mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-03-11 07:40:18 +00:00
Update callers for "pid" to "runtime" interface rename.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito
parent
be04bb3e7e
commit
0992763548
@ -19,7 +19,7 @@ type alsa_home_t;
|
||||
userdom_user_home_content(alsa_home_t)
|
||||
|
||||
type alsa_runtime_t;
|
||||
files_pid_file(alsa_runtime_t)
|
||||
files_runtime_file(alsa_runtime_t)
|
||||
|
||||
type alsa_tmp_t;
|
||||
files_tmp_file(alsa_tmp_t)
|
||||
@ -61,7 +61,7 @@ can_exec(alsa_t, alsa_exec_t)
|
||||
allow alsa_t alsa_runtime_t:dir manage_dir_perms;
|
||||
allow alsa_t alsa_runtime_t:file manage_file_perms;
|
||||
allow alsa_t alsa_runtime_t:lnk_file manage_lnk_file_perms;
|
||||
files_pid_filetrans(alsa_t, alsa_runtime_t, { dir file })
|
||||
files_runtime_filetrans(alsa_t, alsa_runtime_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
|
||||
manage_files_pattern(alsa_t, alsa_tmp_t, alsa_tmp_t)
|
||||
|
||||
@ -185,7 +185,7 @@ corenet_tcp_connect_amanda_port(amanda_recover_t)
|
||||
domain_use_interactive_fds(amanda_recover_t)
|
||||
|
||||
files_read_etc_runtime_files(amanda_recover_t)
|
||||
files_search_pids(amanda_recover_t)
|
||||
files_search_runtime(amanda_recover_t)
|
||||
files_search_tmp(amanda_recover_t)
|
||||
|
||||
auth_use_nsswitch(amanda_recover_t)
|
||||
|
||||
@ -31,7 +31,7 @@ logging_send_audit_msgs(amtu_t)
|
||||
userdom_use_user_terminals(amtu_t)
|
||||
|
||||
optional_policy(`
|
||||
nscd_dontaudit_search_pid(amtu_t)
|
||||
nscd_dontaudit_search_runtime(amtu_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -88,6 +88,6 @@ interface(`bacula_admin',`
|
||||
files_search_var_lib($1)
|
||||
admin_pattern($1, bacula_var_lib_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, bacula_runtime_t)
|
||||
')
|
||||
|
||||
@ -21,7 +21,7 @@ type bacula_log_t;
|
||||
logging_log_file(bacula_log_t)
|
||||
|
||||
type bacula_runtime_t alias bacula_var_run_t;
|
||||
files_pid_file(bacula_runtime_t)
|
||||
files_runtime_file(bacula_runtime_t)
|
||||
|
||||
type bacula_spool_t;
|
||||
files_type(bacula_spool_t)
|
||||
@ -66,7 +66,7 @@ manage_files_pattern(bacula_t, bacula_var_lib_t, bacula_var_lib_t)
|
||||
files_var_lib_filetrans(bacula_t, bacula_var_lib_t, dir)
|
||||
|
||||
allow bacula_t bacula_runtime_t:file manage_file_perms;
|
||||
files_pid_filetrans(bacula_t, bacula_runtime_t, file)
|
||||
files_runtime_filetrans(bacula_t, bacula_runtime_t, file)
|
||||
|
||||
kernel_read_kernel_sysctls(bacula_t)
|
||||
kernel_read_system_state(bacula_t)
|
||||
|
||||
@ -143,7 +143,7 @@ interface(`bcfg2_admin',`
|
||||
|
||||
init_startstop_service($1, $2, bcfg2_t, bcfg2_initrc_exec_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, bcfg2_runtime_t)
|
||||
|
||||
files_search_var_lib($1)
|
||||
|
||||
@ -13,7 +13,7 @@ type bcfg2_initrc_exec_t;
|
||||
init_script_file(bcfg2_initrc_exec_t)
|
||||
|
||||
type bcfg2_runtime_t alias bcfg2_var_run_t;
|
||||
files_pid_file(bcfg2_runtime_t)
|
||||
files_runtime_file(bcfg2_runtime_t)
|
||||
|
||||
type bcfg2_var_lib_t;
|
||||
files_type(bcfg2_var_lib_t)
|
||||
@ -32,7 +32,7 @@ manage_files_pattern(bcfg2_t, bcfg2_var_lib_t, bcfg2_var_lib_t)
|
||||
files_var_lib_filetrans(bcfg2_t, bcfg2_var_lib_t, dir)
|
||||
|
||||
manage_files_pattern(bcfg2_t, bcfg2_runtime_t, bcfg2_runtime_t)
|
||||
files_pid_filetrans(bcfg2_t, bcfg2_runtime_t, file)
|
||||
files_runtime_filetrans(bcfg2_t, bcfg2_runtime_t, file)
|
||||
|
||||
kernel_read_system_state(bcfg2_t)
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ type blueman_exec_t;
|
||||
dbus_system_domain(blueman_t, blueman_exec_t)
|
||||
|
||||
type blueman_runtime_t alias blueman_var_run_t;
|
||||
files_pid_file(blueman_runtime_t)
|
||||
files_runtime_file(blueman_runtime_t)
|
||||
|
||||
type blueman_var_lib_t;
|
||||
files_type(blueman_var_lib_t)
|
||||
@ -30,7 +30,7 @@ files_var_lib_filetrans(blueman_t, blueman_var_lib_t, dir)
|
||||
|
||||
manage_dirs_pattern(blueman_t, blueman_runtime_t, blueman_runtime_t)
|
||||
manage_files_pattern(blueman_t, blueman_runtime_t, blueman_runtime_t)
|
||||
files_pid_filetrans(blueman_t, blueman_runtime_t, { dir file })
|
||||
files_runtime_filetrans(blueman_t, blueman_runtime_t, { dir file })
|
||||
|
||||
kernel_read_net_sysctls(blueman_t)
|
||||
kernel_read_system_state(blueman_t)
|
||||
@ -62,7 +62,7 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
dnsmasq_domtrans(blueman_t)
|
||||
dnsmasq_read_pid_files(blueman_t)
|
||||
dnsmasq_read_runtime_files(blueman_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -116,7 +116,7 @@ files_read_var_files(bootloader_t)
|
||||
files_read_kernel_modules(bootloader_t)
|
||||
files_search_mnt(bootloader_t)
|
||||
# for nscd
|
||||
files_dontaudit_search_pids(bootloader_t)
|
||||
files_dontaudit_search_runtime(bootloader_t)
|
||||
# for blkid.tab
|
||||
files_manage_etc_runtime_files(bootloader_t)
|
||||
files_etc_filetrans_etc_runtime(bootloader_t, file)
|
||||
@ -158,7 +158,7 @@ seutil_read_file_contexts(bootloader_t)
|
||||
seutil_read_loadpolicy(bootloader_t)
|
||||
seutil_dontaudit_search_config(bootloader_t)
|
||||
|
||||
udev_read_pid_files(bootloader_t)
|
||||
udev_read_runtime_files(bootloader_t)
|
||||
|
||||
userdom_use_user_terminals(bootloader_t)
|
||||
userdom_dontaudit_search_user_home_dirs(bootloader_t)
|
||||
@ -244,7 +244,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
raid_read_mdadm_pid(bootloader_t)
|
||||
raid_read_mdadm_runtime_files(bootloader_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -52,6 +52,6 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
pcscd_domtrans(certwatch_t)
|
||||
pcscd_read_pid_files(certwatch_t)
|
||||
pcscd_read_runtime_files(certwatch_t)
|
||||
pcscd_stream_connect(certwatch_t)
|
||||
')
|
||||
|
||||
@ -66,7 +66,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
auth_read_pam_pid(consoletype_t)
|
||||
auth_read_pam_runtime_files(consoletype_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -46,7 +46,7 @@ dev_read_rand(dphysswapfile_t)
|
||||
dev_read_urand(dphysswapfile_t)
|
||||
|
||||
# ignore ls -l /var/swap noise
|
||||
files_dontaudit_getattr_pid_dirs(dphysswapfile_t)
|
||||
files_dontaudit_getattr_runtime_dirs(dphysswapfile_t)
|
||||
files_read_etc_files(dphysswapfile_t)
|
||||
files_search_var(dphysswapfile_t)
|
||||
files_var_filetrans(dphysswapfile_t, dphysswapfile_swap_t, file)
|
||||
|
||||
@ -77,7 +77,7 @@ interface(`hwloc_read_runtime_files',`
|
||||
type hwloc_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
read_files_pattern($1, hwloc_runtime_t, hwloc_runtime_t)
|
||||
')
|
||||
|
||||
@ -102,5 +102,5 @@ interface(`hwloc_admin',`
|
||||
ps_process_pattern($1, hwloc_dhwd_t)
|
||||
|
||||
admin_pattern($1, hwloc_runtime_t)
|
||||
files_pid_filetrans($1, hwloc_runtime_t, dir, "hwloc")
|
||||
files_runtime_filetrans($1, hwloc_runtime_t, dir, "hwloc")
|
||||
')
|
||||
|
||||
@ -17,7 +17,7 @@ type hwloc_dhwd_unit_t;
|
||||
init_unit_file(hwloc_dhwd_unit_t)
|
||||
|
||||
type hwloc_runtime_t alias hwloc_var_run_t;
|
||||
files_pid_file(hwloc_runtime_t)
|
||||
files_runtime_file(hwloc_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -26,6 +26,6 @@ files_pid_file(hwloc_runtime_t)
|
||||
|
||||
allow hwloc_dhwd_t hwloc_runtime_t:dir manage_dir_perms;
|
||||
allow hwloc_dhwd_t hwloc_runtime_t:file manage_file_perms;
|
||||
files_pid_filetrans(hwloc_dhwd_t, hwloc_runtime_t, dir)
|
||||
files_runtime_filetrans(hwloc_dhwd_t, hwloc_runtime_t, dir)
|
||||
|
||||
dev_read_sysfs(hwloc_dhwd_t)
|
||||
|
||||
@ -128,7 +128,7 @@ interface(`kismet_read_runtime_files',`
|
||||
type kismet_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
allow $1 kismet_runtime_t:file read_file_perms;
|
||||
')
|
||||
|
||||
@ -148,7 +148,7 @@ interface(`kismet_manage_runtime_files',`
|
||||
type kismet_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
allow $1 kismet_runtime_t:file manage_file_perms;
|
||||
')
|
||||
|
||||
@ -325,7 +325,7 @@ interface(`kismet_admin',`
|
||||
files_search_var_lib($1)
|
||||
admin_pattern($1, kismet_var_lib_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, kismet_runtime_t)
|
||||
|
||||
logging_search_logs($1)
|
||||
|
||||
@ -22,7 +22,7 @@ type kismet_log_t;
|
||||
logging_log_file(kismet_log_t)
|
||||
|
||||
type kismet_runtime_t alias kismet_var_run_t;
|
||||
files_pid_file(kismet_runtime_t)
|
||||
files_runtime_file(kismet_runtime_t)
|
||||
|
||||
type kismet_tmp_t;
|
||||
files_tmp_file(kismet_tmp_t)
|
||||
@ -71,7 +71,7 @@ allow kismet_t kismet_var_lib_t:dir manage_dir_perms;
|
||||
files_var_lib_filetrans(kismet_t, kismet_var_lib_t, { file dir })
|
||||
|
||||
allow kismet_t kismet_runtime_t:dir manage_dir_perms;
|
||||
files_pid_filetrans(kismet_t, kismet_runtime_t, file)
|
||||
files_runtime_filetrans(kismet_t, kismet_runtime_t, file)
|
||||
|
||||
can_exec(kismet_t, kismet_exec_t)
|
||||
|
||||
|
||||
@ -94,6 +94,6 @@ interface(`kudzu_admin',`
|
||||
files_search_tmp($1)
|
||||
admin_pattern($1, kudzu_tmp_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, kudzu_runtime_t)
|
||||
')
|
||||
|
||||
@ -16,7 +16,7 @@ type kudzu_initrc_exec_t;
|
||||
init_script_file(kudzu_initrc_exec_t)
|
||||
|
||||
type kudzu_runtime_t alias kudzu_var_run_t;
|
||||
files_pid_file(kudzu_runtime_t)
|
||||
files_runtime_file(kudzu_runtime_t)
|
||||
|
||||
type kudzu_tmp_t;
|
||||
files_tmp_file(kudzu_tmp_t)
|
||||
@ -40,7 +40,7 @@ files_tmp_filetrans(kudzu_t, kudzu_tmp_t, { file dir chr_file })
|
||||
|
||||
manage_dirs_pattern(kudzu_t, kudzu_runtime_t, kudzu_runtime_t)
|
||||
manage_files_pattern(kudzu_t, kudzu_runtime_t, kudzu_runtime_t)
|
||||
files_pid_filetrans(kudzu_t, kudzu_runtime_t, file)
|
||||
files_runtime_filetrans(kudzu_t, kudzu_runtime_t, file)
|
||||
|
||||
kernel_change_ring_buffer_level(kudzu_t)
|
||||
kernel_read_device_sysctls(kudzu_t)
|
||||
|
||||
@ -81,7 +81,7 @@ domain_read_all_domains_state(logrotate_t)
|
||||
files_map_etc_files(logrotate_t)
|
||||
files_read_usr_files(logrotate_t)
|
||||
files_read_etc_runtime_files(logrotate_t)
|
||||
files_read_all_pids(logrotate_t)
|
||||
files_read_all_runtime_files(logrotate_t)
|
||||
files_search_all(logrotate_t)
|
||||
files_read_var_lib_files(logrotate_t)
|
||||
files_manage_generic_spool(logrotate_t)
|
||||
@ -229,7 +229,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
openvswitch_read_pid_files(logrotate_t)
|
||||
openvswitch_read_runtime_files(logrotate_t)
|
||||
openvswitch_domtrans(logrotate_t)
|
||||
')
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ type logwatch_lock_t;
|
||||
files_lock_file(logwatch_lock_t)
|
||||
|
||||
type logwatch_runtime_t alias logwatch_var_run_t;
|
||||
files_pid_file(logwatch_runtime_t)
|
||||
files_runtime_file(logwatch_runtime_t)
|
||||
|
||||
type logwatch_tmp_t;
|
||||
files_tmp_file(logwatch_tmp_t)
|
||||
@ -53,7 +53,7 @@ manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
|
||||
files_tmp_filetrans(logwatch_t, logwatch_tmp_t, { file dir })
|
||||
|
||||
allow logwatch_t logwatch_runtime_t:file manage_file_perms;
|
||||
files_pid_filetrans(logwatch_t, logwatch_runtime_t, file)
|
||||
files_runtime_filetrans(logwatch_t, logwatch_runtime_t, file)
|
||||
|
||||
kernel_read_fs_sysctls(logwatch_t)
|
||||
kernel_read_kernel_sysctls(logwatch_t)
|
||||
@ -136,7 +136,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
avahi_dontaudit_search_pid(logwatch_t)
|
||||
avahi_dontaudit_search_runtime(logwatch_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -53,6 +53,6 @@ interface(`mcelog_admin',`
|
||||
logging_search_logs($1)
|
||||
admin_pattern($1, mcelog_log_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, mcelog_runtime_t)
|
||||
')
|
||||
|
||||
@ -58,7 +58,7 @@ type mcelog_log_t;
|
||||
logging_log_file(mcelog_log_t)
|
||||
|
||||
type mcelog_runtime_t alias mcelog_var_run_t;
|
||||
files_pid_file(mcelog_runtime_t)
|
||||
files_runtime_file(mcelog_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -80,7 +80,7 @@ logging_log_filetrans(mcelog_t, mcelog_log_t, { dir file })
|
||||
manage_dirs_pattern(mcelog_t, mcelog_runtime_t, mcelog_runtime_t)
|
||||
manage_files_pattern(mcelog_t, mcelog_runtime_t, mcelog_runtime_t)
|
||||
manage_sock_files_pattern(mcelog_t, mcelog_runtime_t, mcelog_runtime_t)
|
||||
files_pid_filetrans(mcelog_t, mcelog_runtime_t, { dir file sock_file })
|
||||
files_runtime_filetrans(mcelog_t, mcelog_runtime_t, { dir file sock_file })
|
||||
|
||||
kernel_read_system_state(mcelog_t)
|
||||
|
||||
|
||||
@ -76,7 +76,7 @@ interface(`mrtg_admin',`
|
||||
logging_search_logs($1)
|
||||
admin_pattern($1, mrtg_log_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, mrtg_runtime_t)
|
||||
|
||||
files_search_var_lib($1)
|
||||
|
||||
@ -22,7 +22,7 @@ type mrtg_log_t;
|
||||
logging_log_file(mrtg_log_t)
|
||||
|
||||
type mrtg_runtime_t alias mrtg_var_run_t;
|
||||
files_pid_file(mrtg_runtime_t)
|
||||
files_runtime_file(mrtg_runtime_t)
|
||||
|
||||
type mrtg_var_lib_t;
|
||||
files_type(mrtg_var_lib_t)
|
||||
@ -56,7 +56,7 @@ manage_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
|
||||
manage_lnk_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
|
||||
|
||||
allow mrtg_t mrtg_runtime_t:file manage_file_perms;
|
||||
files_pid_filetrans(mrtg_t, mrtg_runtime_t, file)
|
||||
files_runtime_filetrans(mrtg_t, mrtg_runtime_t, file)
|
||||
|
||||
kernel_read_system_state(mrtg_t)
|
||||
kernel_read_network_state(mrtg_t)
|
||||
|
||||
@ -47,13 +47,13 @@ files_read_usr_files(ncftool_t)
|
||||
|
||||
miscfiles_read_localization(ncftool_t)
|
||||
|
||||
sysnet_delete_dhcpc_pid(ncftool_t)
|
||||
sysnet_delete_dhcpc_runtime_files(ncftool_t)
|
||||
sysnet_run_dhcpc(ncftool_t, ncftool_roles)
|
||||
sysnet_run_ifconfig(ncftool_t, ncftool_roles)
|
||||
sysnet_etc_filetrans_config(ncftool_t)
|
||||
sysnet_manage_config(ncftool_t)
|
||||
sysnet_read_dhcpc_state(ncftool_t)
|
||||
sysnet_read_dhcpc_pid(ncftool_t)
|
||||
sysnet_read_dhcpc_runtime_files(ncftool_t)
|
||||
sysnet_signal_dhcpc(ncftool_t)
|
||||
|
||||
userdom_use_user_terminals(ncftool_t)
|
||||
|
||||
@ -15,7 +15,7 @@ type passenger_log_t;
|
||||
logging_log_file(passenger_log_t)
|
||||
|
||||
type passenger_runtime_t alias passenger_var_run_t;
|
||||
files_pid_file(passenger_runtime_t)
|
||||
files_runtime_file(passenger_runtime_t)
|
||||
|
||||
type passenger_var_lib_t;
|
||||
files_type(passenger_var_lib_t)
|
||||
@ -43,7 +43,7 @@ manage_dirs_pattern(passenger_t, passenger_runtime_t, passenger_runtime_t)
|
||||
manage_files_pattern(passenger_t, passenger_runtime_t, passenger_runtime_t)
|
||||
manage_fifo_files_pattern(passenger_t, passenger_runtime_t, passenger_runtime_t)
|
||||
manage_sock_files_pattern(passenger_t, passenger_runtime_t, passenger_runtime_t)
|
||||
files_pid_filetrans(passenger_t, passenger_runtime_t, { file dir sock_file })
|
||||
files_runtime_filetrans(passenger_t, passenger_runtime_t, { file dir sock_file })
|
||||
|
||||
can_exec(passenger_t, passenger_exec_t)
|
||||
|
||||
|
||||
@ -110,7 +110,7 @@ files_manage_etc_files(gcc_config_t)
|
||||
files_rw_etc_runtime_files(gcc_config_t)
|
||||
files_read_usr_files(gcc_config_t)
|
||||
files_search_var_lib(gcc_config_t)
|
||||
files_search_pids(gcc_config_t)
|
||||
files_search_runtime(gcc_config_t)
|
||||
# complains loudly about not being able to list
|
||||
# the directory it is being run from
|
||||
files_list_all(gcc_config_t)
|
||||
@ -295,7 +295,7 @@ domain_use_interactive_fds(portage_fetch_t)
|
||||
|
||||
files_read_etc_runtime_files(portage_fetch_t)
|
||||
files_read_usr_files(portage_fetch_t)
|
||||
files_dontaudit_search_pids(portage_fetch_t)
|
||||
files_dontaudit_search_runtime(portage_fetch_t)
|
||||
|
||||
fs_search_auto_mountpoints(portage_fetch_t)
|
||||
|
||||
|
||||
@ -223,7 +223,7 @@ interface(`puppet_admin',`
|
||||
files_search_var_lib($1)
|
||||
admin_pattern($1, puppet_var_lib_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, puppet_runtime_t)
|
||||
|
||||
files_search_tmp($1)
|
||||
|
||||
@ -30,8 +30,8 @@ type puppet_log_t;
|
||||
logging_log_file(puppet_log_t)
|
||||
|
||||
type puppet_runtime_t alias puppet_var_run_t;
|
||||
files_pid_file(puppet_runtime_t)
|
||||
init_daemon_pid_file(puppet_runtime_t, dir, "puppet")
|
||||
files_runtime_file(puppet_runtime_t)
|
||||
init_daemon_runtime_file(puppet_runtime_t, dir, "puppet")
|
||||
|
||||
type puppet_tmp_t;
|
||||
files_tmp_file(puppet_tmp_t)
|
||||
@ -76,7 +76,7 @@ can_exec(puppet_t, puppet_var_lib_t)
|
||||
|
||||
setattr_dirs_pattern(puppet_t, puppet_runtime_t, puppet_runtime_t)
|
||||
manage_files_pattern(puppet_t, puppet_runtime_t, puppet_runtime_t)
|
||||
files_pid_filetrans(puppet_t, puppet_runtime_t, { file dir })
|
||||
files_runtime_filetrans(puppet_t, puppet_runtime_t, { file dir })
|
||||
|
||||
allow puppet_t puppet_log_t:dir { create_dir_perms setattr_dir_perms };
|
||||
append_files_pattern(puppet_t, puppet_log_t, puppet_log_t)
|
||||
@ -232,7 +232,7 @@ dev_read_urand(puppetca_t)
|
||||
dev_search_sysfs(puppetca_t)
|
||||
|
||||
files_read_etc_files(puppetca_t)
|
||||
files_search_pids(puppetca_t)
|
||||
files_search_runtime(puppetca_t)
|
||||
files_search_var_lib(puppetca_t)
|
||||
|
||||
selinux_validate_context(puppetca_t)
|
||||
@ -275,7 +275,7 @@ allow puppetmaster_t puppet_var_lib_t:file { manage_file_perms relabel_file_perm
|
||||
|
||||
allow puppetmaster_t puppet_runtime_t:dir { create_dir_perms setattr_dir_perms relabel_dir_perms };
|
||||
allow puppetmaster_t puppet_runtime_t:file manage_file_perms;
|
||||
files_pid_filetrans(puppetmaster_t, puppet_runtime_t, { file dir })
|
||||
files_runtime_filetrans(puppetmaster_t, puppet_runtime_t, { file dir })
|
||||
|
||||
allow puppetmaster_t puppetmaster_tmp_t:dir { manage_dir_perms relabel_dir_perms };
|
||||
allow puppetmaster_t puppetmaster_tmp_t:file manage_file_perms;
|
||||
|
||||
@ -26,7 +26,7 @@ type quota_nld_initrc_exec_t;
|
||||
init_script_file(quota_nld_initrc_exec_t)
|
||||
|
||||
type quota_nld_runtime_t alias quota_nld_var_run_t;
|
||||
files_pid_file(quota_nld_runtime_t)
|
||||
files_runtime_file(quota_nld_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -111,7 +111,7 @@ allow quota_nld_t self:netlink_socket create_socket_perms;
|
||||
allow quota_nld_t self:unix_stream_socket { accept listen };
|
||||
|
||||
manage_files_pattern(quota_nld_t, quota_nld_runtime_t, quota_nld_runtime_t)
|
||||
files_pid_filetrans(quota_nld_t, quota_nld_runtime_t, { file })
|
||||
files_runtime_filetrans(quota_nld_t, quota_nld_runtime_t, { file })
|
||||
|
||||
kernel_read_network_state(quota_nld_t)
|
||||
|
||||
|
||||
@ -10,8 +10,8 @@ type readahead_exec_t;
|
||||
init_system_domain(readahead_t, readahead_exec_t)
|
||||
|
||||
type readahead_runtime_t alias readahead_var_run_t;
|
||||
files_pid_file(readahead_runtime_t)
|
||||
init_daemon_pid_file(readahead_runtime_t, dir, "readahead")
|
||||
files_runtime_file(readahead_runtime_t)
|
||||
init_daemon_runtime_file(readahead_runtime_t, dir, "readahead")
|
||||
|
||||
type readahead_var_lib_t;
|
||||
files_type(readahead_var_lib_t)
|
||||
@ -30,7 +30,7 @@ manage_files_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
|
||||
|
||||
manage_dirs_pattern(readahead_t, readahead_runtime_t, readahead_runtime_t)
|
||||
manage_files_pattern(readahead_t, readahead_runtime_t, readahead_runtime_t)
|
||||
files_pid_filetrans(readahead_t, readahead_runtime_t, { dir file })
|
||||
files_runtime_filetrans(readahead_t, readahead_runtime_t, { dir file })
|
||||
|
||||
kernel_read_all_sysctls(readahead_t)
|
||||
kernel_read_system_state(readahead_t)
|
||||
|
||||
@ -88,7 +88,7 @@ files_read_all_chr_files(rkhunter_t)
|
||||
files_getattr_all_pipes(rkhunter_t)
|
||||
files_getattr_all_sockets(rkhunter_t)
|
||||
files_check_write_lock_dirs(rkhunter_t)
|
||||
files_check_write_pid_dirs(rkhunter_t)
|
||||
files_check_write_runtime_dirs(rkhunter_t)
|
||||
|
||||
fs_getattr_tracefs(rkhunter_t)
|
||||
fs_getattr_tracefs_dirs(rkhunter_t)
|
||||
|
||||
@ -601,7 +601,7 @@ interface(`rpm_manage_runtime_files',`
|
||||
')
|
||||
|
||||
manage_files_pattern($1, rpm_runtime_t, rpm_runtime_t)
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -651,7 +651,7 @@ interface(`rpm_admin',`
|
||||
logging_list_logs($1)
|
||||
admin_pattern($1, rpm_log_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, rpm_runtime_t)
|
||||
|
||||
fs_search_tmpfs($1)
|
||||
|
||||
@ -38,7 +38,7 @@ type rpm_log_t;
|
||||
logging_log_file(rpm_log_t)
|
||||
|
||||
type rpm_runtime_t alias rpm_var_run_t;
|
||||
files_pid_file(rpm_runtime_t)
|
||||
files_runtime_file(rpm_runtime_t)
|
||||
|
||||
type rpm_unit_t;
|
||||
init_unit_file(rpm_unit_t)
|
||||
@ -115,7 +115,7 @@ files_var_lib_filetrans(rpm_t, rpm_var_lib_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(rpm_t, rpm_runtime_t, rpm_runtime_t)
|
||||
manage_files_pattern(rpm_t, rpm_runtime_t, rpm_runtime_t)
|
||||
files_pid_filetrans(rpm_t, rpm_runtime_t, { dir file })
|
||||
files_runtime_filetrans(rpm_t, rpm_runtime_t, { dir file })
|
||||
|
||||
can_exec(rpm_t, { rpm_tmp_t rpm_tmpfs_t })
|
||||
|
||||
|
||||
@ -227,6 +227,6 @@ interface(`samhain_admin',`
|
||||
logging_list_logs($1)
|
||||
admin_pattern($1, samhain_log_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, samhain_runtime_t)
|
||||
')
|
||||
|
||||
@ -26,7 +26,7 @@ type samhain_initrc_exec_t;
|
||||
init_script_file(samhain_initrc_exec_t)
|
||||
|
||||
type samhain_runtime_t alias samhain_var_run_t;
|
||||
files_pid_file(samhain_runtime_t)
|
||||
files_runtime_file(samhain_runtime_t)
|
||||
|
||||
samhain_service_template(samhain)
|
||||
application_domain(samhain_t, samhain_exec_t)
|
||||
@ -60,7 +60,7 @@ manage_files_pattern(samhain_domain, samhain_log_t, samhain_log_t)
|
||||
logging_log_filetrans(samhain_domain, samhain_log_t, file)
|
||||
|
||||
manage_files_pattern(samhain_domain, samhain_runtime_t, samhain_runtime_t)
|
||||
files_pid_filetrans(samhain_domain, samhain_runtime_t, file)
|
||||
files_runtime_filetrans(samhain_domain, samhain_runtime_t, file)
|
||||
|
||||
kernel_getattr_core_if(samhain_domain)
|
||||
|
||||
|
||||
@ -61,6 +61,6 @@ interface(`sblim_admin',`
|
||||
|
||||
init_startstop_service($1, $2, sblim_domain, sblim_initrc_exec_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, sblim_runtime_t)
|
||||
')
|
||||
|
||||
@ -19,7 +19,7 @@ type sblim_initrc_exec_t;
|
||||
init_script_file(sblim_initrc_exec_t)
|
||||
|
||||
type sblim_runtime_t alias sblim_var_run_t;
|
||||
files_pid_file(sblim_runtime_t)
|
||||
files_runtime_file(sblim_runtime_t)
|
||||
|
||||
######################################
|
||||
#
|
||||
|
||||
@ -17,7 +17,7 @@ type shutdown_etc_t;
|
||||
files_config_file(shutdown_etc_t)
|
||||
|
||||
type shutdown_runtime_t alias shutdown_var_run_t;
|
||||
files_pid_file(shutdown_runtime_t)
|
||||
files_runtime_file(shutdown_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -33,14 +33,14 @@ manage_files_pattern(shutdown_t, shutdown_etc_t, shutdown_etc_t)
|
||||
files_etc_filetrans(shutdown_t, shutdown_etc_t, file)
|
||||
|
||||
manage_files_pattern(shutdown_t, shutdown_runtime_t, shutdown_runtime_t)
|
||||
files_pid_filetrans(shutdown_t, shutdown_runtime_t, file)
|
||||
files_runtime_filetrans(shutdown_t, shutdown_runtime_t, file)
|
||||
|
||||
kernel_read_system_state(shutdown_t)
|
||||
|
||||
domain_use_interactive_fds(shutdown_t)
|
||||
|
||||
files_delete_boot_flag(shutdown_t)
|
||||
files_read_generic_pids(shutdown_t)
|
||||
files_read_runtime_files(shutdown_t)
|
||||
|
||||
fs_getattr_xattr_fs(shutdown_t)
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ application_domain(sosreport_t, sosreport_exec_t)
|
||||
role sosreport_roles types sosreport_t;
|
||||
|
||||
type sosreport_runtime_t alias sosreport_var_run_t;
|
||||
files_pid_file(sosreport_runtime_t)
|
||||
files_runtime_file(sosreport_runtime_t)
|
||||
|
||||
type sosreport_tmp_t;
|
||||
files_tmp_file(sosreport_tmp_t)
|
||||
@ -51,7 +51,7 @@ manage_files_pattern(sosreport_t, sosreport_runtime_t, sosreport_runtime_t)
|
||||
manage_dirs_pattern(sosreport_t, sosreport_runtime_t, sosreport_runtime_t)
|
||||
manage_sock_files_pattern(sosreport_t, sosreport_runtime_t, sosreport_runtime_t)
|
||||
manage_lnk_files_pattern(sosreport_t, sosreport_runtime_t, sosreport_runtime_t)
|
||||
files_pid_filetrans(sosreport_t, sosreport_runtime_t, { file dir sock_file })
|
||||
files_runtime_filetrans(sosreport_t, sosreport_runtime_t, { file dir sock_file })
|
||||
|
||||
kernel_read_network_state(sosreport_t)
|
||||
kernel_read_all_sysctls(sosreport_t)
|
||||
@ -114,7 +114,7 @@ miscfiles_read_localization(sosreport_t)
|
||||
modutils_read_module_deps(sosreport_t)
|
||||
|
||||
optional_policy(`
|
||||
abrt_manage_pid_files(sosreport_t)
|
||||
abrt_manage_runtime_files(sosreport_t)
|
||||
abrt_manage_cache(sosreport_t)
|
||||
abrt_stream_connect(sosreport_t)
|
||||
')
|
||||
|
||||
@ -117,10 +117,11 @@ template(`sudo_role_template',`
|
||||
term_relabel_all_ptys($1_sudo_t)
|
||||
|
||||
auth_run_chk_passwd($1_sudo_t, $2)
|
||||
# sudo stores a token in the pam_pid directory
|
||||
auth_manage_pam_pid($1_sudo_t)
|
||||
# sudo stores a token in the pam runtime directory
|
||||
auth_manage_pam_runtime_dirs($1_sudo_t)
|
||||
auth_manage_pam_runtime_files($1_sudo_t)
|
||||
auth_use_pam($1_sudo_t)
|
||||
auth_pid_filetrans_pam_var_run($1_sudo_t, dir, "sudo")
|
||||
auth_runtime_filetrans_pam_runtime($1_sudo_t, dir, "sudo")
|
||||
|
||||
init_rw_utmp($1_sudo_t)
|
||||
|
||||
|
||||
@ -18,6 +18,6 @@ interface(`usbguard_stream_connect',`
|
||||
type usbguard_t, usbguard_tmpfs_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, usbguard_tmpfs_t, usbguard_tmpfs_t, usbguard_t)
|
||||
')
|
||||
|
||||
@ -344,7 +344,7 @@ domain_use_interactive_fds(passwd_t)
|
||||
files_read_etc_runtime_files(passwd_t)
|
||||
files_manage_etc_files(passwd_t)
|
||||
files_search_var(passwd_t)
|
||||
files_dontaudit_search_pids(passwd_t)
|
||||
files_dontaudit_search_runtime(passwd_t)
|
||||
files_relabel_etc_files(passwd_t)
|
||||
|
||||
# /usr/bin/passwd asks for w access to utmp, but it will operate
|
||||
@ -436,7 +436,7 @@ files_manage_etc_files(sysadm_passwd_t)
|
||||
files_relabel_etc_files(sysadm_passwd_t)
|
||||
files_read_etc_runtime_files(sysadm_passwd_t)
|
||||
# for nscd lookups
|
||||
files_dontaudit_search_pids(sysadm_passwd_t)
|
||||
files_dontaudit_search_runtime(sysadm_passwd_t)
|
||||
|
||||
# /usr/bin/passwd asks for w access to utmp, but it will operate
|
||||
# correctly without it. Do not audit write denials to utmp.
|
||||
|
||||
@ -50,7 +50,7 @@ tunable_policy(`vbetool_mmap_zero_ignore',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
hal_rw_pid_files(vbetool_t)
|
||||
hal_rw_runtime_files(vbetool_t)
|
||||
hal_write_log(vbetool_t)
|
||||
hal_dontaudit_append_lib_files(vbetool_t)
|
||||
')
|
||||
|
||||
@ -14,7 +14,7 @@ application_domain(vpnc_t, vpnc_exec_t)
|
||||
role vpnc_roles types vpnc_t;
|
||||
|
||||
type vpnc_runtime_t alias vpnc_var_run_t;
|
||||
files_pid_file(vpnc_runtime_t)
|
||||
files_runtime_file(vpnc_runtime_t)
|
||||
|
||||
type vpnc_tmp_t;
|
||||
files_tmp_file(vpnc_tmp_t)
|
||||
@ -39,7 +39,7 @@ files_tmp_filetrans(vpnc_t, vpnc_tmp_t, { file dir })
|
||||
|
||||
manage_dirs_pattern(vpnc_t, vpnc_runtime_t, vpnc_runtime_t)
|
||||
manage_files_pattern(vpnc_t, vpnc_runtime_t, vpnc_runtime_t)
|
||||
files_pid_filetrans(vpnc_t, vpnc_runtime_t, { file dir})
|
||||
files_runtime_filetrans(vpnc_t, vpnc_runtime_t, { file dir})
|
||||
|
||||
kernel_read_system_state(vpnc_t)
|
||||
kernel_read_network_state(vpnc_t)
|
||||
|
||||
@ -78,7 +78,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_dontaudit_search_pid(awstats_t)
|
||||
nscd_dontaudit_search_runtime(awstats_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -170,7 +170,7 @@ miscfiles_read_localization(chromium_t)
|
||||
sysnet_dns_name_resolve(chromium_t)
|
||||
|
||||
# for /run/udev/data/*
|
||||
udev_read_pid_files(chromium_t)
|
||||
udev_read_runtime_files(chromium_t)
|
||||
|
||||
userdom_user_content_access_template(chromium, chromium_t)
|
||||
userdom_dontaudit_list_user_home_dirs(chromium_t)
|
||||
|
||||
@ -43,7 +43,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_dontaudit_search_pid(cpufreqselector_t)
|
||||
nscd_dontaudit_search_runtime(cpufreqselector_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -28,7 +28,7 @@ type games_srv_t;
|
||||
init_system_domain(games_srv_t, games_exec_t)
|
||||
|
||||
type games_srv_runtime_t alias games_srv_var_run_t;
|
||||
files_pid_file(games_srv_runtime_t)
|
||||
files_runtime_file(games_srv_runtime_t)
|
||||
|
||||
type games_tmp_t;
|
||||
userdom_user_tmp_file(games_tmp_t)
|
||||
@ -52,7 +52,7 @@ manage_files_pattern(games_srv_t, games_data_t, games_data_t)
|
||||
manage_lnk_files_pattern(games_srv_t, games_data_t, games_data_t)
|
||||
|
||||
manage_files_pattern(games_srv_t, games_srv_runtime_t, games_srv_runtime_t)
|
||||
files_pid_filetrans(games_srv_t, games_srv_runtime_t, file)
|
||||
files_runtime_filetrans(games_srv_t, games_srv_runtime_t, file)
|
||||
|
||||
can_exec(games_srv_t, games_exec_t)
|
||||
|
||||
|
||||
@ -125,7 +125,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_dontaudit_search_pid(gconfd_t)
|
||||
nscd_dontaudit_search_runtime(gconfd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -38,7 +38,7 @@ userdom_user_application_domain(gpg_t, gpg_exec_t)
|
||||
role gpg_roles types gpg_t;
|
||||
|
||||
type gpg_runtime_t;
|
||||
files_pid_file(gpg_runtime_t)
|
||||
files_runtime_file(gpg_runtime_t)
|
||||
userdom_user_runtime_content(gpg_runtime_t)
|
||||
|
||||
type gpg_agent_t;
|
||||
|
||||
@ -50,7 +50,7 @@ miscfiles_read_localization(libmtp_t)
|
||||
userdom_use_inherited_user_terminals(libmtp_t)
|
||||
|
||||
optional_policy(`
|
||||
udev_read_pid_files(libmtp_t)
|
||||
udev_read_runtime_files(libmtp_t)
|
||||
')
|
||||
|
||||
tunable_policy(`libmtp_enable_home_dirs',`
|
||||
|
||||
@ -32,7 +32,7 @@ files_read_etc_files(loadkeys_t)
|
||||
files_read_etc_runtime_files(loadkeys_t)
|
||||
# keymap files are in /usr/share/keymaps or /usr/share/kbd/keymaps
|
||||
files_read_usr_files(loadkeys_t)
|
||||
files_search_pids(loadkeys_t)
|
||||
files_search_runtime(loadkeys_t)
|
||||
files_search_src(loadkeys_t)
|
||||
files_search_tmp(loadkeys_t)
|
||||
|
||||
@ -57,5 +57,5 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_dontaudit_search_pid(loadkeys_t)
|
||||
nscd_dontaudit_search_runtime(loadkeys_t)
|
||||
')
|
||||
|
||||
@ -43,7 +43,7 @@ files_read_etc_files(mandb_t)
|
||||
# /usr/local/man
|
||||
files_read_usr_symlinks(mandb_t)
|
||||
# search /var/run/nscd/socket
|
||||
files_search_pids(mandb_t)
|
||||
files_search_runtime(mandb_t)
|
||||
|
||||
fs_getattr_xattr_fs(mandb_t)
|
||||
|
||||
|
||||
@ -589,7 +589,7 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
xserver_read_user_xauth(mozilla_plugin_t)
|
||||
xserver_read_xdm_pid(mozilla_plugin_t)
|
||||
xserver_read_xdm_runtime_files(mozilla_plugin_t)
|
||||
xserver_stream_connect(mozilla_plugin_t)
|
||||
xserver_use_user_fonts(mozilla_plugin_t)
|
||||
xserver_dontaudit_read_xdm_tmp_files(mozilla_plugin_t)
|
||||
|
||||
@ -201,7 +201,7 @@ interface(`pulseaudio_stream_connect',`
|
||||
type pulseaudio_t, pulseaudio_runtime_t, pulseaudio_tmp_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, { pulseaudio_tmp_t pulseaudio_runtime_t }, { pulseaudio_tmp_t pulseaudio_runtime_t }, pulseaudio_t)
|
||||
')
|
||||
|
||||
|
||||
@ -28,7 +28,7 @@ type pulseaudio_home_t;
|
||||
userdom_user_home_content(pulseaudio_home_t)
|
||||
|
||||
type pulseaudio_runtime_t alias pulseaudio_var_run_t;
|
||||
files_pid_file(pulseaudio_runtime_t)
|
||||
files_runtime_file(pulseaudio_runtime_t)
|
||||
|
||||
type pulseaudio_tmp_t;
|
||||
userdom_user_tmp_file(pulseaudio_tmp_t)
|
||||
@ -88,7 +88,7 @@ files_var_lib_filetrans(pulseaudio_t, pulseaudio_var_lib_t, { dir file })
|
||||
manage_dirs_pattern(pulseaudio_t, pulseaudio_runtime_t, pulseaudio_runtime_t)
|
||||
manage_files_pattern(pulseaudio_t, pulseaudio_runtime_t, pulseaudio_runtime_t)
|
||||
manage_sock_files_pattern(pulseaudio_t, pulseaudio_runtime_t, pulseaudio_runtime_t)
|
||||
files_pid_filetrans(pulseaudio_t, pulseaudio_runtime_t, { dir file })
|
||||
files_runtime_filetrans(pulseaudio_t, pulseaudio_runtime_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
|
||||
manage_files_pattern(pulseaudio_t, pulseaudio_xdg_config_t, pulseaudio_xdg_config_t)
|
||||
@ -228,11 +228,11 @@ optional_policy(`
|
||||
# for /run/systemd/seats and /run/systemd/sessions
|
||||
systemd_read_logind_sessions_files(pulseaudio_t)
|
||||
# for /run/systemd/users/$PID
|
||||
systemd_read_logind_pids(pulseaudio_t)
|
||||
systemd_read_logind_runtime_files(pulseaudio_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
udev_read_pid_files(pulseaudio_t)
|
||||
udev_read_runtime_files(pulseaudio_t)
|
||||
udev_read_state(pulseaudio_t)
|
||||
udev_read_db(pulseaudio_t)
|
||||
')
|
||||
@ -241,7 +241,7 @@ optional_policy(`
|
||||
xserver_stream_connect(pulseaudio_t)
|
||||
xserver_manage_xdm_tmp_files(pulseaudio_t)
|
||||
xserver_read_xdm_lib_files(pulseaudio_t)
|
||||
xserver_read_xdm_pid(pulseaudio_t)
|
||||
xserver_read_xdm_runtime_files(pulseaudio_t)
|
||||
xserver_user_x_domain_template(pulseaudio, pulseaudio_t, pulseaudio_tmpfs_t)
|
||||
')
|
||||
|
||||
|
||||
@ -276,7 +276,7 @@ interface(`qemu_stream_connect',`
|
||||
type qemu_t, qemu_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, qemu_runtime_t, qemu_runtime_t, qemu_t)
|
||||
')
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ type qemu_exec_t;
|
||||
application_executable_file(qemu_exec_t)
|
||||
|
||||
type qemu_runtime_t alias qemu_var_run_t;
|
||||
files_pid_file(qemu_runtime_t)
|
||||
files_runtime_file(qemu_runtime_t)
|
||||
|
||||
virt_domain_template(qemu)
|
||||
role qemu_roles types qemu_t;
|
||||
@ -38,7 +38,7 @@ kernel_read_crypto_sysctls(qemu_t)
|
||||
dev_read_sysfs(qemu_t)
|
||||
|
||||
allow qemu_t qemu_runtime_t:sock_file create_sock_file_perms;
|
||||
files_pid_filetrans(qemu_t, qemu_runtime_t, sock_file)
|
||||
files_runtime_filetrans(qemu_t, qemu_runtime_t, sock_file)
|
||||
|
||||
tunable_policy(`qemu_full_network',`
|
||||
corenet_udp_sendrecv_generic_if(qemu_t)
|
||||
@ -56,7 +56,7 @@ optional_policy(`
|
||||
|
||||
xen_stream_connect_xenstore(qemu_t)
|
||||
xen_append_log(qemu_t)
|
||||
xen_pid_filetrans(qemu_t, qemu_runtime_t, sock_file)
|
||||
xen_runtime_filetrans(qemu_t, qemu_runtime_t, sock_file)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -44,7 +44,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nscd_dontaudit_search_pid(sambagui_t)
|
||||
nscd_dontaudit_search_runtime(sambagui_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -19,7 +19,7 @@ type screen_tmp_t;
|
||||
userdom_user_tmp_file(screen_tmp_t)
|
||||
|
||||
type screen_runtime_t;
|
||||
files_pid_file(screen_runtime_t)
|
||||
files_runtime_file(screen_runtime_t)
|
||||
ubac_constrained(screen_runtime_t)
|
||||
|
||||
########################################
|
||||
@ -44,7 +44,7 @@ filetrans_pattern(screen_domain, screen_tmp_t, screen_runtime_t, sock_file)
|
||||
manage_fifo_files_pattern(screen_domain, screen_runtime_t, screen_runtime_t)
|
||||
manage_dirs_pattern(screen_domain, screen_runtime_t, screen_runtime_t)
|
||||
manage_sock_files_pattern(screen_domain, screen_runtime_t, screen_runtime_t)
|
||||
files_pid_filetrans(screen_domain, screen_runtime_t, dir)
|
||||
files_runtime_filetrans(screen_domain, screen_runtime_t, dir)
|
||||
|
||||
manage_dirs_pattern(screen_domain, screen_home_t, screen_home_t)
|
||||
read_files_pattern(screen_domain, screen_home_t, screen_home_t)
|
||||
|
||||
@ -35,5 +35,5 @@ term_use_unallocated_ttys(sigrok_t)
|
||||
userdom_use_user_ptys(sigrok_t)
|
||||
|
||||
optional_policy(`
|
||||
udev_read_pid_files(sigrok_t)
|
||||
udev_read_runtime_files(sigrok_t)
|
||||
')
|
||||
|
||||
@ -10,7 +10,7 @@ type locate_exec_t;
|
||||
init_system_domain(locate_t, locate_exec_t)
|
||||
|
||||
type locate_runtime_t alias locate_var_run_t;
|
||||
files_pid_file(locate_runtime_t)
|
||||
files_runtime_file(locate_runtime_t)
|
||||
|
||||
type locate_var_lib_t;
|
||||
files_type(locate_var_lib_t)
|
||||
@ -29,7 +29,7 @@ manage_dirs_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
|
||||
manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
|
||||
|
||||
allow locate_t locate_runtime_t:file manage_file_perms;
|
||||
files_pid_filetrans(locate_t, locate_runtime_t, file, "mlocate.daily.lock")
|
||||
files_runtime_filetrans(locate_t, locate_runtime_t, file, "mlocate.daily.lock")
|
||||
|
||||
can_exec(locate_t, locate_exec_t)
|
||||
|
||||
|
||||
@ -177,7 +177,7 @@ manage_files_pattern(telepathy_logger_t, telepathy_logger_xdg_data_t, telepathy_
|
||||
# gnome_data_filetrans(telepathy_logger_t, telepathy_logger_xdg_data_t, dir, "TpLogger")
|
||||
|
||||
files_read_usr_files(telepathy_logger_t)
|
||||
files_search_pids(telepathy_logger_t)
|
||||
files_search_runtime(telepathy_logger_t)
|
||||
|
||||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_manage_nfs_dirs(telepathy_logger_t)
|
||||
@ -422,7 +422,7 @@ tunable_policy(`use_samba_home_dirs',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
xserver_read_xdm_pid(telepathy_sunshine_t)
|
||||
xserver_read_xdm_runtime_files(telepathy_sunshine_t)
|
||||
xserver_stream_connect(telepathy_sunshine_t)
|
||||
')
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ type uml_switch_exec_t;
|
||||
init_daemon_domain(uml_switch_t, uml_switch_exec_t)
|
||||
|
||||
type uml_switch_runtime_t alias uml_swich_var_run_t;
|
||||
files_pid_file(uml_switch_runtime_t)
|
||||
files_runtime_file(uml_switch_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -137,7 +137,7 @@ allow uml_switch_t self:unix_stream_socket { accept listen };
|
||||
|
||||
manage_files_pattern(uml_switch_t, uml_switch_runtime_t, uml_switch_runtime_t)
|
||||
manage_sock_files_pattern(uml_switch_t, uml_switch_runtime_t, uml_switch_runtime_t)
|
||||
files_pid_filetrans(uml_switch_t, uml_switch_runtime_t, file)
|
||||
files_runtime_filetrans(uml_switch_t, uml_switch_runtime_t, file)
|
||||
|
||||
kernel_read_kernel_sysctls(uml_switch_t)
|
||||
kernel_list_proc(uml_switch_t)
|
||||
|
||||
@ -55,7 +55,7 @@ files_search_mnt(consolehelper_type)
|
||||
term_list_ptys(consolehelper_type)
|
||||
|
||||
auth_search_pam_console_data(consolehelper_type)
|
||||
auth_read_pam_pid(consolehelper_type)
|
||||
auth_read_pam_runtime_files(consolehelper_type)
|
||||
|
||||
miscfiles_read_localization(consolehelper_type)
|
||||
miscfiles_read_fonts(consolehelper_type)
|
||||
@ -85,7 +85,7 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
xserver_domtrans_xauth(consolehelper_type)
|
||||
xserver_read_xdm_pid(consolehelper_type)
|
||||
xserver_read_xdm_runtime_files(consolehelper_type)
