RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove rhgb_domain and update for optional_policy() behavior change

This commit is contained in:
Chris PeBenito 2005-11-25 19:41:25 +00:00
parent 09741b1f0e
commit 33d087189d
1 changed files with 23 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
docs/macro_conversion_guide
View File

@ -87,7 +87,7 @@ corecmd_exec_shell($1)
files_read_etc_runtime_files($1) files_read_etc_runtime_files($1)
mta_append_spool($1) mta_append_spool($1)
ifdef(`TODO',` ifdef(`TODO',`
optional_policy(`arpwatch.te',` optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t? # why is mail delivered to a directory of type arpwatch_data_t?
allow mta_delivery_agent arpwatch_data_t:dir search; allow mta_delivery_agent arpwatch_data_t:dir search;
') ')
@ -105,25 +105,25 @@ allow mta_user_agent privmail:fd use;
allow mta_user_agent privmail:process sigchld; allow mta_user_agent privmail:process sigchld;
allow mta_user_agent privmail:fifo_file { read write }; allow mta_user_agent privmail:fifo_file { read write };
allow mta_user_agent sysadm_t:fifo_file { read write }; allow mta_user_agent sysadm_t:fifo_file { read write };
optional_policy(`arpwatch.te',` optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t? # why is mail delivered to a directory of type arpwatch_data_t?
allow mta_user_agent arpwatch_tmp_t:file rw_file_perms; allow mta_user_agent arpwatch_tmp_t:file rw_file_perms;
ifdef(`hide_broken_symptoms', ` ifdef(`hide_broken_symptoms', `
dontaudit mta_user_agent arpwatch_t:packet_socket { read write }; dontaudit mta_user_agent arpwatch_t:packet_socket { read write };
') ')
') ')
optional_policy(`cron.te',` optional_policy(`cron',`
cron_sigchld($1) cron_sigchld($1)
cron_read_system_job_tmp_files($1) cron_read_system_job_tmp_files($1)
') ')
optional_policy(`logrotate.te',` optional_policy(`logrotate',`
logrotate_read_tmp_files($1) logrotate_read_tmp_files($1)
') ')
# #
# nscd_client_domain: complete # nscd_client_domain: complete
# #
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1) nscd_use_socket($1)
') ')
@ -135,14 +135,14 @@ domain_wide_inherit_fd($1)
# #
# privlog: complete # privlog: complete
# #
optional_policy(`logging.te',` optional_policy(`logging',`
logging_send_syslog_msg($1) logging_send_syslog_msg($1)
') ')
# #
# privmail: complete # privmail: complete
# #
optional_policy(`mta.te',` optional_policy(`mta',`
mta_send_mail($1) mta_send_mail($1)
') ')
@ -209,7 +209,7 @@ seutil_read_default_contexts($1)
# #
# web_client_domain: # web_client_domain:
# #
optional_policy(`squid.te',` optional_policy(`squid',`
squid_use($1) squid_use($1)
') ')
@ -386,7 +386,7 @@ selinux_compute_user_contexts($1)
# #
# can_kerberos(): complete # can_kerberos(): complete
# #
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1) kerberos_use($1)
') ')
@ -417,7 +417,7 @@ corenet_udp_sendrecv_all_ports($1)
corenet_tcp_bind_all_nodes($1) corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1) corenet_udp_bind_all_nodes($1)
sysnet_read_config($1) sysnet_read_config($1)
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request($1) mount_send_nfs_client_request($1)
') ')
@ -440,7 +440,7 @@ sysnet_read_config($1)
# (remove _port_t from $2): # (remove _port_t from $2):
corenet_tcp_sendrecv_$2_port($1) corenet_tcp_sendrecv_$2_port($1)
corenet_udp_sendrecv_$2_port($1) corenet_udp_sendrecv_$2_port($1)
optional_policy(`mount.te',` optional_policy(`mount',`
mount_send_nfs_client_request($1) mount_send_nfs_client_request($1)
') ')
@ -720,14 +720,14 @@ allow $1 $2:unix_dgram_socket sendto;
# #
# can_winbind(): complete # can_winbind(): complete
# #
optional_policy(`samba.te',` optional_policy(`samba',`
samba_connect_winbind($1) samba_connect_winbind($1)
') ')
# #
# can_ypbind(): complete # can_ypbind(): complete
# #
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1) nis_use_ypbind($1)
') ')
@ -777,17 +777,12 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty($1_t) term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t) files_dontaudit_read_root_file($1_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t) seutil_sigchld_newrole($1_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db($1_t) udev_read_db($1_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain($1_t)
')
') dnl end TODO
# #
# daemon_domain(): # daemon_domain():
@ -823,17 +818,12 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty($1_t) term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t) files_dontaudit_read_root_file($1_t)
') ')
optional_policy(`selinuxutil.te',` optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t) seutil_sigchld_newrole($1_t)
') ')
optional_policy(`udev.te', ` optional_policy(`udev',`
udev_read_db($1_t) udev_read_db($1_t)
') ')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain($1_t)
')
') dnl end TODO
# #
# daemon_sub_domain(): # daemon_sub_domain():
@ -905,7 +895,7 @@ allow $1 self:msgq create_msgq_perms;
allow $1 self:msg { send receive }; allow $1 self:msg { send receive };
fs_search_auto_mountpoints($1) fs_search_auto_mountpoints($1)
userdom_use_unpriv_users_fd($1) userdom_use_unpriv_users_fd($1)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1) nis_use_ypbind($1)
') ')
@ -945,7 +935,7 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty($1_t) term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t) files_dontaudit_read_root_file($1_t)
') ')
optional_policy(`udev.te',` optional_policy(`udev',`
udev_read_db($1_t) udev_read_db($1_t)
') ')
@ -968,7 +958,7 @@ allow $1_t self:tcp_socket connected_stream_socket_perms;
allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms; allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow $1_t self:capability { setuid setgid }; allow $1_t self:capability { setuid setgid };
files_search_home($1_t) files_search_home($1_t)
optional_policy(`kerberos.te',` optional_policy(`kerberos',`
kerberos_use($1_t) kerberos_use($1_t)
') ')
#end for identd #end for identd
@ -999,10 +989,10 @@ libs_use_shared_libs($1_t)
logging_send_syslog_msg($1_t) logging_send_syslog_msg($1_t)
miscfiles_read_localization($1_t) miscfiles_read_localization($1_t)
sysnet_read_config($1_t) sysnet_read_config($1_t)
optional_policy(`nis.te',` optional_policy(`nis',`
nis_use_ypbind($1_t) nis_use_ypbind($1_t)
') ')
optional_policy(`nscd.te',` optional_policy(`nscd',`
nscd_use_socket($1_t) nscd_use_socket($1_t)
') ')
@ -1136,7 +1126,7 @@ allow $1 $2:lnk_file { getattr read };
# #
# system_crond_entry(): # system_crond_entry():
# #
optional_policy(`cron.te',` optional_policy(`cron',`
cron_system_entry($2,$1) cron_system_entry($2,$1)
') ')