corenet/sysadm: Move lines.
This commit is contained in:
Chris PeBenito
parent
25a5b24274
commit
412fc7e7fd
|
|
@ -211,6 +211,60 @@ interface(`corenet_spd_type',`
|
|||
typeattribute $1 ipsec_spd_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Define type to be an infiniband pkey type
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Define type to be an infiniband pkey type
|
||||
## </p>
|
||||
## <p>
|
||||
## This is for supporting third party modules and its
|
||||
## use is not allowed in upstream reference policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Type to be used for infiniband pkeys.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_ib_pkey',`
|
||||
gen_require(`
|
||||
attribute ibpkey_type;
|
||||
')
|
||||
|
||||
typeattribute $1 ibpkey_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Define type to be an infiniband endport
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Define type to be an infiniband endport
|
||||
## </p>
|
||||
## <p>
|
||||
## This is for supporting third party modules and its
|
||||
## use is not allowed in upstream reference policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Type to be used for infiniband endports.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_ib_endport',`
|
||||
gen_require(`
|
||||
attribute ibendport_type;
|
||||
')
|
||||
|
||||
typeattribute $1 ibendport_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive TCP network traffic on generic interfaces.
|
||||
|
|
@ -3117,51 +3171,6 @@ interface(`corenet_relabelto_all_packets',`
|
|||
allow $1 packet_type:packet relabelto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Unconfined access to network objects.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_unconfined',`
|
||||
gen_require(`
|
||||
attribute corenet_unconfined_type;
|
||||
')
|
||||
|
||||
typeattribute $1 corenet_unconfined_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Define type to be an infiniband pkey type
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Define type to be an infiniband pkey type
|
||||
## </p>
|
||||
## <p>
|
||||
## This is for supporting third party modules and its
|
||||
## use is not allowed in upstream reference policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Type to be used for infiniband pkeys.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_ib_pkey',`
|
||||
gen_require(`
|
||||
attribute ibpkey_type;
|
||||
')
|
||||
|
||||
typeattribute $1 ibpkey_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Access unlabeled infiniband pkeys.
|
||||
|
|
@ -3194,33 +3203,6 @@ interface(`corenet_ib_access_all_pkeys',`
|
|||
allow $1 ibpkey_type:infiniband_pkey access;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Define type to be an infiniband endport
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Define type to be an infiniband endport
|
||||
## </p>
|
||||
## <p>
|
||||
## This is for supporting third party modules and its
|
||||
## use is not allowed in upstream reference policy.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Type to be used for infiniband endports.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_ib_endport',`
|
||||
gen_require(`
|
||||
attribute ibendport_type;
|
||||
')
|
||||
|
||||
typeattribute $1 ibendport_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Manage subnets on all labeled Infiniband endports
|
||||
|
|
@ -3252,3 +3234,21 @@ interface(`corenet_ib_manage_subnet_all_endports',`
|
|||
interface(`corenet_ib_manage_subnet_unlabeled_endports',`
|
||||
kernel_ib_manage_subnet_unlabeled_endports($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Unconfined access to network objects.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_unconfined',`
|
||||
gen_require(`
|
||||
attribute corenet_unconfined_type;
|
||||
')
|
||||
|
||||
typeattribute $1 corenet_unconfined_type;
|
||||
')
|
||||
|
|
|
|||
|
|
@ -27,6 +27,9 @@ ifndef(`enable_mls',`
|
|||
|
||||
corecmd_exec_shell(sysadm_t)
|
||||
|
||||
corenet_ib_access_unlabeled_pkeys(sysadm_t)
|
||||
corenet_ib_manage_subnet_unlabeled_endports(sysadm_t)
|
||||
|
||||
dev_read_kmsg(sysadm_t)
|
||||
|
||||
mls_process_read_all_levels(sysadm_t)
|
||||
|
|
@ -46,9 +49,6 @@ selinux_read_policy(sysadm_t)
|
|||
userdom_manage_user_home_dirs(sysadm_t)
|
||||
userdom_home_filetrans_user_home_dir(sysadm_t)
|
||||
|
||||
corenet_ib_access_unlabeled_pkeys(sysadm_t)
|
||||
corenet_ib_manage_subnet_unlabeled_endports(sysadm_t)
|
||||
|
||||
ifdef(`direct_sysadm_daemon',`
|
||||
optional_policy(`
|
||||
init_run_daemon(sysadm_t, sysadm_r)
|
||||
|
|
|
|||
Loading…
Reference in New Issue