|
||||
xserver_stream_connect(consolehelper_type)
|
||||
')
|
||||
|
||||
@ -143,7 +143,8 @@ term_relabel_all_ptys(userhelper_type)
|
||||
term_use_all_ttys(userhelper_type)
|
||||
term_use_all_ptys(userhelper_type)
|
||||
|
||||
auth_manage_pam_pid(userhelper_type)
|
||||
auth_manage_pam_runtime_dirs(userhelper_type)
|
||||
auth_manage_pam_runtime_files(userhelper_type)
|
||||
auth_manage_var_auth(userhelper_type)
|
||||
auth_search_pam_console_data(userhelper_type)
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ domain_dontaudit_read_all_domains_state(usernetctl_t)
|
||||
|
||||
files_exec_etc_files(usernetctl_t)
|
||||
files_read_etc_runtime_files(usernetctl_t)
|
||||
files_list_pids(usernetctl_t)
|
||||
files_list_runtime(usernetctl_t)
|
||||
files_list_home(usernetctl_t)
|
||||
files_read_usr_files(usernetctl_t)
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ type vmware_host_exec_t;
|
||||
init_daemon_domain(vmware_host_t, vmware_host_exec_t)
|
||||
|
||||
type vmware_host_pid_t alias vmware_var_run_t;
|
||||
files_pid_file(vmware_host_pid_t)
|
||||
files_runtime_file(vmware_host_pid_t)
|
||||
|
||||
type vmware_host_tmp_t;
|
||||
userdom_user_tmp_file(vmware_host_tmp_t)
|
||||
@ -30,7 +30,7 @@ logging_log_file(vmware_log_t)
|
||||
ubac_constrained(vmware_log_t)
|
||||
|
||||
type vmware_pid_t;
|
||||
files_pid_file(vmware_pid_t)
|
||||
files_runtime_file(vmware_pid_t)
|
||||
ubac_constrained(vmware_pid_t)
|
||||
|
||||
type vmware_sys_conf_t;
|
||||
@ -72,7 +72,7 @@ files_tmp_filetrans(vmware_host_t, vmware_host_tmp_t, { file dir })
|
||||
|
||||
manage_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
|
||||
manage_sock_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
|
||||
files_pid_filetrans(vmware_host_t, vmware_var_run_t, { file sock_file })
|
||||
files_runtime_filetrans(vmware_host_t, vmware_var_run_t, { file sock_file })
|
||||
|
||||
append_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t)
|
||||
create_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t)
|
||||
@ -162,7 +162,7 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
xserver_read_tmp_files(vmware_host_t)
|
||||
xserver_read_xdm_pid(vmware_host_t)
|
||||
xserver_read_xdm_runtime_files(vmware_host_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -209,7 +209,7 @@ manage_dirs_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
|
||||
manage_files_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
|
||||
manage_lnk_files_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
|
||||
manage_sock_files_pattern(vmware_t, vmware_pid_t, vmware_pid_t)
|
||||
files_pid_filetrans(vmware_t, vmware_pid_t, { dir file lnk_file })
|
||||
files_runtime_filetrans(vmware_t, vmware_pid_t, { dir file lnk_file })
|
||||
|
||||
can_exec(vmware_t, { vmware_tmp_t vmware_exec_t })
|
||||
|
||||
|
||||
@ -79,6 +79,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
xserver_read_xdm_pid(wine_t)
|
||||
xserver_read_xdm_runtime_files(wine_t)
|
||||
xserver_rw_shm(wine_t)
|
||||
')
|
||||
|
||||
@ -76,7 +76,7 @@ selinux_get_enforce_mode(wm_domain)
|
||||
|
||||
seutil_read_config(wm_domain)
|
||||
|
||||
udev_read_pid_files(wm_domain)
|
||||
udev_read_runtime_files(wm_domain)
|
||||
|
||||
# the following is needed by gnome-shell
|
||||
userdom_exec_user_home_content_files(wm_domain)
|
||||
|
||||
@ -179,7 +179,7 @@ files_mountpoint(var_lock_t)
|
||||
# used for pid and other runtime files.
|
||||
#
|
||||
type var_run_t;
|
||||
files_pid_file(var_run_t)
|
||||
files_runtime_file(var_run_t)
|
||||
files_mountpoint(var_run_t)
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -415,8 +415,8 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
dev_ioctl_dri_dev(kernel_t)
|
||||
|
||||
plymouthd_delete_pid_files(kernel_t)
|
||||
plymouthd_read_pid_files(kernel_t)
|
||||
plymouthd_delete_runtime_files(kernel_t)
|
||||
plymouthd_read_runtime_files(kernel_t)
|
||||
plymouthd_read_spool_files(kernel_t)
|
||||
plymouthd_rw_lib_files(kernel_t)
|
||||
|
||||
|
||||
@ -154,7 +154,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
pcscd_read_pid_files(xguest_t)
|
||||
pcscd_read_runtime_files(xguest_t)
|
||||
pcscd_stream_connect(xguest_t)
|
||||
')
|
||||
|
||||
|
||||
@ -89,7 +89,7 @@ interface(`abrt_stream_connect',`
|
||||
type abrt_t, abrt_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, abrt_runtime_t, abrt_runtime_t, abrt_t)
|
||||
')
|
||||
|
||||
@ -268,7 +268,7 @@ interface(`abrt_manage_runtime_files',`
|
||||
type abrt_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
manage_files_pattern($1, abrt_runtime_t, abrt_runtime_t)
|
||||
')
|
||||
|
||||
@ -311,7 +311,7 @@ interface(`abrt_admin',`
|
||||
files_search_var($1)
|
||||
admin_pattern($1, { abrt_retrace_cache_t abrt_var_cache_t abrt_retrace_spool_t })
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, abrt_runtime_t)
|
||||
|
||||
files_search_tmp($1)
|
||||
|
||||
@ -48,7 +48,7 @@ type abrt_etc_t;
|
||||
files_config_file(abrt_etc_t)
|
||||
|
||||
type abrt_runtime_t alias abrt_var_run_t;
|
||||
files_pid_file(abrt_runtime_t)
|
||||
files_runtime_file(abrt_runtime_t)
|
||||
|
||||
type abrt_var_log_t;
|
||||
logging_log_file(abrt_var_log_t)
|
||||
@ -136,7 +136,7 @@ manage_files_pattern(abrt_t, abrt_runtime_t, abrt_runtime_t)
|
||||
manage_dirs_pattern(abrt_t, abrt_runtime_t, abrt_runtime_t)
|
||||
manage_sock_files_pattern(abrt_t, abrt_runtime_t, abrt_runtime_t)
|
||||
manage_lnk_files_pattern(abrt_t, abrt_runtime_t, abrt_runtime_t)
|
||||
files_pid_filetrans(abrt_t, abrt_runtime_t, { file dir sock_file })
|
||||
files_runtime_filetrans(abrt_t, abrt_runtime_t, { file dir sock_file })
|
||||
|
||||
can_exec(abrt_t, abrt_tmp_t)
|
||||
|
||||
@ -236,7 +236,7 @@ optional_policy(`
|
||||
rpm_dontaudit_manage_db(abrt_t)
|
||||
rpm_manage_cache(abrt_t)
|
||||
rpm_manage_log(abrt_t)
|
||||
rpm_manage_pid_files(abrt_t)
|
||||
rpm_manage_runtime_files(abrt_t)
|
||||
rpm_read_db(abrt_t)
|
||||
rpm_signull(abrt_t)
|
||||
')
|
||||
@ -334,7 +334,7 @@ optional_policy(`
|
||||
rpm_dontaudit_manage_db(abrt_retrace_coredump_t)
|
||||
rpm_manage_cache(abrt_retrace_coredump_t)
|
||||
rpm_manage_log(abrt_retrace_coredump_t)
|
||||
rpm_manage_pid_files(abrt_retrace_coredump_t)
|
||||
rpm_manage_runtime_files(abrt_retrace_coredump_t)
|
||||
rpm_read_db(abrt_retrace_coredump_t)
|
||||
rpm_signull(abrt_retrace_coredump_t)
|
||||
')
|
||||
|
||||
@ -135,7 +135,7 @@ interface(`acpi_stream_connect',`
|
||||
type acpid_t, acpid_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, acpid_runtime_t, acpid_runtime_t, acpid_t)
|
||||
')
|
||||
|
||||
@ -174,7 +174,7 @@ interface(`acpi_admin',`
|
||||
files_search_locks($1)
|
||||
admin_pattern($1, acpid_lock_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, acpid_runtime_t)
|
||||
|
||||
files_search_var_lib($1)
|
||||
|
||||
@ -28,7 +28,7 @@ logging_log_file(acpid_log_t)
|
||||
|
||||
type acpid_runtime_t;
|
||||
typealias acpid_runtime_t alias acpid_var_run_t;
|
||||
files_pid_file(acpid_runtime_t)
|
||||
files_runtime_file(acpid_runtime_t)
|
||||
|
||||
type acpid_tmp_t;
|
||||
files_tmp_file(acpid_tmp_t)
|
||||
@ -87,7 +87,7 @@ files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir)
|
||||
|
||||
manage_files_pattern(acpid_t, acpid_runtime_t, acpid_runtime_t)
|
||||
manage_sock_files_pattern(acpid_t, acpid_runtime_t, acpid_runtime_t)
|
||||
files_pid_filetrans(acpid_t, acpid_runtime_t, { file sock_file })
|
||||
files_runtime_filetrans(acpid_t, acpid_runtime_t, { file sock_file })
|
||||
|
||||
can_exec(acpid_t, acpid_runtime_t)
|
||||
|
||||
@ -169,7 +169,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
devicekit_manage_pid_files(acpid_t)
|
||||
devicekit_manage_runtime_files(acpid_t)
|
||||
devicekit_manage_log_files(acpid_t)
