trunk: 3 patches from dan.
This commit is contained in:
Chris PeBenito
parent
14c0edc7e9
commit
fb4826f424
@ -3,6 +3,8 @@
|
|||||||
#
|
#
|
||||||
/dev/printer -s gen_context(system_u:object_r:printer_t,s0)
|
/dev/printer -s gen_context(system_u:object_r:printer_t,s0)
|
||||||
|
|
||||||
|
/opt/gutenprint/s?bin(/.*)? gen_context(system_u:object_r:lpr_exec_t,s0)
|
||||||
|
|
||||||
#
|
#
|
||||||
# /usr
|
# /usr
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(lpd, 1.10.2)
|
policy_module(lpd, 1.10.3)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -233,7 +233,6 @@ allow lpr_t self:capability { setuid dac_override net_bind_service chown };
|
|||||||
allow lpr_t self:unix_stream_socket create_stream_socket_perms;
|
allow lpr_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow lpr_t self:tcp_socket create_socket_perms;
|
allow lpr_t self:tcp_socket create_socket_perms;
|
||||||
allow lpr_t self:udp_socket create_socket_perms;
|
allow lpr_t self:udp_socket create_socket_perms;
|
||||||
allow lpr_t self:netlink_route_socket r_netlink_socket_perms;
|
|
||||||
|
|
||||||
can_exec(lpr_t, lpr_exec_t)
|
can_exec(lpr_t, lpr_exec_t)
|
||||||
|
|
||||||
@ -273,9 +272,9 @@ fs_getattr_xattr_fs(lpr_t)
|
|||||||
term_use_controlling_term(lpr_t)
|
term_use_controlling_term(lpr_t)
|
||||||
term_use_generic_ptys(lpr_t)
|
term_use_generic_ptys(lpr_t)
|
||||||
|
|
||||||
miscfiles_read_localization(lpr_t)
|
auth_use_nsswitch(lpr_t)
|
||||||
|
|
||||||
sysnet_read_config(lpr_t)
|
miscfiles_read_localization(lpr_t)
|
||||||
|
|
||||||
userdom_read_user_tmp_symlinks(lpr_t)
|
userdom_read_user_tmp_symlinks(lpr_t)
|
||||||
# Write to the user domain tty.
|
# Write to the user domain tty.
|
||||||
@ -338,11 +337,3 @@ optional_policy(`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
logging_send_syslog_msg(lpr_t)
|
logging_send_syslog_msg(lpr_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nscd_socket_use(lpr_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
nis_use_ypbind(lpr_t)
|
|
||||||
')
|
|
||||||
|
|||||||
@ -1,3 +1,6 @@
|
|||||||
|
/etc/rc\.d/init\.d/snmpd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0)
|
||||||
|
/etc/rc\.d/init\.d/snmptrapd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0)
|
||||||
|
|
||||||
#
|
#
|
||||||
# /usr
|
# /usr
|
||||||
#
|
#
|
||||||
@ -8,6 +11,8 @@
|
|||||||
#
|
#
|
||||||
# /var
|
# /var
|
||||||
#
|
#
|
||||||
|
/var/agentx(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||||
|
|
||||||
/var/lib/net-snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
/var/lib/net-snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||||
/var/lib/snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
/var/lib/snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||||
|
|
||||||
|
|||||||
@ -95,23 +95,34 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
|
|||||||
## Domain allowed access.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
|
## <param name="role">
|
||||||
|
## <summary>
|
||||||
|
## The role to be allowed to manage the snmp domain.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
## <rolecap/>
|
## <rolecap/>
|
||||||
#
|
#
|
||||||
interface(`snmp_admin',`
|
interface(`snmp_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type snmpd_t, snmpd_log_t;
|
type snmpd_t, snmpd_log_t;
|
||||||
type snmpd_var_lib_t, snmpd_var_run_t;
|
type snmpd_var_lib_t, snmpd_var_run_t;
|
||||||
|
type snmpd_initrc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 snmpd_t:process { ptrace signal_perms getattr };
|
allow $1 snmpd_t:process { ptrace signal_perms getattr };
|
||||||
ps_process_pattern($1, snmpd_t)
|
ps_process_pattern($1, snmpd_t)
|
||||||
|
|
||||||
|
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
|
||||||
|
domain_system_change_exemption($1)
|
||||||
|
role_transition $2 snmpd_initrc_exec_t system_r;
|
||||||
|
allow $2 system_r;
|
||||||
|
|
||||||
logging_list_logs($1)
|
logging_list_logs($1)
|
||||||
manage_files_pattern($1, snmpd_log_t, snmpd_log_t)
|
admin_pattern($1, snmpd_log_t)
|
||||||
|
|
||||||
files_list_var_lib($1)
|
files_list_var_lib($1)
|
||||||
manage_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
|
admin_pattern($1, snmpd_var_lib_t)
|
||||||
|
|
||||||
files_list_pids($1)
|
files_list_pids($1)
|
||||||
manage_files_pattern($1, snmpd_var_run_t, snmpd_var_run_t)
|
admin_pattern($1, snmpd_var_run_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(snmp, 1.8.1)
|
policy_module(snmp, 1.8.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -9,6 +9,9 @@ type snmpd_t;
|
|||||||
type snmpd_exec_t;
|
type snmpd_exec_t;
|
||||||
init_daemon_domain(snmpd_t, snmpd_exec_t)
|
init_daemon_domain(snmpd_t, snmpd_exec_t)
|
||||||
|
|
||||||
|
type snmpd_initrc_exec_t;
|
||||||
|
init_script_file(snmpd_initrc_exec_t)
|
||||||
|
|
||||||
type snmpd_log_t;
|
type snmpd_log_t;
|
||||||
logging_log_file(snmpd_log_t)
|
logging_log_file(snmpd_log_t)
|
||||||
|
|
||||||
@ -22,8 +25,9 @@ files_type(snmpd_var_lib_t)
|
|||||||
#
|
#
|
||||||
# Local policy
|
# Local policy
|
||||||
#
|
#
|
||||||
allow snmpd_t self:capability { dac_override kill net_admin sys_nice sys_tty_config };
|
allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
|
||||||
dontaudit snmpd_t self:capability { sys_module sys_tty_config };
|
dontaudit snmpd_t self:capability { sys_module sys_tty_config };
|
||||||
|
allow snmpd_t self:process { getsched setsched };
|
||||||
allow snmpd_t self:fifo_file rw_fifo_file_perms;
|
allow snmpd_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow snmpd_t self:unix_dgram_socket create_socket_perms;
|
allow snmpd_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
|
allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
@ -45,6 +49,7 @@ files_pid_filetrans(snmpd_t, snmpd_var_run_t, file)
|
|||||||
|
|
||||||
kernel_read_device_sysctls(snmpd_t)
|
kernel_read_device_sysctls(snmpd_t)
|
||||||
kernel_read_kernel_sysctls(snmpd_t)
|
kernel_read_kernel_sysctls(snmpd_t)
|
||||||
|
kernel_read_fs_sysctls(snmpd_t)
|
||||||
kernel_read_net_sysctls(snmpd_t)
|
kernel_read_net_sysctls(snmpd_t)
|
||||||
kernel_read_proc_symlinks(snmpd_t)
|
kernel_read_proc_symlinks(snmpd_t)
|
||||||
kernel_read_system_state(snmpd_t)
|
kernel_read_system_state(snmpd_t)
|
||||||
@ -76,13 +81,13 @@ dev_getattr_usbfs_dirs(snmpd_t)
|
|||||||
domain_use_interactive_fds(snmpd_t)
|
domain_use_interactive_fds(snmpd_t)
|
||||||
domain_signull_all_domains(snmpd_t)
|
domain_signull_all_domains(snmpd_t)
|
||||||
domain_read_all_domains_state(snmpd_t)
|
domain_read_all_domains_state(snmpd_t)
|
||||||
|
domain_dontaudit_ptrace_all_domains(snmpd_t)
|
||||||
|
domain_exec_all_entry_files(snmpd_t)
|
||||||
|
|
||||||
files_read_etc_files(snmpd_t)
|
files_read_etc_files(snmpd_t)
|
||||||
files_read_usr_files(snmpd_t)
|
files_read_usr_files(snmpd_t)
|
||||||
files_read_etc_runtime_files(snmpd_t)
|
files_read_etc_runtime_files(snmpd_t)
|
||||||
files_search_home(snmpd_t)
|
files_search_home(snmpd_t)
|
||||||
files_getattr_boot_dirs(snmpd_t)
|
|
||||||
files_dontaudit_getattr_home_dir(snmpd_t)
|
|
||||||
|
|
||||||
fs_getattr_all_dirs(snmpd_t)
|
fs_getattr_all_dirs(snmpd_t)
|
||||||
fs_getattr_all_fs(snmpd_t)
|
fs_getattr_all_fs(snmpd_t)
|
||||||
@ -91,6 +96,9 @@ fs_search_auto_mountpoints(snmpd_t)
|
|||||||
storage_dontaudit_read_fixed_disk(snmpd_t)
|
storage_dontaudit_read_fixed_disk(snmpd_t)
|
||||||
storage_dontaudit_read_removable_device(snmpd_t)
|
storage_dontaudit_read_removable_device(snmpd_t)
|
||||||
|
|
||||||
|
auth_use_nsswitch(snmpd_t)
|
||||||
|
auth_read_all_dirs_except_shadow(snmpd_t)
|
||||||
|
|
||||||
init_read_utmp(snmpd_t)
|
init_read_utmp(snmpd_t)
|
||||||
init_dontaudit_write_utmp(snmpd_t)
|
init_dontaudit_write_utmp(snmpd_t)
|
||||||
|
|
||||||
@ -117,7 +125,7 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
auth_use_nsswitch(snmpd_t)
|
consoletype_exec(snmpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -148,3 +156,15 @@ optional_policy(`
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
udev_read_db(snmpd_t)
|
udev_read_db(snmpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
virt_stream_connect(snmpd_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
kernel_read_xen_state(snmpd_t)
|
||||||
|
kernel_write_xen_state(snmpd_t)
|
||||||
|
|
||||||
|
xen_stream_connect(snmpd_t)
|
||||||
|
xen_stream_connect_xenstore(snmpd_t)
|
||||||
|
')
|
||||||
|
|||||||
@ -2,6 +2,7 @@
|
|||||||
/etc/libvirt/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0)
|
/etc/libvirt/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0)
|
||||||
/etc/libvirt/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0)
|
/etc/libvirt/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0)
|
||||||
/etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
|
/etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
|
||||||
|
/etc/rc\.d/init\.d/libvirtd -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0)
|
||||||
|
|
||||||
/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
|
/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,27 @@
|
|||||||
## <summary>Libvirt virtualization API</summary>
|
## <summary>Libvirt virtualization API</summary>
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Make the specified type usable as a virt image
|
||||||
|
## </summary>
|
||||||
|
## <param name="type">
|
||||||
|
## <summary>
|
||||||
|
## Type to be used as a virtual image
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`virt_image',`
|
||||||
|
gen_require(`
|
||||||
|
attribute virt_image_type;
|
||||||
|
')
|
||||||
|
|
||||||
|
typeattribute $1 virt_image_type;
|
||||||
|
files_type($1)
|
||||||
|
|
||||||
|
# virt images can be assigned to blk devices
|
||||||
|
dev_node($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute a domain transition to run virt.
|
## Execute a domain transition to run virt.
|
||||||
@ -18,6 +40,25 @@ interface(`virt_domtrans',`
|
|||||||
domtrans_pattern($1, virtd_exec_t, virtd_t)
|
domtrans_pattern($1, virtd_exec_t, virtd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Connect to virt over an unix domain stream socket.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`virt_stream_connect',`
|
||||||
|
gen_require(`
|
||||||
|
type virtd_t, virt_var_run_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_pids($1)
|
||||||
|
stream_connect_pattern($1, virt_var_run_t, virt_var_run_t, virtd_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read virt config files.
|
## Read virt config files.
|
||||||
@ -39,6 +80,27 @@ interface(`virt_read_config',`
|
|||||||
read_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
|
read_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## manage virt config files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`virt_manage_config',`
|
||||||
|
gen_require(`
|
||||||
|
type virt_etc_t;
|
||||||
|
type virt_etc_rw_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
|
manage_files_pattern($1, virt_etc_t, virt_etc_t)
|
||||||
|
manage_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read virt PID files.
|
## Read virt PID files.
|
||||||
@ -214,6 +276,7 @@ interface(`virt_manage_images',`
|
|||||||
manage_dirs_pattern($1, virt_image_t, virt_image_t)
|
manage_dirs_pattern($1, virt_image_t, virt_image_t)
|
||||||
manage_files_pattern($1, virt_image_t, virt_image_t)
|
manage_files_pattern($1, virt_image_t, virt_image_t)
|
||||||
read_lnk_files_pattern($1, virt_image_t, virt_image_t)
|
read_lnk_files_pattern($1, virt_image_t, virt_image_t)
|
||||||
|
rw_blk_files_pattern($1, virt_image_t, virt_image_t)
|
||||||
|
|
||||||
tunable_policy(`virt_use_nfs',`
|
tunable_policy(`virt_use_nfs',`
|
||||||
fs_manage_nfs_dirs($1)
|
fs_manage_nfs_dirs($1)
|
||||||
@ -242,12 +305,17 @@ interface(`virt_manage_images',`
|
|||||||
#
|
#
|
||||||
interface(`virt_admin',`
|
interface(`virt_admin',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type virtd_t;
|
type virtd_t, virtd_initrc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 virtd_t:process { ptrace signal_perms };
|
allow $1 virtd_t:process { ptrace signal_perms };
|
||||||
ps_process_pattern($1, virtd_t)
|
ps_process_pattern($1, virtd_t)
|
||||||
|
|
||||||
|
init_labeled_script_domtrans($1, virtd_initrc_exec_t)
|
||||||
|
domain_system_change_exemption($1)
|
||||||
|
role_transition $2 virtd_initrc_exec_t system_r;
|
||||||
|
allow $2 system_r;
|
||||||
|
|
||||||
virt_manage_pid_files($1)
|
virt_manage_pid_files($1)
|
||||||
|
|
||||||
virt_manage_lib_files($1)
|
virt_manage_lib_files($1)
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(virt, 1.0.1)
|
policy_module(virt, 1.0.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -20,6 +20,8 @@ gen_tunable(virt_use_nfs, false)
|
|||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(virt_use_samba, false)
|
gen_tunable(virt_use_samba, false)
|
||||||
|
|
||||||
|
attribute virt_image_type;
|
||||||
|
|
||||||
type virt_etc_t;
|
type virt_etc_t;
|
||||||
files_config_file(virt_etc_t)
|
files_config_file(virt_etc_t)
|
||||||
|
|
||||||
@ -27,10 +29,8 @@ type virt_etc_rw_t;
|
|||||||
files_type(virt_etc_rw_t)
|
files_type(virt_etc_rw_t)
|
||||||
|
|
||||||
# virt Image files
|
# virt Image files
|
||||||
type virt_image_t; # customizable
|
type virt_image_t, virt_image_type; # customizable
|
||||||
files_type(virt_image_t)
|
virt_image(virt_image_t)
|
||||||
# virt_image_t can be assigned to blk devices
|
|
||||||
dev_node(virt_image_t)
|
|
||||||
|
|
||||||
type virt_log_t;
|
type virt_log_t;
|
||||||
logging_log_file(virt_log_t)
|
logging_log_file(virt_log_t)
|
||||||
@ -45,13 +45,16 @@ type virtd_t;
|
|||||||
type virtd_exec_t;
|
type virtd_exec_t;
|
||||||
init_daemon_domain(virtd_t, virtd_exec_t)
|
init_daemon_domain(virtd_t, virtd_exec_t)
|
||||||
|
|
||||||
|
type virtd_initrc_exec_t;
|
||||||
|
init_script_file(virtd_initrc_exec_t)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# virtd local policy
|
# virtd local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow virtd_t self:capability { dac_override kill net_admin setgid sys_nice sys_ptrace };
|
allow virtd_t self:capability { dac_override kill net_admin setgid sys_nice sys_ptrace };
|
||||||
allow virtd_t self:process { sigkill signal execmem };
|
allow virtd_t self:process { getsched sigkill signal execmem };
|
||||||
allow virtd_t self:fifo_file rw_file_perms;
|
allow virtd_t self:fifo_file rw_file_perms;
|
||||||
allow virtd_t self:unix_stream_socket create_stream_socket_perms;
|
allow virtd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow virtd_t self:tcp_socket create_stream_socket_perms;
|
allow virtd_t self:tcp_socket create_stream_socket_perms;
|
||||||
@ -64,7 +67,7 @@ manage_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
|
|||||||
manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
|
manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
|
||||||
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
|
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
|
||||||
|
|
||||||
manage_files_pattern(virtd_t, virt_image_t, virt_image_t)
|
manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
|
||||||
|
|
||||||
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
|
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
|
||||||
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
|
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
|
||||||
@ -109,6 +112,7 @@ files_read_usr_files(virtd_t)
|
|||||||
files_read_etc_files(virtd_t)
|
files_read_etc_files(virtd_t)
|
||||||
files_read_etc_runtime_files(virtd_t)
|
files_read_etc_runtime_files(virtd_t)
|
||||||
files_search_all(virtd_t)
|
files_search_all(virtd_t)
|
||||||
|
files_list_kernel_modules(virtd_t)
|
||||||
|
|
||||||
fs_list_auto_mountpoints(virtd_t)
|
fs_list_auto_mountpoints(virtd_t)
|
||||||
|
|
||||||
@ -159,11 +163,11 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
#optional_policy(`
|
optional_policy(`
|
||||||
# dnsmasq_domtrans(virtd_t)
|
dnsmasq_domtrans(virtd_t)
|
||||||
# dnsmasq_signal(virtd_t)
|
dnsmasq_signal(virtd_t)
|
||||||
# dnsmasq_sigkill(virtd_t)
|
dnsmasq_kill(virtd_t)
|
||||||
#')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
iptables_domtrans(virtd_t)
|
iptables_domtrans(virtd_t)
|
||||||
@ -192,3 +196,7 @@ optional_policy(`
|
|||||||
xen_stream_connect(virtd_t)
|
xen_stream_connect(virtd_t)
|
||||||
xen_stream_connect_xenstore(virtd_t)
|
xen_stream_connect_xenstore(virtd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
unconfined_domain(virtd_t)
|
||||||
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user