six simple patches from dan
This commit is contained in:
Chris PeBenito
parent
7782966db1
commit
f6a590d7b4
@ -150,6 +150,7 @@ template(`mozilla_per_role_template',`
|
||||
corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
|
||||
|
||||
dev_read_urand($1_mozilla_t)
|
||||
dev_read_rand($1_mozilla_t)
|
||||
dev_write_sound($1_mozilla_t)
|
||||
dev_read_sound($1_mozilla_t)
|
||||
dev_dontaudit_rw_dri($1_mozilla_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(mozilla,1.2.0)
|
||||
policy_module(mozilla,1.2.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(oddjob,1.2.0)
|
||||
policy_module(oddjob,1.2.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -27,7 +27,7 @@ files_pid_file(oddjob_var_run_t)
|
||||
# oddjob local policy
|
||||
#
|
||||
|
||||
allow oddjob_t self:capability { audit_write setgid } ;
|
||||
allow oddjob_t self:capability setgid;
|
||||
allow oddjob_t self:process { setexec signal };
|
||||
allow oddjob_t self:fifo_file { read write };
|
||||
allow oddjob_t self:unix_stream_socket create_stream_socket_perms;
|
||||
|
||||
@ -11,5 +11,5 @@
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/log/openvpn.* -- gen_context(system_u:object_r:openvpn_var_log_t,s0)
|
||||
/var/run/openvpn.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0)
|
||||
/var/log/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_log_t,s0)
|
||||
/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(openvpn,1.2.0)
|
||||
policy_module(openvpn,1.2.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ppp,1.4.0)
|
||||
policy_module(ppp,1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -155,7 +155,6 @@ domain_use_interactive_fds(pppd_t)
|
||||
|
||||
files_exec_etc_files(pppd_t)
|
||||
files_manage_etc_runtime_files(pppd_t)
|
||||
files_etc_filetrans_etc_runtime(pppd_t, { dir file })
|
||||
files_dontaudit_write_etc_files(pppd_t)
|
||||
|
||||
# for scripts
|
||||
@ -171,9 +170,9 @@ logging_send_syslog_msg(pppd_t)
|
||||
|
||||
miscfiles_read_localization(pppd_t)
|
||||
|
||||
sysnet_read_config(pppd_t)
|
||||
sysnet_exec_ifconfig(pppd_t)
|
||||
sysnet_manage_config(pppd_t)
|
||||
sysnet_etc_filetrans_config(pppd_t)
|
||||
|
||||
userdom_dontaudit_use_unpriv_user_fds(pppd_t)
|
||||
userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(setroubleshoot,1.3.0)
|
||||
policy_module(setroubleshoot,1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -28,7 +28,7 @@ files_pid_file(setroubleshoot_var_run_t)
|
||||
#
|
||||
|
||||
allow setroubleshootd_t self:capability { dac_override sys_tty_config };
|
||||
allow setroubleshootd_t self:process { signal getattr getsched };
|
||||
allow setroubleshootd_t self:process { signull signal getattr getsched };
|
||||
allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
|
||||
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(tftp,1.4.0)
|
||||
policy_module(tftp,1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -69,6 +69,7 @@ libs_use_shared_libs(tftpd_t)
|
||||
logging_send_syslog_msg(tftpd_t)
|
||||
|
||||
miscfiles_read_localization(tftpd_t)
|
||||
miscfiles_read_public_files(tftpd_t)
|
||||
|
||||
sysnet_read_config(tftpd_t)
|
||||
sysnet_use_ldap(tftpd_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user