|
||||
devicekit_relabel_log_files(acpid_t)
|
||||
')
|
||||
|
||||
@ -186,7 +186,7 @@ dev_read_urand(afs_fsserver_t)
|
||||
files_read_etc_runtime_files(afs_fsserver_t)
|
||||
files_list_home(afs_fsserver_t)
|
||||
files_read_usr_files(afs_fsserver_t)
|
||||
files_list_pids(afs_fsserver_t)
|
||||
files_list_runtime(afs_fsserver_t)
|
||||
files_dontaudit_search_mnt(afs_fsserver_t)
|
||||
|
||||
fs_getattr_xattr_fs(afs_fsserver_t)
|
||||
|
||||
@ -83,5 +83,5 @@ interface(`aiccu_admin',`
|
||||
files_list_etc($1)
|
||||
|
||||
admin_pattern($1, aiccu_runtime_t)
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
')
|
||||
|
||||
@ -16,7 +16,7 @@ type aiccu_etc_t;
|
||||
files_config_file(aiccu_etc_t)
|
||||
|
||||
type aiccu_runtime_t alias aiccu_var_run_t;
|
||||
files_pid_file(aiccu_runtime_t)
|
||||
files_runtime_file(aiccu_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -37,7 +37,7 @@ allow aiccu_t aiccu_etc_t:file read_file_perms;
|
||||
|
||||
manage_dirs_pattern(aiccu_t, aiccu_runtime_t, aiccu_runtime_t)
|
||||
manage_files_pattern(aiccu_t, aiccu_runtime_t, aiccu_runtime_t)
|
||||
files_pid_filetrans(aiccu_t, aiccu_runtime_t, { file dir })
|
||||
files_runtime_filetrans(aiccu_t, aiccu_runtime_t, { file dir })
|
||||
|
||||
kernel_read_system_state(aiccu_t)
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ interface(`aisexec_stream_connect',`
|
||||
type aisexec_t, aisexec_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, aisexec_runtime_t, aisexec_runtime_t, aisexec_t)
|
||||
')
|
||||
|
||||
@ -94,7 +94,7 @@ interface(`aisexecd_admin',`
|
||||
logging_list_logs($1)
|
||||
admin_pattern($1, aisexec_var_log_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, aisexec_runtime_t)
|
||||
|
||||
files_list_tmp($1)
|
||||
|
||||
@ -13,7 +13,7 @@ type aisexec_initrc_exec_t;
|
||||
init_script_file(aisexec_initrc_exec_t)
|
||||
|
||||
type aisexec_runtime_t alias aisexec_var_run_t;
|
||||
files_pid_file(aisexec_runtime_t)
|
||||
files_runtime_file(aisexec_runtime_t)
|
||||
|
||||
type aisexec_tmp_t;
|
||||
files_tmp_file(aisexec_tmp_t)
|
||||
@ -58,7 +58,7 @@ logging_log_filetrans(aisexec_t, aisexec_var_log_t, file)
|
||||
|
||||
manage_files_pattern(aisexec_t, aisexec_runtime_t, aisexec_runtime_t)
|
||||
manage_sock_files_pattern(aisexec_t, aisexec_runtime_t, aisexec_runtime_t)
|
||||
files_pid_filetrans(aisexec_t, aisexec_runtime_t, { file sock_file })
|
||||
files_runtime_filetrans(aisexec_t, aisexec_runtime_t, { file sock_file })
|
||||
|
||||
kernel_read_system_state(aisexec_t)
|
||||
|
||||
|
||||
@ -217,7 +217,7 @@ interface(`amavis_setattr_runtime_files',`
|
||||
')
|
||||
|
||||
allow $1 amavis_runtime_t:file setattr_file_perms;
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -236,7 +236,7 @@ interface(`amavis_create_runtime_files',`
|
||||
')
|
||||
|
||||
create_files_pattern($1, amavis_runtime_t, amavis_runtime_t)
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -285,6 +285,6 @@ interface(`amavis_admin',`
|
||||
logging_list_logs($1)
|
||||
admin_pattern($1, amavis_var_log_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, amavis_runtime_t)
|
||||
')
|
||||
|
||||
@ -24,7 +24,7 @@ type amavis_initrc_exec_t;
|
||||
init_script_file(amavis_initrc_exec_t)
|
||||
|
||||
type amavis_runtime_t alias amavis_var_run_t;
|
||||
files_pid_file(amavis_runtime_t)
|
||||
files_runtime_file(amavis_runtime_t)
|
||||
|
||||
type amavis_var_lib_t;
|
||||
files_type(amavis_var_lib_t)
|
||||
@ -83,7 +83,7 @@ logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
|
||||
manage_dirs_pattern(amavis_t, amavis_runtime_t, amavis_runtime_t)
|
||||
manage_files_pattern(amavis_t, amavis_runtime_t, amavis_runtime_t)
|
||||
manage_sock_files_pattern(amavis_t, amavis_runtime_t, amavis_runtime_t)
|
||||
files_pid_filetrans(amavis_t, amavis_runtime_t, { dir file sock_file })
|
||||
files_runtime_filetrans(amavis_t, amavis_runtime_t, { dir file sock_file })
|
||||
|
||||
can_exec(amavis_t, amavis_exec_t)
|
||||
|
||||
|
||||
@ -1369,7 +1369,7 @@ interface(`apache_admin',`
|
||||
files_lock_filetrans($1, httpd_lock_t, file)
|
||||
|
||||
admin_pattern($1, httpd_runtime_t)
|
||||
files_pid_filetrans($1, httpd_runtime_t, file)
|
||||
files_runtime_filetrans($1, httpd_runtime_t, file)
|
||||
|
||||
admin_pattern($1, { httpdcontent httpd_script_exec_type httpd_htaccess_type })
|
||||
admin_pattern($1, { httpd_tmp_t httpd_suexec_tmp_t })
|
||||
|
||||
@ -304,7 +304,7 @@ type httpd_rotatelogs_exec_t;
|
||||
init_daemon_domain(httpd_rotatelogs_t, httpd_rotatelogs_exec_t)
|
||||
|
||||
type httpd_runtime_t alias httpd_var_run_t;
|
||||
files_pid_file(httpd_runtime_t)
|
||||
files_runtime_file(httpd_runtime_t)
|
||||
|
||||
type httpd_squirrelmail_t;
|
||||
files_type(httpd_squirrelmail_t)
|
||||
@ -446,7 +446,7 @@ setattr_dirs_pattern(httpd_t, httpd_runtime_t, httpd_runtime_t)
|
||||
manage_dirs_pattern(httpd_t, httpd_runtime_t, httpd_runtime_t)
|
||||
manage_files_pattern(httpd_t, httpd_runtime_t, httpd_runtime_t)
|
||||
manage_sock_files_pattern(httpd_t, httpd_runtime_t, httpd_runtime_t)
|
||||
files_pid_filetrans(httpd_t, httpd_runtime_t, { file sock_file dir })
|
||||
files_runtime_filetrans(httpd_t, httpd_runtime_t, { file sock_file dir })
|
||||
|
||||
manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
|
||||
manage_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
|
||||
@ -496,7 +496,7 @@ fs_rw_inherited_hugetlbfs_files(httpd_t)
|
||||
fs_read_iso9660_files(httpd_t)
|
||||
fs_search_auto_mountpoints(httpd_t)
|
||||
|
||||
files_dontaudit_getattr_all_pids(httpd_t)
|
||||
files_dontaudit_getattr_all_runtime_files(httpd_t)
|
||||
files_read_usr_files(httpd_t)
|
||||
files_list_mnt(httpd_t)
|
||||
files_search_spool(httpd_t)
|
||||
@ -826,7 +826,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_manage_ipa',`
|
||||
memcached_manage_pid_files(httpd_t)
|
||||
memcached_manage_runtime_files(httpd_t)
|
||||
')
|
||||
')
|
||||
|
||||
@ -851,7 +851,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
pcscd_read_pid_files(httpd_t)
|
||||
pcscd_read_runtime_files(httpd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -967,7 +967,7 @@ fs_read_iso9660_files(httpd_suexec_t)
|
||||
fs_search_auto_mountpoints(httpd_suexec_t)
|
||||
|
||||
files_read_usr_files(httpd_suexec_t)
|
||||
files_dontaudit_search_pids(httpd_suexec_t)
|
||||
files_dontaudit_search_runtime(httpd_suexec_t)
|
||||
files_search_home(httpd_suexec_t)
|
||||
|
||||
auth_use_nsswitch(httpd_suexec_t)
|
||||
@ -1251,7 +1251,7 @@ auth_use_nsswitch(httpd_sys_script_t)
|
||||
logging_send_syslog_msg(httpd_sys_script_t)
|
||||
|
||||
ifdef(`init_systemd', `
|
||||
init_search_pids(httpd_sys_script_t)
|
||||
init_search_runtime(httpd_sys_script_t)
|
||||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs',`
|
||||
|
||||
@ -155,6 +155,6 @@ interface(`apcupsd_admin',`
|
||||
files_list_tmp($1)
|
||||
admin_pattern($1, apcupsd_tmp_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, apcupsd_runtime_t)
|
||||
')
|
||||
|
||||
@ -19,7 +19,7 @@ type apcupsd_log_t;
|
||||
logging_log_file(apcupsd_log_t)
|
||||
|
||||
type apcupsd_runtime_t alias apcupsd_var_run_t;
|
||||
files_pid_file(apcupsd_runtime_t)
|
||||
files_runtime_file(apcupsd_runtime_t)
|
||||
|
||||
type apcupsd_tmp_t;
|
||||
files_tmp_file(apcupsd_tmp_t)
|
||||
@ -50,7 +50,7 @@ manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
|
||||
files_tmp_filetrans(apcupsd_t, apcupsd_tmp_t, file)
|
||||
|
||||
manage_files_pattern(apcupsd_t, apcupsd_runtime_t, apcupsd_runtime_t)
|
||||
files_pid_filetrans(apcupsd_t, apcupsd_runtime_t, file)
|
||||
files_runtime_filetrans(apcupsd_t, apcupsd_runtime_t, file)
|
||||
|
||||
kernel_read_system_state(apcupsd_t)
|
||||
|
||||
|
||||
@ -60,6 +60,6 @@ interface(`aptcacher_stream_connect',`
|
||||
type aptcacher_t, aptcacher_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, aptcacher_runtime_t, aptcacher_runtime_t, aptcacher_t)
|
||||
')
|
||||
|
||||
@ -29,7 +29,7 @@ type aptcacher_log_t;
|
||||
logging_log_file(aptcacher_log_t)
|
||||
|
||||
type aptcacher_runtime_t;
|
||||
files_pid_file(aptcacher_runtime_t)
|
||||
files_runtime_file(aptcacher_runtime_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -150,6 +150,6 @@ interface(`arpwatch_admin',`
|
||||
files_search_var_lib($1)
|
||||
admin_pattern($1, arpwatch_data_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, arpwatch_pid_t)
|
||||
')
|
||||
|
||||
@ -22,7 +22,7 @@ type arpwatch_unit_t;
|
||||
init_unit_file(arpwatch_unit_t)
|
||||
|
||||
type arpwatch_pid_t alias arpwatch_var_run_t;
|
||||
files_pid_file(arpwatch_pid_t)
|
||||
files_runtime_file(arpwatch_pid_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -46,7 +46,7 @@ manage_files_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
|
||||
files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
|
||||
|
||||
manage_files_pattern(arpwatch_t, arpwatch_pid_t, arpwatch_pid_t)
|
||||
files_pid_filetrans(arpwatch_t, arpwatch_pid_t, file)
|
||||
files_runtime_filetrans(arpwatch_t, arpwatch_pid_t, file)
|
||||
|
||||
kernel_read_kernel_sysctls(arpwatch_t)
|
||||
kernel_read_network_state(arpwatch_t)
|
||||
|
||||
@ -54,7 +54,7 @@ interface(`asterisk_stream_connect',`
|
||||
type asterisk_t, asterisk_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, asterisk_runtime_t, asterisk_runtime_t, asterisk_t)
|
||||
')
|
||||
|
||||
@ -140,6 +140,6 @@ interface(`asterisk_admin',`
|
||||
files_list_var_lib($1)
|
||||
admin_pattern($1, asterisk_var_lib_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, asterisk_runtime_t)
|
||||
')
|
||||
|
||||
@ -19,8 +19,8 @@ type asterisk_log_t;
|
||||
logging_log_file(asterisk_log_t)
|
||||
|
||||
type asterisk_runtime_t alias asterisk_var_run_t;
|
||||
files_pid_file(asterisk_runtime_t)
|
||||
init_daemon_pid_file(asterisk_runtime_t, dir, "asterisk")
|
||||
files_runtime_file(asterisk_runtime_t)
|
||||
init_daemon_runtime_file(asterisk_runtime_t, dir, "asterisk")
|
||||
|
||||
type asterisk_spool_t;
|
||||
files_type(asterisk_spool_t)
|
||||
@ -76,7 +76,7 @@ manage_files_pattern(asterisk_t, asterisk_var_lib_t, asterisk_var_lib_t)
|
||||
manage_files_pattern(asterisk_t, asterisk_runtime_t, asterisk_runtime_t)
|
||||
manage_fifo_files_pattern(asterisk_t, asterisk_runtime_t, asterisk_runtime_t)
|
||||
manage_sock_files_pattern(asterisk_t, asterisk_runtime_t, asterisk_runtime_t)
|
||||
files_pid_filetrans(asterisk_t, asterisk_runtime_t, file)
|
||||
files_runtime_filetrans(asterisk_t, asterisk_runtime_t, file)
|
||||
|
||||
can_exec(asterisk_t, asterisk_exec_t)
|
||||
|
||||
|
||||
@ -155,6 +155,6 @@ interface(`automount_admin',`
|
||||
files_list_tmp($1)
|
||||
admin_pattern($1, automount_tmp_t)
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, automount_runtime_t)
|
||||
')
|
||||
|
||||
@ -19,7 +19,7 @@ type automount_lock_t;
|
||||
files_lock_file(automount_lock_t)
|
||||
|
||||
type automount_runtime_t alias automount_var_run_t;
|
||||
files_pid_file(automount_runtime_t)
|
||||
files_runtime_file(automount_runtime_t)
|
||||
|
||||
type automount_tmp_t;
|
||||
files_tmp_file(automount_tmp_t)
|
||||
@ -55,7 +55,7 @@ files_root_filetrans(automount_t, automount_tmp_t, dir)
|
||||
|
||||
manage_files_pattern(automount_t, automount_runtime_t, automount_runtime_t)
|
||||
manage_fifo_files_pattern(automount_t, automount_runtime_t, automount_runtime_t)
|
||||
files_pid_filetrans(automount_t, automount_runtime_t, { file fifo_file })
|
||||
files_runtime_filetrans(automount_t, automount_runtime_t, { file fifo_file })
|
||||
|
||||
kernel_read_kernel_sysctls(automount_t)
|
||||
kernel_read_irq_sysctls(automount_t)
|
||||
|
||||
@ -129,7 +129,7 @@ interface(`avahi_stream_connect',`
|
||||
type avahi_t, avahi_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
stream_connect_pattern($1, avahi_runtime_t, avahi_runtime_t, avahi_t)
|
||||
')
|
||||
|
||||
@ -178,7 +178,7 @@ interface(`avahi_setattr_runtime_dirs',`
|
||||
type avahi_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
allow $1 avahi_runtime_t:dir setattr_dir_perms;
|
||||
')
|
||||
|
||||
@ -197,7 +197,7 @@ interface(`avahi_create_runtime_dirs',`
|
||||
type avahi_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
allow $1 avahi_runtime_t:dir create_dir_perms;
|
||||
')
|
||||
|
||||
@ -273,7 +273,7 @@ interface(`avahi_manage_runtime_files',`
|
||||
type avahi_runtime_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
manage_files_pattern($1, avahi_runtime_t, avahi_runtime_t)
|
||||
')
|
||||
|
||||
@ -322,7 +322,7 @@ interface(`avahi_filetrans_runtime',`
|
||||
type avahi_runtime_t;
|
||||
')
|
||||
|
||||
files_pid_filetrans($1, avahi_runtime_t, $2, $3)
|
||||
files_runtime_filetrans($1, avahi_runtime_t, $2, $3)
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -353,7 +353,7 @@ interface(`avahi_admin',`
|
||||
|
||||
init_startstop_service($1, $2, avahi_t, avahi_initrc_exec_t)
|
||||
|
||||
files_search_pids($1)
|
||||
files_search_runtime($1)
|
||||
admin_pattern($1, avahi_runtime_t)
|
||||
|
||||
files_search_var_lib($1)
|
||||
|
||||
@ -14,13 +14,13 @@ type avahi_initrc_exec_t;
|
||||
init_script_file(avahi_initrc_exec_t)
|
||||
|
||||
type avahi_runtime_t alias avahi_var_run_t;
|
||||
files_pid_file(avahi_runtime_t)
|
||||
files_runtime_file(avahi_runtime_t)
|
||||
|
||||
type avahi_unit_t;
|
||||
init_unit_file(avahi_unit_t)
|
||||
|
||||
type avahi_var_lib_t;
|
||||
files_pid_file(avahi_var_lib_t)
|
||||
files_runtime_file(avahi_var_lib_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -43,7 +43,7 @@ manage_dirs_pattern(avahi_t, avahi_runtime_t, avahi_runtime_t)
|
||||
manage_files_pattern(avahi_t, avahi_runtime_t, avahi_runtime_t)
|
||||
manage_sock_files_pattern(avahi_t, avahi_runtime_t, avahi_runtime_t)
|
||||
allow avahi_t avahi_runtime_t:dir setattr_dir_perms;
|
||||
files_pid_filetrans(avahi_t, avahi_runtime_t, { dir file })
|
||||
files_runtime_filetrans(avahi_t, avahi_runtime_t, { dir file })
|
||||
|
||||
kernel_read_kernel_sysctls(avahi_t)
|
||||
kernel_read_network_state(avahi_t)
|
||||
|
||||
@ -367,6 +367,6 @@ interface(`bind_admin',`
|
||||
files_list_var($1)
|
||||
admin_pattern($1, { dnssec_t named_cache_t named_zone_t })
|
||||
|
||||
files_list_pids($1)
|
||||
files_list_runtime($1)
|
||||
admin_pattern($1, named_runtime_t)
|
||||
')
|
||||
|
||||
@ -51,8 +51,8 @@ type named_log_t;
|
||||
logging_log_file(named_log_t)
|
||||
|
||||
type named_runtime_t alias named_var_run_t;
|
||||
files_pid_file(named_runtime_t)
|
||||
init_daemon_pid_file(named_runtime_t, dir, "named")
|
||||
files_runtime_file(named_runtime_t)
|
||||
init_daemon_runtime_file(named_runtime_t, dir, "named")
|
||||
|
||||
type named_tmp_t;
|
||||
files_tmp_file(named_tmp_t)
|
||||
@ -104,7 +104,7 @@ files_tmp_filetrans(named_t, named_tmp_t, { file dir })
|
||||
manage_dirs_pattern(named_t, named_runtime_t, named_runtime_t)
|
||||
manage_files_pattern(named_t, named_runtime_t, named_runtime_t)
|
||||
manage_sock_files_pattern(named_t, named_runtime_t, named_runtime_t)
|
||||
files_pid_filetrans(named_t, named_runtime_t, { dir file sock_file })
|
||||
files_runtime_filetrans(named_t, named_runtime_t, { dir file sock_file })
|
||||
|
||||
can_exec(named_t, named_exec_t)
|
||||
|
||||
@ -244,7 +244,7 @@ corenet_sendrecv_rndc_client_packets(ndc_t)
|
||||
|
||||
domain_use_interactive_fds(ndc_t)
|
||||
|
||||
files_search_pids(ndc_t)
|
||||
files_search_runtime(ndc_t)
|
||||
|
||||
fs_getattr_xattr_fs(ndc_t)
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user