Replace deprecated *_except_shadow macro calls with *_except_auth_files calls.
This commit is contained in:
Matthew Ife
Chris PeBenito
parent
61fb2009ad
commit
4ff4e1c505
|
|
@ -140,8 +140,8 @@ storage_raw_write_fixed_disk(dpkg_t)
|
|||
# for installing kernel packages
|
||||
storage_raw_read_fixed_disk(dpkg_t)
|
||||
|
||||
auth_relabel_all_files_except_shadow(dpkg_t)
|
||||
auth_manage_all_files_except_shadow(dpkg_t)
|
||||
auth_relabel_all_files_except_auth_files(dpkg_t)
|
||||
auth_manage_all_files_except_auth_files(dpkg_t)
|
||||
auth_dontaudit_read_shadow(dpkg_t)
|
||||
|
||||
files_exec_etc_files(dpkg_t)
|
||||
|
|
@ -286,7 +286,7 @@ term_use_all_terms(dpkg_script_t)
|
|||
|
||||
auth_dontaudit_getattr_shadow(dpkg_script_t)
|
||||
# ideally we would not need this
|
||||
auth_manage_all_files_except_shadow(dpkg_script_t)
|
||||
auth_manage_all_files_except_auth_files(dpkg_script_t)
|
||||
|
||||
init_domtrans_script(dpkg_script_t)
|
||||
init_use_script_fds(dpkg_script_t)
|
||||
|
|
|
|||
|
|
@ -170,9 +170,9 @@ interface(`portage_compile_domain',`
|
|||
# needed for merging dbus:
|
||||
selinux_compute_access_vector($1)
|
||||
|
||||
auth_read_all_dirs_except_shadow($1)
|
||||
auth_read_all_files_except_shadow($1)
|
||||
auth_read_all_symlinks_except_shadow($1)
|
||||
auth_read_all_dirs_except_auth_files($1)
|
||||
auth_read_all_files_except_auth_files($1)
|
||||
auth_read_all_symlinks_except_auth_files($1)
|
||||
|
||||
libs_exec_lib_files($1)
|
||||
# some config scripts use ldd
|
||||
|
|
|
|||
|
|
@ -154,8 +154,8 @@ storage_raw_read_fixed_disk(rpm_t)
|
|||
|
||||
term_list_ptys(rpm_t)
|
||||
|
||||
auth_relabel_all_files_except_shadow(rpm_t)
|
||||
auth_manage_all_files_except_shadow(rpm_t)
|
||||
auth_relabel_all_files_except_auth_files(rpm_t)
|
||||
auth_manage_all_files_except_auth_files(rpm_t)
|
||||
auth_dontaudit_read_shadow(rpm_t)
|
||||
auth_use_nsswitch(rpm_t)
|
||||
|
||||
|
|
@ -304,7 +304,7 @@ term_use_all_terms(rpm_script_t)
|
|||
auth_dontaudit_getattr_shadow(rpm_script_t)
|
||||
auth_use_nsswitch(rpm_script_t)
|
||||
# ideally we would not need this
|
||||
auth_manage_all_files_except_shadow(rpm_script_t)
|
||||
auth_manage_all_files_except_auth_files(rpm_script_t)
|
||||
auth_relabel_shadow(rpm_script_t)
|
||||
|
||||
corecmd_exec_all_executables(rpm_script_t)
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ fs_list_inotifyfs(sosreport_t)
|
|||
|
||||
# some config files do not have configfile attribute
|
||||
# sosreport needs to read various files on system
|
||||
auth_read_all_files_except_shadow(sosreport_t)
|
||||
auth_read_all_files_except_auth_files(sosreport_t)
|
||||
auth_use_nsswitch(sosreport_t)
|
||||
|
||||
init_domtrans_script(sosreport_t)
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ fs_list_all(sxid_t)
|
|||
|
||||
term_dontaudit_use_console(sxid_t)
|
||||
|
||||
auth_read_all_files_except_shadow(sxid_t)
|
||||
auth_read_all_files_except_auth_files(sxid_t)
|
||||
auth_dontaudit_getattr_shadow(sxid_t)
|
||||
|
||||
init_use_fds(sxid_t)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(mozilla, 2.3.3)
|
||||
policy_module(mozilla, 2.3.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -334,9 +334,9 @@ optional_policy(`
|
|||
fs_read_noxattr_fs_files(kernel_t)
|
||||
fs_read_noxattr_fs_symlinks(kernel_t)
|
||||
|
||||
auth_read_all_dirs_except_shadow(kernel_t)
|
||||
auth_read_all_files_except_shadow(kernel_t)
|
||||
auth_read_all_symlinks_except_shadow(kernel_t)
|
||||
auth_read_all_dirs_except_auth_files(kernel_t)
|
||||
auth_read_all_files_except_auth_files(kernel_t)
|
||||
auth_read_all_symlinks_except_auth_files(kernel_t)
|
||||
')
|
||||
|
||||
tunable_policy(`nfs_export_all_rw',`
|
||||
|
|
@ -345,7 +345,7 @@ optional_policy(`
|
|||
fs_read_noxattr_fs_files(kernel_t)
|
||||
fs_read_noxattr_fs_symlinks(kernel_t)
|
||||
|
||||
auth_manage_all_files_except_shadow(kernel_t)
|
||||
auth_manage_all_files_except_auth_files(kernel_t)
|
||||
')
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ mls_file_upgrade(secadm_t)
|
|||
mls_file_downgrade(secadm_t)
|
||||
|
||||
auth_role(secadm_r, secadm_t)
|
||||
auth_relabel_all_files_except_shadow(secadm_t)
|
||||
auth_relabel_all_files_except_auth_files(secadm_t)
|
||||
auth_relabel_shadow(secadm_t)
|
||||
|
||||
init_exec(secadm_t)
|
||||
|
|
|
|||
|
|
@ -261,7 +261,7 @@ tunable_policy(`allow_ftpd_use_nfs && allow_ftpd_anon_write',`
|
|||
|
||||
tunable_policy(`allow_ftpd_full_access',`
|
||||
allow ftpd_t self:capability { dac_override dac_read_search };
|
||||
auth_manage_all_files_except_shadow(ftpd_t)
|
||||
auth_manage_all_files_except_auth_files(ftpd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`ftp_home_dir',`
|
||||
|
|
@ -394,7 +394,7 @@ tunable_policy(`sftpd_enable_homedirs && use_samba_home_dirs',`
|
|||
tunable_policy(`sftpd_full_access',`
|
||||
allow sftpd_t self:capability { dac_override dac_read_search };
|
||||
fs_read_noxattr_fs_files(sftpd_t)
|
||||
auth_manage_all_files_except_shadow(sftpd_t)
|
||||
auth_manage_all_files_except_auth_files(sftpd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`use_samba_home_dirs',`
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ sysnet_dns_name_resolve(puppet_t)
|
|||
sysnet_run_ifconfig(puppet_t, system_r)
|
||||
|
||||
tunable_policy(`puppet_manage_all_files',`
|
||||
auth_manage_all_files_except_shadow(puppet_t)
|
||||
auth_manage_all_files_except_auth_files(puppet_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ term_getattr_pty_fs(rgmanager_t)
|
|||
#term_use_ptmx(rgmanager_t)
|
||||
|
||||
# needed by resources scripts
|
||||
auth_read_all_files_except_shadow(rgmanager_t)
|
||||
auth_read_all_files_except_auth_files(rgmanager_t)
|
||||
auth_dontaudit_getattr_shadow(rgmanager_t)
|
||||
auth_use_nsswitch(rgmanager_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ tunable_policy(`nfs_export_all_rw',`
|
|||
dev_getattr_all_chr_files(nfsd_t)
|
||||
|
||||
fs_read_noxattr_fs_files(nfsd_t)
|
||||
auth_manage_all_files_except_shadow(nfsd_t)
|
||||
auth_manage_all_files_except_auth_files(nfsd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`nfs_export_all_ro',`
|
||||
|
|
@ -170,8 +170,8 @@ tunable_policy(`nfs_export_all_ro',`
|
|||
|
||||
fs_read_noxattr_fs_files(nfsd_t)
|
||||
|
||||
auth_read_all_dirs_except_shadow(nfsd_t)
|
||||
auth_read_all_files_except_shadow(nfsd_t)
|
||||
auth_read_all_dirs_except_auth_files(nfsd_t)
|
||||
auth_read_all_files_except_auth_files(nfsd_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
|
|||
|
|
@ -125,9 +125,9 @@ tunable_policy(`rsync_export_all_ro',`
|
|||
fs_read_noxattr_fs_files(rsync_t)
|
||||
fs_read_nfs_files(rsync_t)
|
||||
fs_read_cifs_files(rsync_t)
|
||||
auth_read_all_dirs_except_shadow(rsync_t)
|
||||
auth_read_all_files_except_shadow(rsync_t)
|
||||
auth_read_all_symlinks_except_shadow(rsync_t)
|
