trunk: minor amanda update from dan
This commit is contained in:
parent
7b61fe506d
commit
f5842c1fa5
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(amanda,1.5.1)
|
||||
policy_module(amanda,1.5.2)
|
||||
|
||||
#######################################
|
||||
#
|
||||
@ -70,7 +70,7 @@ optional_policy(`
|
||||
|
||||
allow amanda_t self:capability { chown dac_override setuid kill };
|
||||
allow amanda_t self:process { setpgid signal };
|
||||
allow amanda_t self:fifo_file { getattr read write ioctl lock };
|
||||
allow amanda_t self:fifo_file rw_fifo_file_perms;
|
||||
allow amanda_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow amanda_t self:unix_dgram_socket create_socket_perms;
|
||||
allow amanda_t self:tcp_socket create_stream_socket_perms;
|
||||
@ -85,18 +85,22 @@ allow amanda_t amanda_config_t:file { getattr read };
|
||||
|
||||
# access to amandas data structure
|
||||
allow amanda_t amanda_data_t:dir { read search write };
|
||||
allow amanda_t amanda_data_t:file { read write };
|
||||
allow amanda_t amanda_data_t:file manage_file_perms;
|
||||
|
||||
# access to amanda_dumpdates_t
|
||||
allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
|
||||
|
||||
can_exec(amanda_t,amanda_exec_t)
|
||||
can_exec(amanda_t,amanda_inetd_exec_t)
|
||||
|
||||
# access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
|
||||
allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
|
||||
allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
|
||||
allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
|
||||
|
||||
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
|
||||
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
|
||||
|
||||
manage_files_pattern(amanda_t,amanda_log_t,amanda_log_t)
|
||||
manage_dirs_pattern(amanda_t,amanda_log_t,amanda_log_t)
|
||||
logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
|
||||
|
Loading…
Reference in New Issue
Block a user