RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc daemons from Russell Coker. 

Put in libx32 subs entries that refer to directories with fc entries.

Allow dpkg_t to transition to dpkg_script_t when it executes bin_t for
dpkg-reconfigure.

Some dontaudit rules for mta processes spawned by mon for notification.

Lots of tiny changes that are obvious.
This commit is contained in:
Chris PeBenito 2017-04-18 20:38:13 -04:00
parent 60114027f7
commit b49d85c83d
7 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/file_contexts.subs_dist
View File

@ -12,13 +12,14 @@
/lib /usr/lib /lib /usr/lib
/lib32 /usr/lib /lib32 /usr/lib
/lib64 /usr/lib /lib64 /usr/lib
/libx32 /usr/libx32 /libx32 /usr/lib
/sbin /usr/sbin /sbin /usr/sbin
/etc/init.d /etc/rc.d/init.d /etc/init.d /etc/rc.d/init.d
/lib/systemd /usr/lib/systemd /lib/systemd /usr/lib/systemd
/run/lock /var/lock /run/lock /var/lock
/usr/lib32 /usr/lib /usr/lib32 /usr/lib
/usr/lib64 /usr/lib /usr/lib64 /usr/lib
/usr/libx32 /usr/lib
/usr/local/lib32 /usr/lib /usr/local/lib32 /usr/lib
/usr/local/lib64 /usr/lib /usr/local/lib64 /usr/lib
/usr/local/lib /usr/lib /usr/local/lib /usr/lib

3
policy/modules/admin/dmesg.te
View File

@ -1,4 +1,4 @@
policy_module(dmesg, 1.5.1) policy_module(dmesg, 1.5.2)
######################################## ########################################
# #
@ -29,6 +29,7 @@ kernel_read_proc_symlinks(dmesg_t)
kernel_dontaudit_search_unlabeled(dmesg_t) kernel_dontaudit_search_unlabeled(dmesg_t)
dev_read_sysfs(dmesg_t) dev_read_sysfs(dmesg_t)
dev_read_kmsg(dmesg_t)
fs_search_auto_mountpoints(dmesg_t) fs_search_auto_mountpoints(dmesg_t)

4
policy/modules/admin/netutils.te
View File

@ -1,4 +1,4 @@
policy_module(netutils, 1.16.1) policy_module(netutils, 1.16.2)
######################################## ########################################
# #
@ -125,6 +125,8 @@ corenet_tcp_sendrecv_generic_node(ping_t)
corenet_raw_bind_generic_node(ping_t) corenet_raw_bind_generic_node(ping_t)
corenet_tcp_sendrecv_all_ports(ping_t) corenet_tcp_sendrecv_all_ports(ping_t)
dev_read_urand(ping_t)
fs_dontaudit_getattr_xattr_fs(ping_t) fs_dontaudit_getattr_xattr_fs(ping_t)
domain_use_interactive_fds(ping_t) domain_use_interactive_fds(ping_t)

2
policy/modules/contrib

@ -1 +1 @@
Subproject commit cc8217920149792e4a1ef7cc60af22e3b2bc6117 Subproject commit 89c5442a083107b0092f408ba1c9b6f0a40a49b4

6
policy/modules/system/fstools.te
View File

@ -1,4 +1,4 @@
policy_module(fstools, 1.20.2) policy_module(fstools, 1.20.3)
######################################## ########################################
# #
@ -208,6 +208,10 @@ optional_policy(`
optional_policy(` optional_policy(`
udev_read_db(fsadm_t) udev_read_db(fsadm_t)
# Xen causes losetup to run with a presumably accidentally inherited
# file handle for /run/xen-hotplug/block
udev_dontaudit_rw_pid_files(fsadm_t)
') ')
optional_policy(` optional_policy(`

18
policy/modules/system/udev.if
View File

@ -338,6 +338,24 @@ interface(`udev_read_pid_files',`
read_files_pattern($1, udev_var_run_t, udev_var_run_t) read_files_pattern($1, udev_var_run_t, udev_var_run_t)
') ')
########################################
## <summary>
## dontaudit attempts to read/write udev pidfiles
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`udev_dontaudit_rw_pid_files',`
gen_require(`
type udev_var_run_t;
')
dontaudit $1 udev_var_run_t:file { read write };
')
######################################## ########################################
## <summary> ## <summary>
## Create, read, write, and delete ## Create, read, write, and delete

2
policy/modules/system/udev.te
View File

@ -1,4 +1,4 @@
policy_module(udev, 1.21.8) policy_module(udev, 1.21.9)
######################################## ########################################
# #