misc daemons from Russell Coker.
Put in libx32 subs entries that refer to directories with fc entries. Allow dpkg_t to transition to dpkg_script_t when it executes bin_t for dpkg-reconfigure. Some dontaudit rules for mta processes spawned by mon for notification. Lots of tiny changes that are obvious.
This commit is contained in:
parent
60114027f7
commit
b49d85c83d
|
@ -12,13 +12,14 @@
|
|||
/lib /usr/lib
|
||||
/lib32 /usr/lib
|
||||
/lib64 /usr/lib
|
||||
/libx32 /usr/libx32
|
||||
/libx32 /usr/lib
|
||||
/sbin /usr/sbin
|
||||
/etc/init.d /etc/rc.d/init.d
|
||||
/lib/systemd /usr/lib/systemd
|
||||
/run/lock /var/lock
|
||||
/usr/lib32 /usr/lib
|
||||
/usr/lib64 /usr/lib
|
||||
/usr/libx32 /usr/lib
|
||||
/usr/local/lib32 /usr/lib
|
||||
/usr/local/lib64 /usr/lib
|
||||
/usr/local/lib /usr/lib
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(dmesg, 1.5.1)
|
||||
policy_module(dmesg, 1.5.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -29,6 +29,7 @@ kernel_read_proc_symlinks(dmesg_t)
|
|||
kernel_dontaudit_search_unlabeled(dmesg_t)
|
||||
|
||||
dev_read_sysfs(dmesg_t)
|
||||
dev_read_kmsg(dmesg_t)
|
||||
|
||||
fs_search_auto_mountpoints(dmesg_t)
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(netutils, 1.16.1)
|
||||
policy_module(netutils, 1.16.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -125,6 +125,8 @@ corenet_tcp_sendrecv_generic_node(ping_t)
|
|||
corenet_raw_bind_generic_node(ping_t)
|
||||
corenet_tcp_sendrecv_all_ports(ping_t)
|
||||
|
||||
dev_read_urand(ping_t)
|
||||
|
||||
fs_dontaudit_getattr_xattr_fs(ping_t)
|
||||
|
||||
domain_use_interactive_fds(ping_t)
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit cc8217920149792e4a1ef7cc60af22e3b2bc6117
|
||||
Subproject commit 89c5442a083107b0092f408ba1c9b6f0a40a49b4
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(fstools, 1.20.2)
|
||||
policy_module(fstools, 1.20.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -208,6 +208,10 @@ optional_policy(`
|
|||
|
||||
optional_policy(`
|
||||
udev_read_db(fsadm_t)
|
||||
|
||||
# Xen causes losetup to run with a presumably accidentally inherited
|
||||
# file handle for /run/xen-hotplug/block
|
||||
udev_dontaudit_rw_pid_files(fsadm_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
|
@ -338,6 +338,24 @@ interface(`udev_read_pid_files',`
|
|||
read_files_pattern($1, udev_var_run_t, udev_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## dontaudit attempts to read/write udev pidfiles
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`udev_dontaudit_rw_pid_files',`
|
||||
gen_require(`
|
||||
type udev_var_run_t;
|
||||
')
|
||||
|
||||
dontaudit $1 udev_var_run_t:file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
policy_module(udev, 1.21.8)
|
||||
policy_module(udev, 1.21.9)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue