RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix ordering of interface calls in locallogin.

This commit is contained in:
Chris PeBenito 2009-08-05 10:06:04 -04:00
parent e6985f91ab
commit 8cd1306e5b
1 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
policy/modules/system/locallogin.te
View File

@ -61,6 +61,13 @@ kernel_read_kernel_sysctls(local_login_t)
kernel_search_key(local_login_t) kernel_search_key(local_login_t)
kernel_link_key(local_login_t) kernel_link_key(local_login_t)
corecmd_list_bin(local_login_t)
corecmd_read_bin_symlinks(local_login_t)
# cjp: these are probably not needed:
corecmd_read_bin_files(local_login_t)
corecmd_read_bin_pipes(local_login_t)
corecmd_read_bin_sockets(local_login_t)
dev_setattr_mouse_dev(local_login_t) dev_setattr_mouse_dev(local_login_t)
dev_getattr_mouse_dev(local_login_t) dev_getattr_mouse_dev(local_login_t)
dev_getattr_power_mgmt_dev(local_login_t) dev_getattr_power_mgmt_dev(local_login_t)
@ -84,6 +91,20 @@ dev_dontaudit_search_sysfs(local_login_t)
dev_dontaudit_getattr_video_dev(local_login_t) dev_dontaudit_getattr_video_dev(local_login_t)
dev_dontaudit_setattr_video_dev(local_login_t) dev_dontaudit_setattr_video_dev(local_login_t)
domain_read_all_entry_files(local_login_t)
files_read_etc_files(local_login_t)
files_read_etc_runtime_files(local_login_t)
files_read_usr_files(local_login_t)
files_list_mnt(local_login_t)
files_list_world_readable(local_login_t)
files_read_world_readable_files(local_login_t)
files_read_world_readable_symlinks(local_login_t)
files_read_world_readable_pipes(local_login_t)
files_read_world_readable_sockets(local_login_t)
# for when /var/mail is a symlink
files_read_var_symlinks(local_login_t)
fs_search_auto_mountpoints(local_login_t) fs_search_auto_mountpoints(local_login_t)
storage_dontaudit_getattr_fixed_disk_dev(local_login_t) storage_dontaudit_getattr_fixed_disk_dev(local_login_t)
@ -104,27 +125,6 @@ auth_manage_pam_pid(local_login_t)
auth_manage_pam_console_data(local_login_t) auth_manage_pam_console_data(local_login_t)
auth_domtrans_pam_console(local_login_t) auth_domtrans_pam_console(local_login_t)
corecmd_list_bin(local_login_t)
corecmd_read_bin_symlinks(local_login_t)
# cjp: these are probably not needed:
corecmd_read_bin_files(local_login_t)
corecmd_read_bin_pipes(local_login_t)
corecmd_read_bin_sockets(local_login_t)
domain_read_all_entry_files(local_login_t)
files_read_etc_files(local_login_t)
files_read_etc_runtime_files(local_login_t)
files_read_usr_files(local_login_t)
files_list_mnt(local_login_t)
files_list_world_readable(local_login_t)
files_read_world_readable_files(local_login_t)
files_read_world_readable_symlinks(local_login_t)
files_read_world_readable_pipes(local_login_t)
files_read_world_readable_sockets(local_login_t)
# for when /var/mail is a symlink
files_read_var_symlinks(local_login_t)
init_dontaudit_use_fds(local_login_t) init_dontaudit_use_fds(local_login_t)
miscfiles_read_localization(local_login_t) miscfiles_read_localization(local_login_t)
@ -219,6 +219,8 @@ files_read_etc_files(sulogin_t)
# because file systems are not mounted: # because file systems are not mounted:
files_dontaudit_search_isid_type_dirs(sulogin_t) files_dontaudit_search_isid_type_dirs(sulogin_t)
auth_read_shadow(sulogin_t)
init_getpgid_script(sulogin_t) init_getpgid_script(sulogin_t)
logging_send_syslog_msg(sulogin_t) logging_send_syslog_msg(sulogin_t)
@ -226,8 +228,6 @@ logging_send_syslog_msg(sulogin_t)
seutil_read_config(sulogin_t) seutil_read_config(sulogin_t)
seutil_read_default_contexts(sulogin_t) seutil_read_default_contexts(sulogin_t)
auth_read_shadow(sulogin_t)
userdom_use_unpriv_users_fds(sulogin_t) userdom_use_unpriv_users_fds(sulogin_t)
userdom_search_user_home_dirs(sulogin_t) userdom_search_user_home_dirs(sulogin_t)