add anaconda
This commit is contained in:
Chris PeBenito
parent
b9ae3aab39
commit
9edc289521
|
|
@ -1,5 +1,6 @@
|
||||||
- Fix errors uncovered by sediff.
|
- Fix errors uncovered by sediff.
|
||||||
- Added policies:
|
- Added policies:
|
||||||
|
anaconda
|
||||||
kudzu
|
kudzu
|
||||||
radvd
|
radvd
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
#
|
||||||
|
# Currently anaconda does not have any file context since it is
|
||||||
|
# started during install. This is a placeholder to satisfy
|
||||||
|
# the policy Makefile dependencies.
|
||||||
|
#
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
## <summary>Policy for the Anaconda installer.</summary>
|
||||||
|
|
@ -0,0 +1,59 @@
|
||||||
|
|
||||||
|
policy_module(anaconda,1.0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Declarations
|
||||||
|
#
|
||||||
|
|
||||||
|
type anaconda_t;
|
||||||
|
domain_type(anaconda_t)
|
||||||
|
domain_obj_id_change_exempt(anaconda_t)
|
||||||
|
role system_r types anaconda_t;
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
# Run other rc scripts in the anaconda_t domain.
|
||||||
|
init_domtrans_script(anaconda_t)
|
||||||
|
|
||||||
|
libs_domtrans_ldconfig(anaconda_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(anaconda_t)
|
||||||
|
|
||||||
|
modutils_domtrans_insmod(anaconda_t)
|
||||||
|
|
||||||
|
unconfined_domain_template(anaconda_t)
|
||||||
|
|
||||||
|
ifdef(`distro_redhat',`
|
||||||
|
bootloader_create_runtime_file(anaconda_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`dmesg.te',`
|
||||||
|
dmesg_domtrans(anaconda_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`rpm.te',`
|
||||||
|
rpm_domtrans(anaconda_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`udev.te',`
|
||||||
|
udev_domtrans(anaconda_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`usermanage.te',`
|
||||||
|
usermanage_domtrans_admin_passwd(anaconda_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
ifdef(`TODO',`
|
||||||
|
optional_policy(`su.te',`
|
||||||
|
role system_r types sysadm_su_t;
|
||||||
|
domain_auto_trans(anaconda_t, su_exec_t, sysadm_su_t)
|
||||||
|
')
|
||||||
|
optional_policy(`ssh.te',`
|
||||||
|
role system_r types sysadm_ssh_agent_t;
|
||||||
|
domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
@ -156,6 +156,30 @@ interface(`usermanage_run_passwd',`
|
||||||
allow passwd_t $3:chr_file rw_term_perms;
|
allow passwd_t $3:chr_file rw_term_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute password admin functions in
|
||||||
|
## the admin passwd domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## Domain allowed access.
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`usermanage_domtrans_admin_passwd',`
|
||||||
|
gen_require(`
|
||||||
|
type sysadm_passwd_t, admin_passwd_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_usr($1)
|
||||||
|
corecmd_search_bin($1)
|
||||||
|
domain_auto_trans($1,admin_passwd_exec_t,sysadm_passwd_t)
|
||||||
|
|
||||||
|
allow $1 sysadm_passwd_t:fd use;
|
||||||
|
allow sysadm_passwd_t $1:fd use;
|
||||||
|
allow sysadm_passwd_t $1:fifo_file rw_file_perms;
|
||||||
|
allow sysadm_passwd_t $1:process sigchld;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute useradd in the useradd domain.
|
## Execute useradd in the useradd domain.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue