Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
This commit is contained in:
commit
f9f0731de4
@ -71844,7 +71844,7 @@ index 7be4ddf..f7021a0 100644
|
|||||||
+
|
+
|
||||||
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
|
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
|
||||||
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
|
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
|
||||||
index 4bf45cb..9c71d8e 100644
|
index 4bf45cb..30e39df 100644
|
||||||
--- a/policy/modules/kernel/kernel.if
|
--- a/policy/modules/kernel/kernel.if
|
||||||
+++ b/policy/modules/kernel/kernel.if
|
+++ b/policy/modules/kernel/kernel.if
|
||||||
@@ -267,7 +267,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
|
@@ -267,7 +267,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
|
||||||
@ -72106,12 +72106,12 @@ index 4bf45cb..9c71d8e 100644
|
|||||||
+## </summary>
|
+## </summary>
|
||||||
+## </param>
|
+## </param>
|
||||||
+#
|
+#
|
||||||
+interface(`kernel_stream_getattr',`
|
+interface(`kernel_stream_read',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type kernel_t;
|
+ type kernel_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ allow $1 kernel_t:unix_stream_socket getattr;
|
+ allow $1 kernel_t:unix_stream_socket { read getattr };
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
@ -82876,7 +82876,7 @@ index d26fe81..3f3a57f 100644
|
|||||||
+ allow $1 init_t:system undefined;
|
+ allow $1 init_t:system undefined;
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||||
index 5fb9683..dfa38ad 100644
|
index 5fb9683..13860f3 100644
|
||||||
--- a/policy/modules/system/init.te
|
--- a/policy/modules/system/init.te
|
||||||
+++ b/policy/modules/system/init.te
|
+++ b/policy/modules/system/init.te
|
||||||
@@ -16,6 +16,34 @@ gen_require(`
|
@@ -16,6 +16,34 @@ gen_require(`
|
||||||
@ -83047,7 +83047,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
mcs_process_set_categories(init_t)
|
mcs_process_set_categories(init_t)
|
||||||
mcs_killall(init_t)
|
mcs_killall(init_t)
|
||||||
|
|
||||||
@@ -156,22 +222,42 @@ mls_file_read_all_levels(init_t)
|
@@ -156,22 +222,41 @@ mls_file_read_all_levels(init_t)
|
||||||
mls_file_write_all_levels(init_t)
|
mls_file_write_all_levels(init_t)
|
||||||
mls_process_write_down(init_t)
|
mls_process_write_down(init_t)
|
||||||
mls_fd_use_all_levels(init_t)
|
mls_fd_use_all_levels(init_t)
|
||||||
@ -83076,7 +83076,6 @@ index 5fb9683..dfa38ad 100644
|
|||||||
+logging_send_audit_msgs(init_t)
|
+logging_send_audit_msgs(init_t)
|
||||||
logging_rw_generic_logs(init_t)
|
logging_rw_generic_logs(init_t)
|
||||||
+logging_relabel_devlog_dev(init_t)
|
+logging_relabel_devlog_dev(init_t)
|
||||||
+logging_stream_connect_syslog(init_t)
|
|
||||||
|
|
||||||
seutil_read_config(init_t)
|
seutil_read_config(init_t)
|
||||||
+seutil_read_module_store(init_t)
|
+seutil_read_module_store(init_t)
|
||||||
@ -83091,7 +83090,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
allow init_t self:process { getcap setcap };
|
allow init_t self:process { getcap setcap };
|
||||||
@@ -180,12 +266,15 @@ ifdef(`distro_gentoo',`
|
@@ -180,12 +265,18 @@ ifdef(`distro_gentoo',`
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@ -83101,6 +83100,9 @@ index 5fb9683..dfa38ad 100644
|
|||||||
fs_read_tmpfs_symlinks(init_t)
|
fs_read_tmpfs_symlinks(init_t)
|
||||||
fs_rw_tmpfs_chr_files(init_t)
|
fs_rw_tmpfs_chr_files(init_t)
|
||||||
fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
|
fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
|
||||||
|
+
|
||||||
|
+ logging_stream_connect_syslog(init_t)
|
||||||
|
+ logging_relabel_syslog_pid_socket(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
-tunable_policy(`init_upstart',`
|
-tunable_policy(`init_upstart',`
|
||||||
@ -83108,7 +83110,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
corecmd_shell_domtrans(init_t, initrc_t)
|
corecmd_shell_domtrans(init_t, initrc_t)
|
||||||
',`
|
',`
|
||||||
# Run the shell in the sysadm role for single-user mode.
|
# Run the shell in the sysadm role for single-user mode.
|
||||||
@@ -193,16 +282,148 @@ tunable_policy(`init_upstart',`
|
@@ -193,16 +284,148 @@ tunable_policy(`init_upstart',`
|
||||||
sysadm_shell_domtrans(init_t)
|
sysadm_shell_domtrans(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -83259,7 +83261,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -210,6 +431,18 @@ optional_policy(`
|
@@ -210,6 +433,18 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83278,7 +83280,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
unconfined_domain(init_t)
|
unconfined_domain(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -219,8 +452,8 @@ optional_policy(`
|
@@ -219,8 +454,8 @@ optional_policy(`
|
||||||
#
|
#
|
||||||
|
|
||||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||||
@ -83289,7 +83291,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
allow initrc_t self:passwd rootok;
|
allow initrc_t self:passwd rootok;
|
||||||
allow initrc_t self:key manage_key_perms;
|
allow initrc_t self:key manage_key_perms;
|
||||||
|
|
||||||
@@ -248,12 +481,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
@@ -248,12 +483,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
||||||
|
|
||||||
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
||||||
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
||||||
@ -83305,7 +83307,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
init_write_initctl(initrc_t)
|
init_write_initctl(initrc_t)
|
||||||
|
|
||||||
@@ -265,20 +501,34 @@ kernel_change_ring_buffer_level(initrc_t)
|
@@ -265,20 +503,34 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||||
kernel_clear_ring_buffer(initrc_t)
|
kernel_clear_ring_buffer(initrc_t)
|
||||||
kernel_get_sysvipc_info(initrc_t)
|
kernel_get_sysvipc_info(initrc_t)
|
||||||
kernel_read_all_sysctls(initrc_t)
|
kernel_read_all_sysctls(initrc_t)
|
||||||
@ -83345,7 +83347,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
corenet_tcp_sendrecv_all_ports(initrc_t)
|
corenet_tcp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_udp_sendrecv_all_ports(initrc_t)
|
corenet_udp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_tcp_connect_all_ports(initrc_t)
|
corenet_tcp_connect_all_ports(initrc_t)
|
||||||
@@ -286,6 +536,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
@@ -286,6 +538,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
||||||
|
|
||||||
dev_read_rand(initrc_t)
|
dev_read_rand(initrc_t)
|
||||||
dev_read_urand(initrc_t)
|
dev_read_urand(initrc_t)
|
||||||
@ -83353,7 +83355,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
dev_write_kmsg(initrc_t)
|
dev_write_kmsg(initrc_t)
|
||||||
dev_write_rand(initrc_t)
|
dev_write_rand(initrc_t)
|
||||||
dev_write_urand(initrc_t)
|
dev_write_urand(initrc_t)
|
||||||
@@ -296,8 +547,10 @@ dev_write_framebuffer(initrc_t)
|
@@ -296,8 +549,10 @@ dev_write_framebuffer(initrc_t)
|
||||||
dev_read_realtime_clock(initrc_t)
|
dev_read_realtime_clock(initrc_t)
|
||||||
dev_read_sound_mixer(initrc_t)
|
dev_read_sound_mixer(initrc_t)
|
||||||
dev_write_sound_mixer(initrc_t)
|
dev_write_sound_mixer(initrc_t)
|
||||||
@ -83364,7 +83366,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
dev_delete_lvm_control_dev(initrc_t)
|
dev_delete_lvm_control_dev(initrc_t)
|
||||||
dev_manage_generic_symlinks(initrc_t)
|
dev_manage_generic_symlinks(initrc_t)
|
||||||
dev_manage_generic_files(initrc_t)
|
dev_manage_generic_files(initrc_t)
|
||||||
@@ -305,17 +558,16 @@ dev_manage_generic_files(initrc_t)
|
@@ -305,17 +560,16 @@ dev_manage_generic_files(initrc_t)
|
||||||
dev_delete_generic_symlinks(initrc_t)
|
dev_delete_generic_symlinks(initrc_t)
|
||||||
dev_getattr_all_blk_files(initrc_t)
|
dev_getattr_all_blk_files(initrc_t)
|
||||||
dev_getattr_all_chr_files(initrc_t)
|
dev_getattr_all_chr_files(initrc_t)
|
||||||
@ -83384,7 +83386,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
domain_getsession_all_domains(initrc_t)
|
domain_getsession_all_domains(initrc_t)
|
||||||
domain_use_interactive_fds(initrc_t)
|
domain_use_interactive_fds(initrc_t)
|
||||||
# for lsof which is used by alsa shutdown:
|
# for lsof which is used by alsa shutdown:
|
||||||
@@ -323,6 +575,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
@@ -323,6 +577,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_pipes(initrc_t)
|
domain_dontaudit_getattr_all_pipes(initrc_t)
|
||||||
@ -83392,7 +83394,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
files_getattr_all_dirs(initrc_t)
|
files_getattr_all_dirs(initrc_t)
|
||||||
files_getattr_all_files(initrc_t)
|
files_getattr_all_files(initrc_t)
|
||||||
@@ -330,8 +583,10 @@ files_getattr_all_symlinks(initrc_t)
|
@@ -330,8 +585,10 @@ files_getattr_all_symlinks(initrc_t)
|
||||||
files_getattr_all_pipes(initrc_t)
|
files_getattr_all_pipes(initrc_t)
|
||||||
files_getattr_all_sockets(initrc_t)
|
files_getattr_all_sockets(initrc_t)
|
||||||
files_purge_tmp(initrc_t)
|
files_purge_tmp(initrc_t)
|
||||||
@ -83404,7 +83406,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
files_delete_all_pids(initrc_t)
|
files_delete_all_pids(initrc_t)
|
||||||
files_delete_all_pid_dirs(initrc_t)
|
files_delete_all_pid_dirs(initrc_t)
|
||||||
files_read_etc_files(initrc_t)
|
files_read_etc_files(initrc_t)
|
||||||
@@ -347,8 +602,12 @@ files_list_isid_type_dirs(initrc_t)
|
@@ -347,8 +604,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||||
files_mounton_isid_type_dirs(initrc_t)
|
files_mounton_isid_type_dirs(initrc_t)
|
||||||
files_list_default(initrc_t)
|
files_list_default(initrc_t)
|
||||||
files_mounton_default(initrc_t)
|
files_mounton_default(initrc_t)
|
||||||
@ -83418,7 +83420,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
fs_list_inotifyfs(initrc_t)
|
fs_list_inotifyfs(initrc_t)
|
||||||
fs_register_binary_executable_type(initrc_t)
|
fs_register_binary_executable_type(initrc_t)
|
||||||
# rhgb-console writes to ramfs
|
# rhgb-console writes to ramfs
|
||||||
@@ -358,9 +617,12 @@ fs_mount_all_fs(initrc_t)
|
@@ -358,9 +619,12 @@ fs_mount_all_fs(initrc_t)
|
||||||
fs_unmount_all_fs(initrc_t)
|
fs_unmount_all_fs(initrc_t)
|
||||||
fs_remount_all_fs(initrc_t)
|
fs_remount_all_fs(initrc_t)
|
||||||
fs_getattr_all_fs(initrc_t)
|
fs_getattr_all_fs(initrc_t)
|
||||||
@ -83432,7 +83434,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
mcs_killall(initrc_t)
|
mcs_killall(initrc_t)
|
||||||
mcs_process_set_categories(initrc_t)
|
mcs_process_set_categories(initrc_t)
|
||||||
|
|
||||||
@@ -370,6 +632,7 @@ mls_process_read_up(initrc_t)
|
@@ -370,6 +634,7 @@ mls_process_read_up(initrc_t)
|
||||||
mls_process_write_down(initrc_t)
|
mls_process_write_down(initrc_t)
|
||||||
mls_rangetrans_source(initrc_t)
|
mls_rangetrans_source(initrc_t)
|
||||||
mls_fd_share_all_levels(initrc_t)
|
mls_fd_share_all_levels(initrc_t)
|
||||||
@ -83440,7 +83442,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
selinux_get_enforce_mode(initrc_t)
|
selinux_get_enforce_mode(initrc_t)
|
||||||
|
|
||||||
@@ -381,6 +644,7 @@ term_use_all_terms(initrc_t)
|
@@ -381,6 +646,7 @@ term_use_all_terms(initrc_t)
|
||||||
term_reset_tty_labels(initrc_t)
|
term_reset_tty_labels(initrc_t)
|
||||||
|
|
||||||
auth_rw_login_records(initrc_t)
|
auth_rw_login_records(initrc_t)
|
||||||
@ -83448,7 +83450,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
auth_setattr_login_records(initrc_t)
|
auth_setattr_login_records(initrc_t)
|
||||||
auth_rw_lastlog(initrc_t)
|
auth_rw_lastlog(initrc_t)
|
||||||
auth_read_pam_pid(initrc_t)
|
auth_read_pam_pid(initrc_t)
|
||||||
@@ -401,18 +665,17 @@ logging_read_audit_config(initrc_t)
|
@@ -401,18 +667,17 @@ logging_read_audit_config(initrc_t)
|
||||||
|
|
||||||
miscfiles_read_localization(initrc_t)
|
miscfiles_read_localization(initrc_t)
|
||||||
# slapd needs to read cert files from its initscript
|
# slapd needs to read cert files from its initscript
|
||||||
@ -83470,7 +83472,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
dev_setattr_generic_dirs(initrc_t)
|
dev_setattr_generic_dirs(initrc_t)
|
||||||
@@ -465,6 +728,10 @@ ifdef(`distro_gentoo',`
|
@@ -465,6 +730,10 @@ ifdef(`distro_gentoo',`
|
||||||
sysnet_setattr_config(initrc_t)
|
sysnet_setattr_config(initrc_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83481,7 +83483,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
alsa_read_lib(initrc_t)
|
alsa_read_lib(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -485,7 +752,7 @@ ifdef(`distro_redhat',`
|
@@ -485,7 +754,7 @@ ifdef(`distro_redhat',`
|
||||||
|
|
||||||
# Red Hat systems seem to have a stray
|
# Red Hat systems seem to have a stray
|
||||||
# fd open from the initrd
|
# fd open from the initrd
|
||||||
@ -83490,7 +83492,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
files_dontaudit_read_root_files(initrc_t)
|
files_dontaudit_read_root_files(initrc_t)
|
||||||
|
|
||||||
# These seem to be from the initrd
|
# These seem to be from the initrd
|
||||||
@@ -500,6 +767,7 @@ ifdef(`distro_redhat',`
|
@@ -500,6 +769,7 @@ ifdef(`distro_redhat',`
|
||||||
files_create_boot_dirs(initrc_t)
|
files_create_boot_dirs(initrc_t)
|
||||||
files_create_boot_flag(initrc_t)
|
files_create_boot_flag(initrc_t)
|
||||||
files_rw_boot_symlinks(initrc_t)
|
files_rw_boot_symlinks(initrc_t)
|
||||||
@ -83498,7 +83500,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
# wants to read /.fonts directory
|
# wants to read /.fonts directory
|
||||||
files_read_default_files(initrc_t)
|
files_read_default_files(initrc_t)
|
||||||
files_mountpoint(initrc_tmp_t)
|
files_mountpoint(initrc_tmp_t)
|
||||||
@@ -520,6 +788,7 @@ ifdef(`distro_redhat',`
|
@@ -520,6 +790,7 @@ ifdef(`distro_redhat',`
|
