trunk: Backup update on Debian from Vaclav Ovsik.
This commit is contained in:
Chris PeBenito
parent
51223bfc56
commit
45b56b01e8
|
|
@ -1,4 +1,5 @@
|
||||||
- Cracklib update on Deban from Vaclav Ovsik.
|
- Backup update on Debian from Vaclav Ovsik.
|
||||||
|
- Cracklib update on Debian from Vaclav Ovsik.
|
||||||
- Label /proc/kallsyms with system_map_t.
|
- Label /proc/kallsyms with system_map_t.
|
||||||
- 64-bit capabilities from Stephen Smalley.
|
- 64-bit capabilities from Stephen Smalley.
|
||||||
- Labeled networking peer object class updates.
|
- Labeled networking peer object class updates.
|
||||||
|
|
|
||||||
|
|
@ -4,4 +4,10 @@
|
||||||
# backup_store_t, Debian uses /var/backups
|
# backup_store_t, Debian uses /var/backups
|
||||||
|
|
||||||
#/usr/local/bin/backup-script -- gen_context(system_u:object_r:backup_exec_t,s0)
|
#/usr/local/bin/backup-script -- gen_context(system_u:object_r:backup_exec_t,s0)
|
||||||
|
|
||||||
|
ifdef(`distro_debian',`
|
||||||
|
/etc/cron.daily/aptitude -- gen_context(system_u:object_r:backup_exec_t,s0)
|
||||||
|
/etc/cron.daily/standard -- gen_context(system_u:object_r:backup_exec_t,s0)
|
||||||
|
')
|
||||||
|
|
||||||
/var/backups(/.*)? gen_context(system_u:object_r:backup_store_t,s0)
|
/var/backups(/.*)? gen_context(system_u:object_r:backup_store_t,s0)
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(backup,1.2.0)
|
policy_module(backup,1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|
@ -27,7 +27,7 @@ allow backup_t self:tcp_socket create_socket_perms;
|
||||||
allow backup_t self:udp_socket create_socket_perms;
|
allow backup_t self:udp_socket create_socket_perms;
|
||||||
|
|
||||||
allow backup_t backup_store_t:file setattr;
|
allow backup_t backup_store_t:file setattr;
|
||||||
create_files_pattern(backup_t,backup_store_t,backup_store_t)
|
manage_files_pattern(backup_t,backup_store_t,backup_store_t)
|
||||||
rw_files_pattern(backup_t,backup_store_t,backup_store_t)
|
rw_files_pattern(backup_t,backup_store_t,backup_store_t)
|
||||||
read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t)
|
read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t)
|
||||||
|
|
||||||
|
|
@ -35,6 +35,7 @@ kernel_read_system_state(backup_t)
|
||||||
kernel_read_kernel_sysctls(backup_t)
|
kernel_read_kernel_sysctls(backup_t)
|
||||||
|
|
||||||
corecmd_exec_bin(backup_t)
|
corecmd_exec_bin(backup_t)
|
||||||
|
corecmd_exec_shell(backup_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(backup_t)
|
corenet_all_recvfrom_unlabeled(backup_t)
|
||||||
corenet_all_recvfrom_netlabel(backup_t)
|
corenet_all_recvfrom_netlabel(backup_t)
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
/usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
/usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
||||||
|
|
||||||
ifdef(`distro_debian', `
|
ifdef(`distro_debian', `
|
||||||
/usr/bin/savelog -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
|
||||||
/var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
/var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
||||||
', `
|
', `
|
||||||
/var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
/var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(logrotate,1.7.0)
|
policy_module(logrotate,1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue