remove unneeded dep
This commit is contained in:
parent
ace3688a93
commit
fcfe684b16
@ -284,6 +284,10 @@ else
|
|||||||
include $(ROOT)/Rules.modular
|
include $(ROOT)/Rules.modular
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
test:
|
||||||
|
# $(MODDIR)
|
||||||
|
# $(ALL_LAYERS)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Generated files
|
# Generated files
|
||||||
|
@ -105,7 +105,7 @@ $(TMPDIR)/pre_te_files.conf: $(PRE_TE_FILES)
|
|||||||
@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
|
@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
|
||||||
$(verbose) cat $^ > $@
|
$(verbose) cat $^ > $@
|
||||||
|
|
||||||
$(TMPDIR)/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
|
$(TMPDIR)/generated_definitions.conf: $(ALL_TE_FILES)
|
||||||
# per-userdomain templates:
|
# per-userdomain templates:
|
||||||
@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
|
@test -d $(TMPDIR) || mkdir -p $(TMPDIR)
|
||||||
$(verbose) echo "define(\`base_per_userdomain_template',\`" > $@
|
$(verbose) echo "define(\`base_per_userdomain_template',\`" > $@
|
||||||
|
@ -137,15 +137,24 @@ level s0:c0.c255;
|
|||||||
# Only files are constrained by MCS at this stage.
|
# Only files are constrained by MCS at this stage.
|
||||||
#
|
#
|
||||||
mlsconstrain file { write setattr append unlink link rename
|
mlsconstrain file { write setattr append unlink link rename
|
||||||
create ioctl lock execute } (h1 dom h2);
|
ioctl lock execute relabelfrom } (h1 dom h2);
|
||||||
|
|
||||||
|
mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
|
||||||
|
|
||||||
mlsconstrain file { read } ((h1 dom h2) or
|
mlsconstrain file { read } ((h1 dom h2) or
|
||||||
( t1 == mlsfileread ));
|
( t1 == mlsfileread ));
|
||||||
|
|
||||||
|
|
||||||
# new file labels must be dominated by the relabeling subject clearance
|
# new file labels must be dominated by the relabeling subject clearance
|
||||||
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom relabelto }
|
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
|
||||||
( h1 dom h2 );
|
( h1 dom h2 );
|
||||||
|
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
|
||||||
|
(( h1 dom h2 ) and ( l2 eq h2 ));
|
||||||
|
|
||||||
|
mlsconstrain process { ptrace } ( h1 dom h2 );
|
||||||
|
|
||||||
|
mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or
|
||||||
|
( t1 == mcskillall );
|
||||||
|
|
||||||
define(`nogetattr_file_perms', `{ create ioctl read lock write setattr append
|
define(`nogetattr_file_perms', `{ create ioctl read lock write setattr append
|
||||||
link unlink rename relabelfrom relabelto }')
|
link unlink rename relabelfrom relabelto }')
|
||||||
|
@ -2656,3 +2656,22 @@ interface(`dev_unconfined',`
|
|||||||
typeattribute $1 memory_raw_write, memory_raw_read;
|
typeattribute $1 memory_raw_write, memory_raw_read;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read and write the USB device.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_rw_usb',`
|
||||||
|
gen_require(`
|
||||||
|
type usb_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 device_t:dir r_dir_perms;
|
||||||
|
allow $1 usb_device_t:chr_file { read write };
|
||||||
|
')
|
||||||
|
1
refpolicy/policy/modules/kernel/mcs.fc
Normal file
1
refpolicy/policy/modules/kernel/mcs.fc
Normal file
@ -0,0 +1 @@
|
|||||||
|
# no MCS file contexts
|
23
refpolicy/policy/modules/kernel/mcs.if
Normal file
23
refpolicy/policy/modules/kernel/mcs.if
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## <summary>Multicategory security policy</summary>
|
||||||
|
## <required val="true">
|
||||||
|
## Contains attributes used in MCS policy.
|
||||||
|
## </required>
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## This domain is allowed to sigkill and sigstop
|
||||||
|
## all domains regardless of their MCS level.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain target for user exemption.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`mcs_killall',`
|
||||||
|
gen_require(`
|
||||||
|
attribute mcskillall;
|
||||||
|
')
|
||||||
|
|
||||||
|
typeattribute $1 mcskillall;
|
||||||
|
')
|
47
refpolicy/policy/modules/kernel/mcs.te
Normal file
47
refpolicy/policy/modules/kernel/mcs.te
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
|
||||||
|
policy_module(mcs,1.0.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
attribute mcskillall;
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# THIS IS A HACK
|
||||||
|
#
|
||||||
|
# Only the base module can have range_transitions, so we
|
||||||
|
# temporarily have to break encapsulation to work around this.
|
||||||
|
#
|
||||||
|
|
||||||
|
type auditd_exec_t;
|
||||||
|
type crond_exec_t;
|
||||||
|
type cupsd_exec_t;
|
||||||
|
type getty_t;
|
||||||
|
type init_t;
|
||||||
|
type init_exec_t;
|
||||||
|
type initrc_t;
|
||||||
|
type initrc_exec_t;
|
||||||
|
type login_exec_t;
|
||||||
|
type sshd_exec_t;
|
||||||
|
type su_exec_t;
|
||||||
|
type udev_exec_t;
|
||||||
|
type unconfined_t;
|
||||||
|
type xdm_exec_t;
|
||||||
|
|
||||||
|
ifdef(`enable_mcs',`
|
||||||
|
range_transition getty_t login_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition init_t xdm_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
|
||||||
|
|
||||||
|
# these might be targeted_policy only
|
||||||
|
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
|
||||||
|
range_transition unconfined_t initrc_exec_t s0;
|
||||||
|
')
|
@ -53,38 +53,10 @@ attribute mlsrangetrans;
|
|||||||
#
|
#
|
||||||
# Only the base module can have range_transitions, so we
|
# Only the base module can have range_transitions, so we
|
||||||
# temporarily have to break encapsulation to work around this.
|
# temporarily have to break encapsulation to work around this.
|
||||||
|
# Other types are declared in the mcs module.
|
||||||
#
|
#
|
||||||
|
|
||||||
type auditd_exec_t;
|
|
||||||
type crond_exec_t;
|
|
||||||
type cupsd_exec_t;
|
|
||||||
type getty_t;
|
|
||||||
type init_t;
|
|
||||||
type init_exec_t;
|
|
||||||
type initrc_t;
|
|
||||||
type initrc_exec_t;
|
|
||||||
type login_exec_t;
|
|
||||||
type lvm_exec_t;
|
type lvm_exec_t;
|
||||||
type sshd_exec_t;
|
|
||||||
type su_exec_t;
|
|
||||||
type udev_exec_t;
|
|
||||||
type unconfined_t;
|
|
||||||
type xdm_exec_t;
|
|
||||||
|
|
||||||
ifdef(`enable_mcs',`
|
|
||||||
range_transition getty_t login_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition init_t xdm_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
|
|
||||||
|
|
||||||
# these might be targeted_policy only
|
|
||||||
range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
|
|
||||||
range_transition unconfined_t initrc_exec_t s0;
|
|
||||||
')
|
|
||||||
|
|
||||||
ifdef(`enable_mls',`
|
ifdef(`enable_mls',`
|
||||||
range_transition initrc_t auditd_exec_t s15:c0.c255;
|
range_transition initrc_t auditd_exec_t s15:c0.c255;
|
||||||
|
@ -101,6 +101,7 @@ corenet_udp_bind_all_nodes(bluetooth_t)
|
|||||||
|
|
||||||
dev_read_sysfs(bluetooth_t)
|
dev_read_sysfs(bluetooth_t)
|
||||||
dev_rw_usbfs(bluetooth_t)
|
dev_rw_usbfs(bluetooth_t)
|
||||||
|
dev_rw_usb(bluetooth_t)
|
||||||
dev_read_urand(bluetooth_t)
|
dev_read_urand(bluetooth_t)
|
||||||
|
|
||||||
fs_getattr_all_fs(bluetooth_t)
|
fs_getattr_all_fs(bluetooth_t)
|
||||||
|
@ -97,6 +97,8 @@ fs_search_auto_mountpoints(hald_t)
|
|||||||
|
|
||||||
mls_file_read_up(hald_t)
|
mls_file_read_up(hald_t)
|
||||||
|
|
||||||
|
modutils_domtrans_insmod(hald_t)
|
||||||
|
|
||||||
selinux_get_fs_mount(hald_t)
|
selinux_get_fs_mount(hald_t)
|
||||||
selinux_validate_context(hald_t)
|
selinux_validate_context(hald_t)
|
||||||
selinux_compute_access_vector(hald_t)
|
selinux_compute_access_vector(hald_t)
|
||||||
@ -128,6 +130,7 @@ libs_exec_ld_so(hald_t)
|
|||||||
libs_exec_lib_files(hald_t)
|
libs_exec_lib_files(hald_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(hald_t)
|
logging_send_syslog_msg(hald_t)
|
||||||
|
logging_search_logs(hald_t)
|
||||||
|
|
||||||
miscfiles_read_localization(hald_t)
|
miscfiles_read_localization(hald_t)
|
||||||
miscfiles_read_hwdata(hald_t)
|
miscfiles_read_hwdata(hald_t)
|
||||||
|
@ -44,6 +44,9 @@ role system_r types system_mail_t;
|
|||||||
# System mail local policy
|
# System mail local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# newalias required this, not sure if it is needed in 'if' file
|
||||||
|
allow system_mail_t self:capability { dac_override };
|
||||||
|
|
||||||
allow system_mail_t etc_mail_t:dir { getattr search };
|
allow system_mail_t etc_mail_t:dir { getattr search };
|
||||||
allow system_mail_t etc_mail_t:file r_file_perms;
|
allow system_mail_t etc_mail_t:file r_file_perms;
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_overrid
|
|||||||
dontaudit NetworkManager_t self:capability sys_tty_config;
|
dontaudit NetworkManager_t self:capability sys_tty_config;
|
||||||
allow NetworkManager_t self:process { setcap getsched signal_perms };
|
allow NetworkManager_t self:process { setcap getsched signal_perms };
|
||||||
allow NetworkManager_t self:fifo_file rw_file_perms;
|
allow NetworkManager_t self:fifo_file rw_file_perms;
|
||||||
allow NetworkManager_t self:unix_dgram_socket create_socket_perms;
|
allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
|
||||||
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
|
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
|
allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
|
||||||
allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
|
allow NetworkManager_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
@ -273,6 +273,8 @@ allow postfix_local_t postfix_spool_t:file rw_file_perms;
|
|||||||
corecmd_exec_shell(postfix_local_t)
|
corecmd_exec_shell(postfix_local_t)
|
||||||
corecmd_exec_bin(postfix_local_t)
|
corecmd_exec_bin(postfix_local_t)
|
||||||
|
|
||||||
|
files_read_etc_files(postfix_local_t)
|
||||||
|
|
||||||
mta_read_aliases(postfix_local_t)
|
mta_read_aliases(postfix_local_t)
|
||||||
mta_delete_spool(postfix_local_t)
|
mta_delete_spool(postfix_local_t)
|
||||||
# For reading spamassasin
|
# For reading spamassasin
|
||||||
@ -395,6 +397,8 @@ allow postfix_pipe_t self:fifo_file { read write };
|
|||||||
allow postfix_pipe_t postfix_private_t:dir search;
|
allow postfix_pipe_t postfix_private_t:dir search;
|
||||||
allow postfix_pipe_t postfix_private_t:sock_file write;
|
allow postfix_pipe_t postfix_private_t:sock_file write;
|
||||||
|
|
||||||
|
allow postfix_pipe_t postfix_public_t:fifo_file { getattr write };
|
||||||
|
|
||||||
allow postfix_pipe_t postfix_spool_t:dir search;
|
allow postfix_pipe_t postfix_spool_t:dir search;
|
||||||
allow postfix_pipe_t postfix_spool_t:file rw_file_perms;
|
allow postfix_pipe_t postfix_spool_t:file rw_file_perms;
|
||||||
|
|
||||||
|
@ -22,7 +22,8 @@ ifdef(`targeted_policy', `', `
|
|||||||
#
|
#
|
||||||
# /sbin
|
# /sbin
|
||||||
#
|
#
|
||||||
/sbin/init -- gen_context(system_u:object_r:init_exec_t,s0)
|
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
|
||||||
|
|
||||||
|
|
||||||
ifdef(`distro_gentoo', `
|
ifdef(`distro_gentoo', `
|
||||||
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||||
|
@ -155,6 +155,8 @@ libs_rw_ld_so_cache(init_t)
|
|||||||
logging_send_syslog_msg(init_t)
|
logging_send_syslog_msg(init_t)
|
||||||
logging_rw_generic_logs(init_t)
|
logging_rw_generic_logs(init_t)
|
||||||
|
|
||||||
|
mcs_killall(init_t)
|
||||||
|
|
||||||
mls_file_read_up(init_t)
|
mls_file_read_up(init_t)
|
||||||
mls_file_write_down(init_t)
|
mls_file_write_down(init_t)
|
||||||
mls_rangetrans_target(init_t)
|
mls_rangetrans_target(init_t)
|
||||||
@ -360,6 +362,8 @@ miscfiles_read_localization(initrc_t)
|
|||||||
# slapd needs to read cert files from its initscript
|
# slapd needs to read cert files from its initscript
|
||||||
miscfiles_read_certs(initrc_t)
|
miscfiles_read_certs(initrc_t)
|
||||||
|
|
||||||
|
mcs_killall(initrc_t)
|
||||||
|
|
||||||
mls_file_read_up(initrc_t)
|
mls_file_read_up(initrc_t)
|
||||||
mls_file_write_down(initrc_t)
|
mls_file_write_down(initrc_t)
|
||||||
mls_process_read_up(initrc_t)
|
mls_process_read_up(initrc_t)
|
||||||
|
@ -283,6 +283,7 @@ interface(`libs_manage_lib_files',`
|
|||||||
|
|
||||||
allow $1 lib_t:dir search_dir_perms;
|
allow $1 lib_t:dir search_dir_perms;
|
||||||
allow $1 lib_t:file manage_file_perms;
|
allow $1 lib_t:file manage_file_perms;
|
||||||
|
allow $1 lib_t:lnk_file unlink;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -10,6 +10,7 @@
|
|||||||
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
|
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
|
||||||
|
|
||||||
/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
