more misc stuff
Here's the latest stuff, most of which is to make staff_t usable as a login domain. Please merge whatever you think is good and skip the rest.
This commit is contained in:
parent
4e5b6f39ff
commit
044da0b8b9
|
@ -166,6 +166,7 @@ ifdef(`distro_gentoo',`
|
|||
|
||||
/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/bluetooth/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/bridge-utils/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
@ -197,6 +198,7 @@ ifdef(`distro_gentoo',`
|
|||
/usr/lib/gvfs/gvfs.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/kde4/libexec/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/[^/]+/libexec/kf5/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/mailman/mail(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/mediawiki/math/texvc.* gen_context(system_u:object_r:bin_t,s0)
|
||||
|
|
|
@ -31,6 +31,10 @@ optional_policy(`
|
|||
git_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
modemmanager_dbus_chat(staff_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
postgresql_role(staff_r, staff_t)
|
||||
')
|
||||
|
|
|
@ -20,6 +20,10 @@ optional_policy(`
|
|||
git_role(user_r, user_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
modemmanager_dbus_chat(user_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
screen_role_template(user, user_r, user_t)
|
||||
')
|
||||
|
|
|
@ -178,6 +178,7 @@ logging_read_generic_logs(ssh_t)
|
|||
|
||||
auth_use_nsswitch(ssh_t)
|
||||
|
||||
miscfiles_read_generic_certs(ssh_t)
|
||||
miscfiles_read_localization(ssh_t)
|
||||
|
||||
seutil_read_config(ssh_t)
|
||||
|
|
|
@ -209,6 +209,7 @@ optional_policy(`
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
xserver_link_xdm_keys(local_login_t)
|
||||
xserver_read_xdm_tmp_files(local_login_t)
|
||||
xserver_rw_xdm_tmp_files(local_login_t)
|
||||
xserver_rw_xdm_keys(local_login_t)
|
||||
|
|
|
@ -1008,6 +1008,7 @@ files_create_lock_dirs(systemd_tmpfiles_t)
|
|||
files_manage_all_pid_dirs(systemd_tmpfiles_t)
|
||||
files_delete_usr_files(systemd_tmpfiles_t)
|
||||
files_list_home(systemd_tmpfiles_t)
|
||||
files_list_locks(systemd_tmpfiles_t)
|
||||
files_manage_generic_tmp_dirs(systemd_tmpfiles_t)
|
||||
files_manage_var_dirs(systemd_tmpfiles_t)
|
||||
files_manage_var_lib_dirs(systemd_tmpfiles_t)
|
||||
|
@ -1026,8 +1027,8 @@ files_relabelto_etc_dirs(systemd_tmpfiles_t)
|
|||
files_manage_etc_symlinks(systemd_tmpfiles_t)
|
||||
|
||||
fs_getattr_tmpfs(systemd_tmpfiles_t)
|
||||
fs_getattr_tmpfs_dirs(systemd_tmpfiles_t)
|
||||
fs_getattr_xattr_fs(systemd_tmpfiles_t)
|
||||
fs_list_tmpfs(systemd_tmpfiles_t)
|
||||
|
||||
selinux_get_fs_mount(systemd_tmpfiles_t)
|
||||
selinux_search_fs(systemd_tmpfiles_t)
|
||||
|
|
Loading…
Reference in New Issue