||||||
miscfiles_rw_localization(initrc_t)
|
miscfiles_rw_localization(initrc_t)
|
||||||
miscfiles_setattr_localization(initrc_t)
|
miscfiles_setattr_localization(initrc_t)
|
||||||
miscfiles_relabel_localization(initrc_t)
|
miscfiles_relabel_localization(initrc_t)
|
||||||
@ -83506,7 +83508,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
miscfiles_read_fonts(initrc_t)
|
miscfiles_read_fonts(initrc_t)
|
||||||
miscfiles_read_hwdata(initrc_t)
|
miscfiles_read_hwdata(initrc_t)
|
||||||
@@ -529,8 +798,35 @@ ifdef(`distro_redhat',`
|
@@ -529,8 +800,35 @@ ifdef(`distro_redhat',`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83542,7 +83544,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -538,14 +834,27 @@ ifdef(`distro_redhat',`
|
@@ -538,14 +836,27 @@ ifdef(`distro_redhat',`
|
||||||
rpc_write_exports(initrc_t)
|
rpc_write_exports(initrc_t)
|
||||||
rpc_manage_nfs_state_data(initrc_t)
|
rpc_manage_nfs_state_data(initrc_t)
|
||||||
')
|
')
|
||||||
@ -83570,7 +83572,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -556,6 +865,39 @@ ifdef(`distro_suse',`
|
@@ -556,6 +867,39 @@ ifdef(`distro_suse',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -83610,7 +83612,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -568,6 +910,8 @@ optional_policy(`
|
@@ -568,6 +912,8 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_read_config(initrc_t)
|
apache_read_config(initrc_t)
|
||||||
apache_list_modules(initrc_t)
|
apache_list_modules(initrc_t)
|
||||||
@ -83619,7 +83621,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -589,6 +933,7 @@ optional_policy(`
|
@@ -589,6 +935,7 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cgroup_stream_connect_cgred(initrc_t)
|
cgroup_stream_connect_cgred(initrc_t)
|
||||||
@ -83627,7 +83629,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -601,6 +946,17 @@ optional_policy(`
|
@@ -601,6 +948,17 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83645,7 +83647,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
dev_getattr_printer_dev(initrc_t)
|
dev_getattr_printer_dev(initrc_t)
|
||||||
|
|
||||||
cups_read_log(initrc_t)
|
cups_read_log(initrc_t)
|
||||||
@@ -617,9 +973,13 @@ optional_policy(`
|
@@ -617,9 +975,13 @@ optional_policy(`
|
||||||
dbus_connect_system_bus(initrc_t)
|
dbus_connect_system_bus(initrc_t)
|
||||||
dbus_system_bus_client(initrc_t)
|
dbus_system_bus_client(initrc_t)
|
||||||
dbus_read_config(initrc_t)
|
dbus_read_config(initrc_t)
|
||||||
@ -83659,7 +83661,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -644,6 +1004,10 @@ optional_policy(`
|
@@ -644,6 +1006,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83670,7 +83672,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
gpm_setattr_gpmctl(initrc_t)
|
gpm_setattr_gpmctl(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -661,6 +1025,15 @@ optional_policy(`
|
@@ -661,6 +1027,15 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83686,7 +83688,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
inn_exec_config(initrc_t)
|
inn_exec_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -701,6 +1074,7 @@ optional_policy(`
|
@@ -701,6 +1076,7 @@ optional_policy(`
|
||||||
lpd_list_spool(initrc_t)
|
lpd_list_spool(initrc_t)
|
||||||
|
|
||||||
lpd_read_config(initrc_t)
|
lpd_read_config(initrc_t)
|
||||||
@ -83694,7 +83696,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -718,7 +1092,13 @@ optional_policy(`
|
@@ -718,7 +1094,13 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83708,7 +83710,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -741,6 +1121,10 @@ optional_policy(`
|
@@ -741,6 +1123,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83719,7 +83721,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
postgresql_manage_db(initrc_t)
|
postgresql_manage_db(initrc_t)
|
||||||
postgresql_read_config(initrc_t)
|
postgresql_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -750,10 +1134,20 @@ optional_policy(`
|
@@ -750,10 +1136,20 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83740,7 +83742,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
quota_manage_flags(initrc_t)
|
quota_manage_flags(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -762,6 +1156,10 @@ optional_policy(`
|
@@ -762,6 +1158,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83751,7 +83753,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
fs_write_ramfs_sockets(initrc_t)
|
fs_write_ramfs_sockets(initrc_t)
|
||||||
fs_search_ramfs(initrc_t)
|
fs_search_ramfs(initrc_t)
|
||||||
|
|
||||||
@@ -783,8 +1181,6 @@ optional_policy(`
|
@@ -783,8 +1183,6 @@ optional_policy(`
|
||||||
# bash tries ioctl for some reason
|
# bash tries ioctl for some reason
|
||||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||||
|
|
||||||
@ -83760,7 +83762,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -793,6 +1189,10 @@ optional_policy(`
|
