selinux-policy/policy/modules/admin/apt.fc
Manoj Srivastava 6a192f70d4 Update apt/aptitude policy to add support for lock/log files
Signed-off-by: Russell Coker <russell@coker.com.au>
Acked-By: Manoj Srivastava <srivasta@debian.org>
2009-07-29 15:00:39 -04:00

22 lines
851 B
Plaintext

/usr/bin/apt-get -- gen_context(system_u:object_r:apt_exec_t,s0)
# apt-shell is redhat specific
/usr/bin/apt-shell -- gen_context(system_u:object_r:apt_exec_t,s0)
# other package managers
/usr/bin/aptitude -- gen_context(system_u:object_r:apt_exec_t,s0)
/usr/sbin/synaptic -- gen_context(system_u:object_r:apt_exec_t,s0)
# package cache repository
/var/cache/apt(/.*)? gen_context(system_u:object_r:apt_var_cache_t,s0)
# package list repository
/var/lib/apt(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0)
/var/lib/aptitude(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0)
# aptitude lock
/var/lock/aptitude gen_context(system_u:object_r:apt_lock_t,s0)
# aptitude log
/var/log/aptitude gen_context(system_u:object_r:apt_var_log_t,s0)
# dpkg terminal log
/var/log/apt(/.*)? gen_context(system_u:object_r:apt_var_log_t,s0)