This is a role capability.
This is a role capability.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This is a role capability.
This is a role capability.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
Signed-off-by: Dominick Grift <domg472@gmail.com>
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
The ps_process_pattern includes permission to get attributes of target domain.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use permission sets where possible.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Search parent directory to be able to interact with target content.
Access to get attributes of target privoxy_t domain is included with ps_process_pattern.
Access to get attributes of target radiusd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.
Allow postgresql admin to search parent directories to be able to manage postgresql content.
Allow prelude_admin to search parent directories to be able to manage prelude content.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.
Access to get attributes of target asterisk_t domain is included with ps_process_pattern.
Permission to get attributes of target automount_t domain is included with ps_process_pattern.
Access to get attributes of target ntpd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Remove permissive domain from cmirrord and dontaudit sys_tty_config
Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser
virt needs to be able to read processes to clearance for MLS
This is based on Fedoras' miscfiles_cert_type implementation.
The idea was that openvpn needs to be able read home certificates (home_cert_t) which is not implemented in refpolicy yet, as well as generic cert_t certificates.
Note that openvpn is allowed to read all cert_types, as i know that it needs access to both generic cert_t as well as (future) home_cert_t. Dwalsh noted that other domains may need this as well but because i do not know exactly which domains i will not changes any other domains call to generic cert type interfaces.
Signed-off-by: Dominick Grift <domg472@gmail.com>
Allow hugetlbfs_t to be on device_t file system
Fix for ajaxterm policy
Fix type in dbus_delete_pid_files
Change openvpn to only allow search of users home dir