@@ -793,6 +1191,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83771,7 +83773,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
# shorewall-init script run /var/lib/shorewall/firewall
|
# shorewall-init script run /var/lib/shorewall/firewall
|
||||||
shorewall_lib_domtrans(initrc_t)
|
shorewall_lib_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -802,10 +1202,12 @@ optional_policy(`
|
@@ -802,10 +1204,12 @@ optional_policy(`
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -83784,7 +83786,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_dontaudit_read_server_keys(initrc_t)
|
ssh_dontaudit_read_server_keys(initrc_t)
|
||||||
@@ -817,7 +1219,6 @@ optional_policy(`
|
@@ -817,7 +1221,6 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83792,7 +83794,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
udev_manage_pid_files(initrc_t)
|
udev_manage_pid_files(initrc_t)
|
||||||
udev_manage_rules_files(initrc_t)
|
udev_manage_rules_files(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -827,12 +1228,30 @@ optional_policy(`
|
@@ -827,12 +1230,30 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83825,7 +83827,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
# system-config-services causes avc messages that should be dontaudited
|
# system-config-services causes avc messages that should be dontaudited
|
||||||
@@ -842,6 +1261,18 @@ optional_policy(`
|
@@ -842,6 +1263,18 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mono_domtrans(initrc_t)
|
mono_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@ -83844,7 +83846,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -857,6 +1288,10 @@ optional_policy(`
|
@@ -857,6 +1290,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -83855,7 +83857,7 @@ index 5fb9683..dfa38ad 100644
|
|||||||
# Set device ownerships/modes.
|
# Set device ownerships/modes.
|
||||||
xserver_setattr_console_pipes(initrc_t)
|
xserver_setattr_console_pipes(initrc_t)
|
||||||
|
|
||||||
@@ -867,3 +1302,165 @@ optional_policy(`
|
@@ -867,3 +1304,165 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@ -85350,7 +85352,7 @@ index 02f4c97..be8c9a1 100644
|
|||||||
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
|
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
|
||||||
+
|
+
|
||||||
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
|
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
|
||||||
index 321bb13..7b4e560 100644
|
index 321bb13..e7fd936 100644
|
||||||
--- a/policy/modules/system/logging.if
|
--- a/policy/modules/system/logging.if
|
||||||
+++ b/policy/modules/system/logging.if
|
+++ b/policy/modules/system/logging.if
|
||||||
@@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
|
@@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
|
||||||
@ -85435,7 +85437,7 @@ index 321bb13..7b4e560 100644
|
|||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Send system log messages.
|
## Send system log messages.
|
||||||
@@ -546,6 +603,66 @@ interface(`logging_send_syslog_msg',`
|
@@ -546,6 +603,84 @@ interface(`logging_send_syslog_msg',`
|
||||||
# will write to the console.
|
# will write to the console.
|
||||||
term_write_console($1)
|
term_write_console($1)
|
||||||
term_dontaudit_read_console($1)
|
term_dontaudit_read_console($1)
|
||||||
@ -85484,6 +85486,24 @@ index 321bb13..7b4e560 100644
|
|||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Relabel the syslog pid sock_file.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`logging_relabel_syslog_pid_socket',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type devlog_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 syslogd_var_run_t:sock_file relabel_sock_file_perms;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
+## Connect to the syslog control unix stream socket.
|
+## Connect to the syslog control unix stream socket.
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -85502,7 +85522,7 @@ index 321bb13..7b4e560 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -739,7 +856,25 @@ interface(`logging_append_all_logs',`
|
@@ -739,7 +874,25 @@ interface(`logging_append_all_logs',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
@ -85529,7 +85549,7 @@ index 321bb13..7b4e560 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -822,7 +957,7 @@ interface(`logging_manage_all_logs',`
|
@@ -822,7 +975,7 @@ interface(`logging_manage_all_logs',`
|
||||||
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
manage_files_pattern($1, logfile, logfile)
|
manage_files_pattern($1, logfile, logfile)
|
||||||
@ -85538,7 +85558,7 @@ index 321bb13..7b4e560 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -848,6 +983,44 @@ interface(`logging_read_generic_logs',`
|
@@ -848,6 +1001,44 @@ interface(`logging_read_generic_logs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -85583,7 +85603,7 @@ index 321bb13..7b4e560 100644
|
|||||||
## Write generic log files.
|
## Write generic log files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -947,11 +1120,16 @@ interface(`logging_admin_audit',`
|
@@ -947,11 +1138,16 @@ interface(`logging_admin_audit',`
|
||||||
type auditd_t, auditd_etc_t, auditd_log_t;
|
type auditd_t, auditd_etc_t, auditd_log_t;
|
||||||
type auditd_var_run_t;
|
type auditd_var_run_t;
|
||||||
type auditd_initrc_exec_t;
|
type auditd_initrc_exec_t;
|
||||||
@ -85601,7 +85621,7 @@ index 321bb13..7b4e560 100644
|
|||||||
manage_dirs_pattern($1, auditd_etc_t, auditd_etc_t)
|
manage_dirs_pattern($1, auditd_etc_t, auditd_etc_t)
|
||||||
manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
|
manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
|
||||||
|
|
||||||
@@ -967,6 +1145,33 @@ interface(`logging_admin_audit',`
|
@@ -967,6 +1163,33 @@ interface(`logging_admin_audit',`
|
||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
role_transition $2 auditd_initrc_exec_t system_r;
|
role_transition $2 auditd_initrc_exec_t system_r;
|
||||||
allow $2 system_r;
|
allow $2 system_r;
|
||||||
@ -85635,7 +85655,7 @@ index 321bb13..7b4e560 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -995,10 +1200,15 @@ interface(`logging_admin_syslog',`
|
@@ -995,10 +1218,15 @@ interface(`logging_admin_syslog',`
|
||||||
type syslogd_initrc_exec_t;
|
type syslogd_initrc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -85653,7 +85673,7 @@ index 321bb13..7b4e560 100644
|
|||||||
|
|
||||||
manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t)
|
manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t)
|
||||||
manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t)
|
manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t)
|
||||||
@@ -1020,6 +1230,8 @@ interface(`logging_admin_syslog',`
|
@@ -1020,6 +1248,8 @@ interface(`logging_admin_syslog',`
|
||||||
manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
|
manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
|
||||||
|
|
||||||
logging_manage_all_logs($1)
|
logging_manage_all_logs($1)
|
||||||
@ -85662,7 +85682,7 @@ index 321bb13..7b4e560 100644
|
|||||||
|
|
||||||
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
|
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
|
||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
@@ -1048,3 +1260,29 @@ interface(`logging_admin',`
|
@@ -1048,3 +1278,29 @@ interface(`logging_admin',`
|
||||||
logging_admin_audit($1, $2)
|
logging_admin_audit($1, $2)
|
||||||
logging_admin_syslog($1, $2)
|
logging_admin_syslog($1, $2)
|
||||||
')
|
')
|
||||||
@ -85693,7 +85713,7 @@ index 321bb13..7b4e560 100644
|
|||||||
+ init_named_pid_filetrans($1, syslogd_var_run_t, dir, "journal")
|
+ init_named_pid_filetrans($1, syslogd_var_run_t, dir, "journal")
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
|
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
|
||||||
index 92555db..6970a23 100644
|
index 92555db..bec9a0b 100644
|
||||||
--- a/policy/modules/system/logging.te
|
--- a/policy/modules/system/logging.te
|
||||||
+++ b/policy/modules/system/logging.te
|
+++ b/policy/modules/system/logging.te
|
||||||
@@ -5,6 +5,20 @@ policy_module(logging, 1.18.2)
|
@@ -5,6 +5,20 @@ policy_module(logging, 1.18.2)
|
||||||
@ -85897,7 +85917,7 @@ index 92555db..6970a23 100644
|
|||||||
manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
|
manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
|
||||||
files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
|
files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
|
||||||
|
|
||||||
+kernel_stream_getattr(syslogd_t)
|
+kernel_stream_read(syslogd_t)
|
||||||
kernel_read_system_state(syslogd_t)
|
kernel_read_system_state(syslogd_t)
|
||||||
kernel_read_kernel_sysctls(syslogd_t)
|
kernel_read_kernel_sysctls(syslogd_t)
|
||||||
kernel_read_proc_symlinks(syslogd_t)
|
kernel_read_proc_symlinks(syslogd_t)
|
||||||
@ -86200,7 +86220,7 @@ index 58bc27f..51e9872 100644
|
|||||||
+ allow $1 lvm_var_run_t:fifo_file rw_inherited_fifo_file_perms;
|
+ allow $1 lvm_var_run_t:fifo_file rw_inherited_fifo_file_perms;
