fix for netfilter_contexts
This commit is contained in:
Chris PeBenito
parent
e50a55b9a4
commit
4bc6e32e28
|
|
@ -706,7 +706,6 @@ interface(`seutil_search_default_contexts',`
|
||||||
allow $1 { selinux_config_t default_context_t }:dir search;
|
allow $1 { selinux_config_t default_context_t }:dir search;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read the default_contexts files.
|
## Read the default_contexts files.
|
||||||
|
|
@ -723,10 +722,30 @@ interface(`seutil_read_default_contexts',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 selinux_config_t:dir search;
|
allow $1 selinux_config_t:dir search_dir_perms;
|
||||||
allow $1 default_context_t:dir r_dir_perms;
|
allow $1 default_context_t:dir list_dir_perms;
|
||||||
allow $1 default_context_t:file r_file_perms;
|
allow $1 default_context_t:file r_file_perms;
|
||||||
allow $1 default_context_t:lnk_file { getattr read };
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Create, read, write, and delete the default_contexts files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`seutil_manage_default_contexts',`
|
||||||
|
gen_require(`
|
||||||
|
type selinux_config_t, default_context_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
|
allow $1 selinux_config_t:dir search_dir_perms;
|
||||||
|
allow $1 default_context_t:dir rw_dir_perms;
|
||||||
|
allow $1 default_context_t:file manage_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|
@ -789,7 +808,7 @@ interface(`seutil_manage_file_contexts',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
allow $1 selinux_config_t:dir search_dir_perms;
|
allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
|
||||||
allow $1 file_context_t:dir rw_dir_perms;
|
allow $1 file_context_t:dir rw_dir_perms;
|
||||||
allow $1 file_context_t:file manage_file_perms;
|
allow $1 file_context_t:file manage_file_perms;
|
||||||
')
|
')
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(selinuxutil,1.2.10)
|
policy_module(selinuxutil,1.2.11)
|
||||||
|
|
||||||
ifdef(`strict_policy',`
|
ifdef(`strict_policy',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
|
|
@ -593,7 +593,6 @@ logging_send_syslog_msg(semanage_t)
|
||||||
|
|
||||||
miscfiles_read_localization(semanage_t)
|
miscfiles_read_localization(semanage_t)
|
||||||
|
|
||||||
seutil_search_default_contexts(semanage_t)
|
|
||||||
seutil_manage_file_contexts(semanage_t)
|
seutil_manage_file_contexts(semanage_t)
|
||||||
seutil_manage_selinux_config(semanage_t)
|
seutil_manage_selinux_config(semanage_t)
|
||||||
seutil_domtrans_setfiles(semanage_t)
|
seutil_domtrans_setfiles(semanage_t)
|
||||||
|
|
@ -604,6 +603,8 @@ seutil_use_newrole_fds(semanage_t)
|
||||||
seutil_manage_module_store(semanage_t)
|
seutil_manage_module_store(semanage_t)
|
||||||
seutil_get_semanage_trans_lock(semanage_t)
|
seutil_get_semanage_trans_lock(semanage_t)
|
||||||
seutil_get_semanage_read_lock(semanage_t)
|
seutil_get_semanage_read_lock(semanage_t)
|
||||||
|
# netfilter_contexts:
|
||||||
|
seutil_manage_default_contexts(semanage_t)
|
||||||
|
|
||||||
userdom_search_sysadm_home_dirs(semanage_t)
|
userdom_search_sysadm_home_dirs(semanage_t)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue