apache, mysql, postgrey, samba, squid: Apply new mmap_manage_files_pattern().
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito
parent
c4150cd0a5
commit
982cb068c2
|
|
@ -70,8 +70,7 @@ template(`apache_content_template',`
|
|||
allow httpd_$1_script_t { httpd_$1_content_t httpd_$1_script_exec_t }:lnk_file read_lnk_file_perms;
|
||||
|
||||
manage_dirs_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
|
||||
manage_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
|
||||
allow httpd_$1_script_t httpd_$1_rw_content_t:file map;
|
||||
mmap_manage_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
|
||||
manage_lnk_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
|
||||
manage_fifo_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
|
||||
manage_sock_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
|
||||
|
|
@ -1007,8 +1006,7 @@ interface(`apache_manage_sys_rw_content',`
|
|||
|
||||
apache_search_sys_content($1)
|
||||
manage_dirs_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
|
||||
manage_files_pattern($1,httpd_sys_rw_content_t, httpd_sys_rw_content_t)
|
||||
allow $1 httpd_sys_rw_content_t:file map;
|
||||
mmap_manage_files_pattern($1,httpd_sys_rw_content_t, httpd_sys_rw_content_t)
|
||||
manage_lnk_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -378,10 +378,9 @@ allow httpd_t self:unix_stream_socket { accept connectto listen };
|
|||
allow httpd_t self:tcp_socket { accept listen };
|
||||
|
||||
manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
|
||||
manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
|
||||
mmap_manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
|
||||
manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
|
||||
files_var_filetrans(httpd_t, httpd_cache_t, dir)
|
||||
allow httpd_t httpd_cache_t:file map;
|
||||
|
||||
allow httpd_t httpd_config_t:dir list_dir_perms;
|
||||
read_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
|
||||
|
|
@ -415,9 +414,8 @@ read_lnk_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
|
|||
allow httpd_t httpd_rotatelogs_t:process signal_perms;
|
||||
|
||||
manage_dirs_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
|
||||
manage_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
|
||||
mmap_manage_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
|
||||
manage_lnk_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
|
||||
allow httpd_t httpd_squirrelmail_t:file map;
|
||||
|
||||
allow httpd_t httpd_suexec_exec_t:file read_file_perms;
|
||||
|
||||
|
|
@ -441,8 +439,7 @@ manage_sock_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
|
|||
fs_tmpfs_filetrans(httpd_t, httpd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
||||
|
||||
manage_dirs_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
|
||||
manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
|
||||
allow httpd_t httpd_var_lib_t:file map;
|
||||
mmap_manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
|
||||
manage_lnk_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
|
||||
files_var_lib_filetrans(httpd_t, httpd_var_lib_t, { dir file })
|
||||
|
||||
|
|
@ -622,8 +619,7 @@ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
|
|||
domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
|
||||
|
||||
manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
allow httpd_t httpdcontent:file map;
|
||||
mmap_manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
manage_fifo_files_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
manage_lnk_files_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
manage_sock_files_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
|
|
@ -908,8 +904,7 @@ optional_policy(`
|
|||
# Helper local policy
|
||||
#
|
||||
|
||||
read_files_pattern(httpd_helper_t, httpd_config_t, httpd_config_t)
|
||||
allow httpd_t httpd_config_t:file map;
|
||||
mmap_read_files_pattern(httpd_helper_t, httpd_config_t, httpd_config_t)
|
||||
|
||||
append_files_pattern(httpd_helper_t, httpd_log_t, httpd_log_t)
|
||||
read_lnk_files_pattern(httpd_helper_t, httpd_log_t, httpd_log_t)
|
||||
|
|
|
|||
|
|
@ -74,8 +74,7 @@ allow mysqld_t self:unix_stream_socket { connectto accept listen };
|
|||
allow mysqld_t self:tcp_socket { accept listen };
|
||||
|
||||
manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
|
||||
manage_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
|
||||
allow mysqld_t mysqld_db_t:file map;
|
||||
mmap_manage_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
|
||||
manage_lnk_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
|
||||
files_var_lib_filetrans(mysqld_t, mysqld_db_t, { dir file lnk_file })
|
||||
|
||||
|
|
@ -91,8 +90,7 @@ manage_lnk_files_pattern(mysqld_t, mysqld_log_t, mysqld_log_t)
|
|||
logging_log_filetrans(mysqld_t, mysqld_log_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
|
||||
manage_files_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
|
||||
allow mysqld_t mysqld_tmp_t:file map;
|
||||
mmap_manage_files_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
|
||||
files_tmp_filetrans(mysqld_t, mysqld_tmp_t, { file dir })
|
||||
|
||||
manage_dirs_pattern(mysqld_t, mysqld_runtime_t, mysqld_runtime_t)
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ manage_files_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
|
|||
manage_fifo_files_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
|
||||
manage_sock_files_pattern(postgrey_t, postgrey_spool_t, postgrey_spool_t)
|
||||
|
||||
manage_files_pattern(postgrey_t, postgrey_var_lib_t, postgrey_var_lib_t)
|
||||
allow postgrey_t postgrey_var_lib_t:file map;
|
||||
mmap_manage_files_pattern(postgrey_t, postgrey_var_lib_t, postgrey_var_lib_t)
|
||||
files_var_lib_filetrans(postgrey_t, postgrey_var_lib_t, file)
|
||||
|
||||
manage_dirs_pattern(postgrey_t, postgrey_runtime_t, postgrey_runtime_t)
|
||||
|
|
|
|||
|
|
@ -217,8 +217,7 @@ manage_files_pattern(samba_net_t, samba_net_tmp_t, samba_net_tmp_t)
|
|||
files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
|
||||
|
||||
manage_dirs_pattern(samba_net_t, samba_var_t, samba_var_t)
|
||||
manage_files_pattern(samba_net_t, samba_var_t, samba_var_t)
|
||||
allow samba_net_t samba_var_t:file map;
|
||||
mmap_manage_files_pattern(samba_net_t, samba_var_t, samba_var_t)
|
||||
manage_lnk_files_pattern(samba_net_t, samba_var_t, samba_var_t)
|
||||
files_var_filetrans(samba_net_t, samba_var_t, dir, "samba")
|
||||
|
||||
|
|
@ -303,8 +302,7 @@ manage_lnk_files_pattern(smbd_t, samba_share_t, samba_share_t)
|
|||
allow smbd_t samba_share_t:filesystem { getattr quotaget };
|
||||
|
||||
manage_dirs_pattern(smbd_t, samba_var_t, samba_var_t)
|
||||
manage_files_pattern(smbd_t, samba_var_t, samba_var_t)
|
||||
allow smbd_t samba_var_t:file map;
|
||||
mmap_manage_files_pattern(smbd_t, samba_var_t, samba_var_t)
|
||||
manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t)
|
||||
manage_sock_files_pattern(smbd_t, samba_var_t, samba_var_t)
|
||||
files_var_filetrans(smbd_t, samba_var_t, dir, "samba")
|
||||
|
|
@ -314,8 +312,7 @@ manage_files_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
|
|||
files_tmp_filetrans(smbd_t, smbd_tmp_t, { file dir })
|
||||
|
||||
manage_dirs_pattern(smbd_t, samba_runtime_t, samba_runtime_t)
|
||||
manage_files_pattern(smbd_t, samba_runtime_t, samba_runtime_t)
|
||||
allow smbd_t samba_runtime_t:file map;
|
||||
mmap_manage_files_pattern(smbd_t, samba_runtime_t, samba_runtime_t)
|
||||
manage_sock_files_pattern(smbd_t, samba_runtime_t, samba_runtime_t)
|
||||
files_runtime_filetrans(smbd_t, samba_runtime_t, { dir file })
|
||||
|
||||
|
|
@ -530,8 +527,7 @@ allow nmbd_t self:unix_dgram_socket sendto;
|
|||
allow nmbd_t self:unix_stream_socket { accept connectto listen };
|
||||
|
||||
manage_dirs_pattern(nmbd_t, samba_runtime_t, samba_runtime_t)
|
||||
manage_files_pattern(nmbd_t, samba_runtime_t, samba_runtime_t)
|
||||
allow nmbd_t samba_runtime_t:file map;
|
||||
mmap_manage_files_pattern(nmbd_t, samba_runtime_t, samba_runtime_t)
|
||||
manage_sock_files_pattern(nmbd_t, samba_runtime_t, samba_runtime_t)
|
||||
files_runtime_filetrans(nmbd_t, samba_runtime_t, { dir file sock_file })
|
||||
|
||||
|
|
@ -543,8 +539,7 @@ append_files_pattern(nmbd_t, samba_log_t, samba_log_t)
|
|||
create_files_pattern(nmbd_t, samba_log_t, samba_log_t)
|
||||
setattr_files_pattern(nmbd_t, samba_log_t, samba_log_t)
|
||||
|
||||
manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
|
||||
allow nmbd_t samba_var_t:file map;
|
||||
mmap_manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
|
||||
manage_lnk_files_pattern(nmbd_t, samba_var_t, samba_var_t)
|
||||
manage_sock_files_pattern(nmbd_t, samba_var_t, samba_var_t)
|
||||
files_var_filetrans(nmbd_t, samba_var_t, dir, "nmbd")
|
||||
|
|
|
|||
|
|
@ -91,8 +91,7 @@ manage_dirs_pattern(squid_t, squid_tmp_t, squid_tmp_t)
|
|||
manage_files_pattern(squid_t, squid_tmp_t, squid_tmp_t)
|
||||
files_tmp_filetrans(squid_t, squid_tmp_t, { file dir })
|
||||
|
||||
manage_files_pattern(squid_t, squid_tmpfs_t, squid_tmpfs_t)
|
||||
allow squid_t squid_tmpfs_t:file map;
|
||||
mmap_manage_files_pattern(squid_t, squid_tmpfs_t, squid_tmpfs_t)
|
||||
fs_tmpfs_filetrans(squid_t, squid_tmpfs_t, file)
|
||||
|
||||
manage_files_pattern(squid_t, squid_runtime_t, squid_runtime_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue