_recover_t)
|
corenet_tcp_sendrecv_all_if(amanda_recover_t)
|
||||||
@ -207,9 +210,6 @@ corenet_tcp_bind_reserved_port(amanda_recover_t)
|
|||||||
corenet_tcp_connect_amanda_port(amanda_recover_t)
|
corenet_tcp_connect_amanda_port(amanda_recover_t)
|
||||||
corenet_sendrecv_amanda_client_packets(amanda_recover_t)
|
corenet_sendrecv_amanda_client_packets(amanda_recover_t)
|
||||||
|
|
||||||
corecmd_exec_shell(amanda_recover_t)
|
|
||||||
corecmd_exec_bin(amanda_recover_t)
|
|
||||||
|
|
||||||
domain_use_interactive_fds(amanda_recover_t)
|
domain_use_interactive_fds(amanda_recover_t)
|
||||||
|
|
||||||
files_read_etc_files(amanda_recover_t)
|
files_read_etc_files(amanda_recover_t)
|
||||||
|
@ -100,6 +100,8 @@ kernel_read_kernel_sysctls(named_t)
|
|||||||
kernel_read_system_state(named_t)
|
kernel_read_system_state(named_t)
|
||||||
kernel_read_network_state(named_t)
|
kernel_read_network_state(named_t)
|
||||||
|
|
||||||
|
corecmd_search_bin(named_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(named_t)
|
corenet_all_recvfrom_unlabeled(named_t)
|
||||||
corenet_all_recvfrom_netlabel(named_t)
|
corenet_all_recvfrom_netlabel(named_t)
|
||||||
corenet_tcp_sendrecv_all_if(named_t)
|
corenet_tcp_sendrecv_all_if(named_t)
|
||||||
@ -122,12 +124,6 @@ corenet_udp_bind_all_unreserved_ports(named_t)
|
|||||||
|
|
||||||
dev_read_sysfs(named_t)
|
dev_read_sysfs(named_t)
|
||||||
dev_read_rand(named_t)
|
dev_read_rand(named_t)
|
||||||
|
|
||||||
fs_getattr_all_fs(named_t)
|
|
||||||
fs_search_auto_mountpoints(named_t)
|
|
||||||
|
|
||||||
corecmd_search_bin(named_t)
|
|
||||||
|
|
||||||
dev_read_urand(named_t)
|
dev_read_urand(named_t)
|
||||||
|
|
||||||
domain_use_interactive_fds(named_t)
|
domain_use_interactive_fds(named_t)
|
||||||
@ -135,6 +131,9 @@ domain_use_interactive_fds(named_t)
|
|||||||
files_read_etc_files(named_t)
|
files_read_etc_files(named_t)
|
||||||
files_read_etc_runtime_files(named_t)
|
files_read_etc_runtime_files(named_t)
|
||||||
|
|
||||||
|
fs_getattr_all_fs(named_t)
|
||||||
|
fs_search_auto_mountpoints(named_t)
|
||||||
|
|
||||||
auth_use_nsswitch(named_t)
|
auth_use_nsswitch(named_t)
|
||||||
|
|
||||||
libs_use_ld_so(named_t)
|
libs_use_ld_so(named_t)
|
||||||
@ -232,13 +231,13 @@ corenet_tcp_sendrecv_all_ports(ndc_t)
|
|||||||
corenet_tcp_connect_rndc_port(ndc_t)
|
corenet_tcp_connect_rndc_port(ndc_t)
|
||||||
corenet_sendrecv_rndc_client_packets(ndc_t)
|
corenet_sendrecv_rndc_client_packets(ndc_t)
|
||||||
|
|
||||||
fs_getattr_xattr_fs(ndc_t)
|
|
||||||
|
|
||||||
domain_use_interactive_fds(ndc_t)
|
domain_use_interactive_fds(ndc_t)
|
||||||
|
|
||||||
files_read_etc_files(ndc_t)
|
files_read_etc_files(ndc_t)
|
||||||
files_search_pids(ndc_t)
|
files_search_pids(ndc_t)
|
||||||
|
|
||||||
|
fs_getattr_xattr_fs(ndc_t)
|
||||||
|
|
||||||
init_use_fds(ndc_t)
|
init_use_fds(ndc_t)
|
||||||
init_use_script_ptys(ndc_t)
|
init_use_script_ptys(ndc_t)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user