mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-02-21 23:16:58 +00:00
trunk: firstboot update from dan.
This commit is contained in:
Chris PeBenito
parent
b4f23e680a
commit
93f445b8c0
@ -142,3 +142,22 @@ interface(`firstboot_dontaudit_rw_pipes',`
|
||||
|
||||
dontaudit $1 firstboot_t:fifo_file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attemps to read and write to a firstboot
|
||||
## unix domain stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`firstboot_dontaudit_rw_stream_sockets',`
|
||||
gen_require(`
|
||||
type firstboot_t;
|
||||
')
|
||||
|
||||
dontaudit $1 firstboot_t:unix_stream_socket { read write };
|
||||
')
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(firstboot, 1.7.0)
|
||||
policy_module(firstboot, 1.7.1)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
@ -35,9 +35,6 @@ allow firstboot_t self:passwd rootok;
|
||||
|
||||
allow firstboot_t firstboot_etc_t:file { getattr read };
|
||||
|
||||
# The big hammer
|
||||
unconfined_domain(firstboot_t)
|
||||
|
||||
kernel_read_system_state(firstboot_t)
|
||||
kernel_read_kernel_sysctls(firstboot_t)
|
||||
|
||||
@ -63,7 +60,6 @@ corecmd_exec_all_executables(firstboot_t)
|
||||
files_exec_etc_files(firstboot_t)
|
||||
files_manage_etc_files(firstboot_t)
|
||||
files_manage_etc_runtime_files(firstboot_t)
|
||||
files_etc_filetrans_etc_runtime(firstboot_t, { file dir })
|
||||
files_read_usr_files(firstboot_t)
|
||||
files_manage_var_dirs(firstboot_t)
|
||||
files_manage_var_files(firstboot_t)
|
||||
@ -110,6 +106,8 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
unconfined_domtrans(firstboot_t)
|
||||
# The big hammer
|
||||
unconfined_domain(firstboot_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -131,8 +129,4 @@ ifdef(`userhelper.te', `
|
||||
role system_r types sysadm_userhelper_t;
|
||||
domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
|
||||
')
|
||||
|
||||
ifdef(`xserver.te', `
|
||||
domain_auto_trans(firstboot_t, xserver_exec_t, xdm_xserver_t)
|
||||
')
|
||||
') dnl end TODO
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ntp, 1.6.0)
|
||||
policy_module(ntp, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -117,6 +117,7 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
firstboot_dontaudit_use_fds(ntpd_t)
|
||||
firstboot_dontaudit_rw_pipes(ntpd_t)
|
||||
firstboot_dontaudit_rw_stream_sockets(ntpd_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
Loading…
Reference in New Issue
Block a user