|
/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
|
||||||
|
/etc/selinux/([^/]*/)?modules(/.*)? gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
|
||||||
/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
|
/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
|
||||||
/etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
|
/etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
|
||||||
|
|
||||||
@ -39,3 +40,5 @@
|
|||||||
ifdef(`distro_debian', `
|
ifdef(`distro_debian', `
|
||||||
/usr/share/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
|
/usr/share/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
/usr/sbin/semodule -- gen_context(system_u:object_r:semodule_exec_t,s0)
|
||||||
|
@ -585,6 +585,28 @@ interface(`seutil_read_file_contexts',`
|
|||||||
allow $1 file_context_t:lnk_file { getattr read };
|
allow $1 file_context_t:lnk_file { getattr read };
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read and write the file_contexts files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`seutil_rw_file_contexts',`
|
||||||
|
gen_require(`
|
||||||
|
type selinux_config_t, file_context_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
|
allow $1 selinux_config_t:dir search;
|
||||||
|
allow $1 file_context_t:dir r_dir_perms;
|
||||||
|
allow $1 file_context_t:file rw_file_perms;
|
||||||
|
allow $1 file_context_t:lnk_file { getattr read };
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# seutil_read_bin_policy(domain)
|
# seutil_read_bin_policy(domain)
|
||||||
@ -683,4 +705,3 @@ interface(`seutil_manage_src_policy',`
|
|||||||
allow $1 policy_src_t:dir create_dir_perms;
|
allow $1 policy_src_t:dir create_dir_perms;
|
||||||
allow $1 policy_src_t:file create_file_perms;
|
allow $1 policy_src_t:file create_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -55,10 +55,11 @@ interface(`unconfined_domain_noaudit',`
|
|||||||
tunable_policy(`allow_execmem && allow_execstack',`
|
tunable_policy(`allow_execmem && allow_execstack',`
|
||||||
# Allow making the stack executable via mprotect.
|
# Allow making the stack executable via mprotect.
|
||||||
allow $1 self:process execstack;
|
allow $1 self:process execstack;
|
||||||
|
auditallow $1 self:process execstack;
|
||||||
', `
|
', `
|
||||||
# These are fairly common but seem to be harmless
|
# These are fairly common but seem to be harmless
|
||||||
# caused by using shared libraries built with old tool chains
|
# caused by using shared libraries built with old tool chains
|
||||||
dontaudit $1 self:process execstack;
|
#dontaudit $1 self:process execstack;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
|
@ -165,9 +165,13 @@ ifdef(`targeted_policy',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`enable_mls',`
|
ifdef(`enable_mls',`
|
||||||
|
corecmd_exec_shell(secadm_t)
|
||||||
|
mls_process_read_up(secadm_t)
|
||||||
|
mls_file_write_down(secadm_t)
|
||||||
|
mls_file_upgrade(secadm_t)
|
||||||
|
mls_file_downgrade(secadm_t)
|
||||||
logging_read_audit_log(secadm_t)
|
logging_read_audit_log(secadm_t)
|
||||||
logging_domtrans_auditctl(secadm_t)
|
logging_domtrans_auditctl(secadm_t)
|
||||||
mls_process_read_up(secadm_t)
|
|
||||||
userdom_dontaudit_append_staff_home_files(secadm_t)
|
userdom_dontaudit_append_staff_home_files(secadm_t)
|
||||||
', `
|
', `
|
||||||
logging_domtrans_auditctl(sysadm_t)
|
logging_domtrans_auditctl(sysadm_t)
|
||||||
@ -354,6 +358,7 @@ ifdef(`targeted_policy',`
|
|||||||
seutil_run_checkpolicy(secadm_t,secadm_r,admin_terminal)
|
seutil_run_checkpolicy(secadm_t,secadm_r,admin_terminal)
|
||||||
seutil_run_loadpolicy(secadm_t,secadm_r,admin_terminal)
|
seutil_run_loadpolicy(secadm_t,secadm_r,admin_terminal)
|
||||||
seutil_run_setfiles(secadm_t,secadm_r,admin_terminal)
|
seutil_run_setfiles(secadm_t,secadm_r,admin_terminal)
|
||||||
|
seutil_run_restorecon(secadm_t,secadm_r,admin_terminal)
|
||||||
', `
|
', `
|
||||||
selinux_set_enforce_mode(sysadm_t)
|
selinux_set_enforce_mode(sysadm_t)
|
||||||
selinux_set_boolean(sysadm_t)
|
selinux_set_boolean(sysadm_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user