||||
auth_read_all_dirs_except_auth_files(rsync_t)
|
||||
auth_read_all_files_except_auth_files(rsync_t)
|
||||
auth_read_all_symlinks_except_auth_files(rsync_t)
|
||||
auth_tunable_read_shadow(rsync_t)
|
||||
')
|
||||
auth_can_read_shadow_passwords(rsync_t)
|
||||
|
|
|
|||
|
|
@ -450,18 +450,18 @@ tunable_policy(`samba_create_home_dirs',`
|
|||
|
||||
tunable_policy(`samba_export_all_ro',`
|
||||
fs_read_noxattr_fs_files(smbd_t)
|
||||
auth_read_all_dirs_except_shadow(smbd_t)
|
||||
auth_read_all_files_except_shadow(smbd_t)
|
||||
auth_read_all_dirs_except_auth_files(smbd_t)
|
||||
auth_read_all_files_except_auth_files(smbd_t)
|
||||
fs_read_noxattr_fs_files(nmbd_t)
|
||||
auth_read_all_dirs_except_shadow(nmbd_t)
|
||||
auth_read_all_files_except_shadow(nmbd_t)
|
||||
auth_read_all_dirs_except_auth_files(nmbd_t)
|
||||
auth_read_all_files_except_auth_files(nmbd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`samba_export_all_rw',`
|
||||
fs_read_noxattr_fs_files(smbd_t)
|
||||
auth_manage_all_files_except_shadow(smbd_t)
|
||||
auth_manage_all_files_except_auth_files(smbd_t)
|
||||
fs_read_noxattr_fs_files(nmbd_t)
|
||||
auth_manage_all_files_except_shadow(nmbd_t)
|
||||
auth_manage_all_files_except_auth_files(nmbd_t)
|
||||
userdom_user_home_dir_filetrans_user_home_content(nmbd_t, { file dir })
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ storage_dontaudit_read_fixed_disk(snmpd_t)
|
|||
storage_dontaudit_read_removable_device(snmpd_t)
|
||||
|
||||
auth_use_nsswitch(snmpd_t)
|
||||
auth_read_all_dirs_except_shadow(snmpd_t)
|
||||
auth_read_all_dirs_except_auth_files(snmpd_t)
|
||||
|
||||
init_read_utmp(snmpd_t)
|
||||
init_dontaudit_write_utmp(snmpd_t)
|
||||
|
|
|
|||
|
|
@ -142,8 +142,8 @@ ifdef(`distro_ubuntu',`
|
|||
')
|
||||
|
||||
tunable_policy(`allow_mount_anyfile',`
|
||||
auth_read_all_dirs_except_shadow(mount_t)
|
||||
auth_read_all_files_except_shadow(mount_t)
|
||||
auth_read_all_dirs_except_auth_files(mount_t)
|
||||
auth_read_all_files_except_auth_files(mount_t)
|
||||
files_mounton_non_security(mount_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -323,8 +323,8 @@ selinux_compute_create_context(restorecond_t)
|
|||
selinux_compute_relabel_context(restorecond_t)
|
||||
selinux_compute_user_contexts(restorecond_t)
|
||||
|
||||
auth_relabel_all_files_except_shadow(restorecond_t )
|
||||
auth_read_all_files_except_shadow(restorecond_t)
|
||||
auth_relabel_all_files_except_auth_files(restorecond_t )
|
||||
auth_read_all_files_except_auth_files(restorecond_t)
|
||||
auth_use_nsswitch(restorecond_t)
|
||||
|
||||
locallogin_dontaudit_use_fds(restorecond_t)
|
||||
|
|
|
|||
|
|
@ -1133,9 +1133,9 @@ template(`userdom_admin_user_template',`
|
|||
|
||||
auth_getattr_shadow($1_t)
|
||||
# Manage almost all files
|
||||
auth_manage_all_files_except_shadow($1_t)
|
||||
auth_manage_all_files_except_auth_files($1_t)
|
||||
# Relabel almost all files
|
||||
auth_relabel_all_files_except_shadow($1_t)
|
||||
auth_relabel_all_files_except_auth_files($1_t)
|
||||
|
||||
init_telinit($1_t)
|
||||
|
||||
|
|
@ -1223,7 +1223,7 @@ template(`userdom_security_admin_template',`
|
|||
selinux_set_all_booleans($1)
|
||||
selinux_set_parameters($1)
|
||||
|
||||
auth_relabel_all_files_except_shadow($1)
|
||||
auth_relabel_all_files_except_auth_files($1)
|
||||
auth_relabel_shadow($1)
|
||||
|
||||
init_exec($1)
|
||||
|
|
|
|||
Loading…
Reference in New Issue