mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-04-01 22:58:20 +00:00
trunk: 7 patches from dan.
This commit is contained in:
Chris PeBenito
parent
ba796982df
commit
657c226c40
@ -21,10 +21,10 @@ interface(`fetchmail_admin',`
|
|||||||
ps_process_pattern($1, fetchmail_t)
|
ps_process_pattern($1, fetchmail_t)
|
||||||
|
|
||||||
files_list_etc($1)
|
files_list_etc($1)
|
||||||
manage_files_pattern($1, fetchmail_etc_t, fetchmail_etc_t)
|
admin_pattern($1, fetchmail_etc_t)
|
||||||
|
|
||||||
manage_files_pattern($1, fetchmail_uidl_cache_t, fetchmail_uidl_cache_t)
|
admin_pattern($1, fetchmail_uidl_cache_t)
|
||||||
|
|
||||||
files_list_pids($1)
|
files_list_pids($1)
|
||||||
manage_files_pattern($1, fetchmail_var_run_t, fetchmail_var_run_t)
|
admin_pattern($1, fetchmail_var_run_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(fetchmail, 1.7.1)
|
policy_module(fetchmail, 1.7.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -86,6 +86,10 @@ optional_policy(`
|
|||||||
procmail_domtrans(fetchmail_t)
|
procmail_domtrans(fetchmail_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
sendmail_manage_log(fetchmail_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
seutil_sigchld_newrole(fetchmail_t)
|
seutil_sigchld_newrole(fetchmail_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(portmap, 1.7.1)
|
policy_module(portmap, 1.7.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -41,9 +41,8 @@ files_tmp_filetrans(portmap_t, portmap_tmp_t, { file dir })
|
|||||||
manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
|
manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
|
||||||
files_pid_filetrans(portmap_t, portmap_var_run_t, file)
|
files_pid_filetrans(portmap_t, portmap_var_run_t, file)
|
||||||
|
|
||||||
|
kernel_read_system_state(portmap_t)
|
||||||
kernel_read_kernel_sysctls(portmap_t)
|
kernel_read_kernel_sysctls(portmap_t)
|
||||||
kernel_list_proc(portmap_t)
|
|
||||||
kernel_read_proc_symlinks(portmap_t)
|
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(portmap_t)
|
corenet_all_recvfrom_unlabeled(portmap_t)
|
||||||
corenet_all_recvfrom_netlabel(portmap_t)
|
corenet_all_recvfrom_netlabel(portmap_t)
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(radius, 1.9.1)
|
policy_module(radius, 1.9.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -59,8 +59,9 @@ logging_log_filetrans(radiusd_t, radiusd_log_t,{ file dir })
|
|||||||
|
|
||||||
manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t)
|
manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t)
|
||||||
|
|
||||||
|
manage_sock_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
|
||||||
manage_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
|
manage_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
|
||||||
files_pid_filetrans(radiusd_t, radiusd_var_run_t, file)
|
files_pid_filetrans(radiusd_t, radiusd_var_run_t, { file sock_file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(radiusd_t)
|
kernel_read_kernel_sysctls(radiusd_t)
|
||||||
kernel_read_system_state(radiusd_t)
|
kernel_read_system_state(radiusd_t)
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/etc/rc.d/init.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
|
/etc/rc\.d/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
|
||||||
|
|
||||||
/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0)
|
/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0)
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(rpcbind, 1.2.0)
|
policy_module(rpcbind, 1.2.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -60,6 +60,7 @@ corenet_udp_bind_all_rpc_ports(rpcbind_t)
|
|||||||
domain_use_interactive_fds(rpcbind_t)
|
domain_use_interactive_fds(rpcbind_t)
|
||||||
|
|
||||||
files_read_etc_files(rpcbind_t)
|
files_read_etc_files(rpcbind_t)
|
||||||
|
files_read_etc_runtime_files(rpcbind_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(rpcbind_t)
|
logging_send_syslog_msg(rpcbind_t)
|
||||||
|
|
||||||
|
|||||||
@ -3,4 +3,4 @@
|
|||||||
|
|
||||||
/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
|
/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
|
||||||
|
|
||||||
/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_log_t,s0)
|
/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(rsync, 1.7.0)
|
policy_module(rsync, 1.7.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -45,7 +45,7 @@ files_pid_file(rsync_var_run_t)
|
|||||||
# Local policy
|
# Local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow rsync_t self:capability { dac_read_search dac_override setuid setgid sys_chroot };
|
allow rsync_t self:capability { chown dac_read_search dac_override fowner fsetid setuid setgid sys_chroot };
|
||||||
allow rsync_t self:process signal_perms;
|
allow rsync_t self:process signal_perms;
|
||||||
allow rsync_t self:fifo_file rw_fifo_file_perms;
|
allow rsync_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow rsync_t self:tcp_socket create_stream_socket_perms;
|
allow rsync_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(sysstat, 1.3.1)
|
policy_module(sysstat, 1.3.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -47,6 +47,7 @@ files_read_etc_runtime_files(sysstat_t)
|
|||||||
files_read_etc_files(sysstat_t)
|
files_read_etc_files(sysstat_t)
|
||||||
|
|
||||||
fs_getattr_xattr_fs(sysstat_t)
|
fs_getattr_xattr_fs(sysstat_t)
|
||||||
|
fs_list_inotifyfs(sysstat_t)
|
||||||
|
|
||||||
term_use_console(sysstat_t)
|
term_use_console(sysstat_t)
|
||||||
term_use_all_terms(sysstat_t)
|
term_use_all_terms(sysstat_t)
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(tftp, 1.9.1)
|
policy_module(tftp, 1.9.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -75,6 +75,7 @@ fs_search_auto_mountpoints(tftpd_t)
|
|||||||
domain_use_interactive_fds(tftpd_t)
|
domain_use_interactive_fds(tftpd_t)
|
||||||
|
|
||||||
files_read_etc_files(tftpd_t);
|
files_read_etc_files(tftpd_t);
|
||||||
|
files_read_etc_runtime_files(tftpd_t);
|
||||||
files_read_var_files(tftpd_t)
|
files_read_var_files(tftpd_t)
|
||||||
files_read_var_symlinks(tftpd_t)
|
files_read_var_symlinks(tftpd_t)
|
||||||
files_search_var(tftpd_t)
|
files_search_var(tftpd_t)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user