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
|
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
|
||||||
index 7b6bcb9..61aa1ce 100644
|
index 7b6bcb9..08b4b7e 100644
|
||||||
--- a/policy/modules/system/lvm.te
|
--- a/policy/modules/system/lvm.te
|
||||||
+++ b/policy/modules/system/lvm.te
|
+++ b/policy/modules/system/lvm.te
|
||||||
@@ -12,6 +12,9 @@ init_daemon_domain(clvmd_t, clvmd_exec_t)
|
@@ -12,6 +12,9 @@ init_daemon_domain(clvmd_t, clvmd_exec_t)
|
||||||
@ -86359,16 +86379,17 @@ index 7b6bcb9..61aa1ce 100644
|
|||||||
|
|
||||||
init_use_fds(lvm_t)
|
init_use_fds(lvm_t)
|
||||||
init_dontaudit_getattr_initctl(lvm_t)
|
init_dontaudit_getattr_initctl(lvm_t)
|
||||||
@@ -292,6 +314,8 @@ init_read_script_state(lvm_t)
|
@@ -291,6 +313,9 @@ init_use_script_ptys(lvm_t)
|
||||||
|
init_read_script_state(lvm_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(lvm_t)
|
logging_send_syslog_msg(lvm_t)
|
||||||
|
+logging_stream_connect_syslog(lvm_t)
|
||||||
+authlogin_rw_pipes(lvm_t)
|
|
||||||
+
|
+
|
||||||
|
+authlogin_rw_pipes(lvm_t)
|
||||||
|
|
||||||
miscfiles_read_localization(lvm_t)
|
miscfiles_read_localization(lvm_t)
|
||||||
|
|
||||||
seutil_read_config(lvm_t)
|
@@ -299,7 +324,10 @@ seutil_read_file_contexts(lvm_t)
|
||||||
@@ -299,7 +323,10 @@ seutil_read_file_contexts(lvm_t)
|
|
||||||
seutil_search_default_contexts(lvm_t)
|
seutil_search_default_contexts(lvm_t)
|
||||||
seutil_sigchld_newrole(lvm_t)
|
seutil_sigchld_newrole(lvm_t)
|
||||||
|
|
||||||
@ -86379,7 +86400,7 @@ index 7b6bcb9..61aa1ce 100644
|
|||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
# this is from the initrd:
|
# this is from the initrd:
|
||||||
@@ -311,6 +338,11 @@ ifdef(`distro_redhat',`
|
@@ -311,6 +339,11 @@ ifdef(`distro_redhat',`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -86391,7 +86412,7 @@ index 7b6bcb9..61aa1ce 100644
|
|||||||
bootloader_rw_tmp_files(lvm_t)
|
bootloader_rw_tmp_files(lvm_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -331,14 +363,27 @@ optional_policy(`
|
@@ -331,14 +364,27 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -40986,7 +40986,7 @@ index 9759ed8..17c097d 100644
|
|||||||
admin_pattern($1, plymouthd_var_run_t)
|
admin_pattern($1, plymouthd_var_run_t)
|
||||||
')
|
')
|
||||||
diff --git a/plymouthd.te b/plymouthd.te
|
diff --git a/plymouthd.te b/plymouthd.te
|
||||||
index 86700ed..9ee1a3f 100644
|
index 86700ed..1600742 100644
|
||||||
--- a/plymouthd.te
|
--- a/plymouthd.te
|
||||||
+++ b/plymouthd.te
|
+++ b/plymouthd.te
|
||||||
@@ -1,4 +1,4 @@
|
@@ -1,4 +1,4 @@
|
||||||
@ -41029,11 +41029,13 @@ index 86700ed..9ee1a3f 100644
|
|||||||
manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
|
manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
|
||||||
manage_files_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
|
manage_files_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t)
|
||||||
files_pid_filetrans(plymouthd_t, plymouthd_var_run_t, { file dir })
|
files_pid_filetrans(plymouthd_t, plymouthd_var_run_t, { file dir })
|
||||||
@@ -60,10 +68,32 @@ domain_use_interactive_fds(plymouthd_t)
|
@@ -60,10 +68,34 @@ domain_use_interactive_fds(plymouthd_t)
|
||||||
files_read_etc_files(plymouthd_t)
|
files_read_etc_files(plymouthd_t)
|
||||||
files_read_usr_files(plymouthd_t)
|
files_read_usr_files(plymouthd_t)
|
||||||
|
|
||||||
+term_use_unallocated_ttys(plymouthd_t)
|
+term_getattr_pty_fs(plymouthd_t)
|
||||||
|
+term_use_all_terms(plymouthd_t)
|
||||||
|
+term_use_ptmx(plymouthd_t)
|
||||||
+
|
+
|
||||||
+init_signal(plymouthd_t)
|
+init_signal(plymouthd_t)
|
||||||
+
|
+
|
||||||
@ -41062,7 +41064,7 @@ index 86700ed..9ee1a3f 100644
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Plymouth private policy
|
# Plymouth private policy
|
||||||
@@ -74,6 +104,7 @@ allow plymouth_t self:fifo_file rw_file_perms;
|
@@ -74,6 +106,7 @@ allow plymouth_t self:fifo_file rw_file_perms;
|
||||||
allow plymouth_t self:unix_stream_socket create_stream_socket_perms;
|
allow plymouth_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
|
||||||
kernel_read_system_state(plymouth_t)
|
kernel_read_system_state(plymouth_t)
|
||||||
@ -61994,7 +61996,7 @@ index 7c5d8d8..9883b66 100644
|
|||||||
+ files_pid_filetrans($1, virt_lxc_var_run_t, dir, "libvirt-sandbox")
|
+ files_pid_filetrans($1, virt_lxc_var_run_t, dir, "libvirt-sandbox")
|
||||||
')
|
')
|
||||||
diff --git a/virt.te b/virt.te
|
diff --git a/virt.te b/virt.te
|
||||||
index ad3068a..1157058 100644
|
index ad3068a..dcde4ba 100644
|
||||||
--- a/virt.te
|
--- a/virt.te
|
||||||
+++ b/virt.te
|
+++ b/virt.te
|
||||||
@@ -5,56 +5,87 @@ policy_module(virt, 1.4.2)
|
@@ -5,56 +5,87 @@ policy_module(virt, 1.4.2)
|
||||||
@ -62615,7 +62617,7 @@ index ad3068a..1157058 100644
|
|||||||
files_read_usr_files(virt_domain)
|
files_read_usr_files(virt_domain)
|
||||||
files_read_var_files(virt_domain)
|
files_read_var_files(virt_domain)
|
||||||
files_search_all(virt_domain)
|
files_search_all(virt_domain)
|
||||||
@@ -449,25 +662,442 @@ files_search_all(virt_domain)
|
@@ -449,25 +662,441 @@ files_search_all(virt_domain)
|
||||||
fs_getattr_tmpfs(virt_domain)
|
fs_getattr_tmpfs(virt_domain)
|
||||||
fs_rw_anon_inodefs_files(virt_domain)
|
fs_rw_anon_inodefs_files(virt_domain)
|
||||||
fs_rw_tmpfs_files(virt_domain)
|
fs_rw_tmpfs_files(virt_domain)
|
||||||
@ -62623,12 +62625,12 @@ index ad3068a..1157058 100644
|
|||||||
+fs_rw_inherited_nfs_files(virt_domain)
|
+fs_rw_inherited_nfs_files(virt_domain)
|
||||||
+fs_rw_inherited_cifs_files(virt_domain)
|
+fs_rw_inherited_cifs_files(virt_domain)
|
||||||
+fs_rw_inherited_noxattr_fs_files(virt_domain)
|
+fs_rw_inherited_noxattr_fs_files(virt_domain)
|
||||||
+
|
|
||||||
|
-term_use_all_terms(virt_domain)
|
||||||
+# I think we need these for now.
|
+# I think we need these for now.
|
||||||
+miscfiles_read_public_files(virt_domain)
|
+miscfiles_read_public_files(virt_domain)
|
||||||
+storage_raw_read_removable_device(virt_domain)
|
+storage_raw_read_removable_device(virt_domain)
|
||||||
|
+
|
||||||
-term_use_all_terms(virt_domain)
|
|
||||||
+term_use_all_inherited_terms(virt_domain)
|
+term_use_all_inherited_terms(virt_domain)
|
||||||
term_getattr_pty_fs(virt_domain)
|
term_getattr_pty_fs(virt_domain)
|
||||||
term_use_generic_ptys(virt_domain)
|
term_use_generic_ptys(virt_domain)
|
||||||
@ -62878,7 +62880,7 @@ index ad3068a..1157058 100644
|
|||||||
+#
|
+#
|
||||||
+# virt_lxc_domain local policy
|
+# virt_lxc_domain local policy
|
||||||
+#
|
+#
|
||||||
+allow svirt_lxc_domain self:capability { kill setuid setgid dac_override };
|
+allow svirt_lxc_domain self:capability { kill setuid setgid dac_override sys_boot };
|
||||||
+
|
+
|
||||||
+allow virtd_t svirt_lxc_domain:unix_stream_socket { create_stream_socket_perms connectto };
|
+allow virtd_t svirt_lxc_domain:unix_stream_socket { create_stream_socket_perms connectto };
|
||||||
+allow virtd_t svirt_lxc_domain:process { signal_perms };
|
+allow virtd_t svirt_lxc_domain:process { signal_perms };
|
||||||
@ -63059,7 +63061,6 @@ index ad3068a..1157058 100644
|
|||||||
+
|
+
|
||||||
+corenet_rw_tun_tap_dev(virt_bridgehelper_t)
|
+corenet_rw_tun_tap_dev(virt_bridgehelper_t)
|
||||||
+
|
+
|
||||||
+
|
|
||||||
+userdom_use_inherited_user_ptys(virt_bridgehelper_t)
|
+userdom_use_inherited_user_ptys(virt_bridgehelper_t)
|
||||||
diff --git a/vlock.te b/vlock.te
|
diff --git a/vlock.te b/vlock.te
|
||||||
index 2511093..9e5625e 100644
|
index 2511093..9e5625e 100644
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.11.0
|
Version: 3.11.0
|
||||||
Release: 14%{?dist}
|
Release: 15%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -491,6 +491,9 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 30 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-15
|
||||||
|
- More fixes for systemd to make rawhide booting from Dan Walsh
|
||||||
|
|
||||||
* Mon Jul 30 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-14
|
* Mon Jul 30 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-14
|
||||||
- Add systemd fixes to make rawhide booting
|
- Add systemd fixes to make rawhide booting
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user