Merge branch 'lvm' of git://github.com/cgzones/refpolicy
This commit is contained in:
Chris PeBenito
commit
bef9b29283
|
|
@ -9,11 +9,11 @@
|
|||
/etc/lvm/\.cache -- gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/cache(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
|
||||
/etc/lvmtab(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvmtab\.d(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvmtab(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvmtab\.d(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
|
|
@ -22,13 +22,13 @@ ifdef(`distro_gentoo',`
|
|||
/usr/bin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
')
|
||||
|
||||
/usr/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/usr/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/usr/lib/systemd/system/blk-availability.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/systemd/system/dm-event.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/systemd/system/lvm2-.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/systemd/system/lvm2-lvmetad.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/udev/udisks-lvm-pv-export -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/usr/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/usr/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/usr/lib/systemd/system/blk-availability.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/systemd/system/dm-event.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/systemd/system/lvm2-.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/systemd/system/lvm2-lvmetad.* -- gen_context(system_u:object_r:lvm_unit_t,s0)
|
||||
/usr/lib/udev/udisks-lvm-pv-export -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
|
||||
/usr/sbin/clvmd -- gen_context(system_u:object_r:clvmd_exec_t,s0)
|
||||
/usr/sbin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
|
|
@ -87,8 +87,8 @@ ifdef(`distro_gentoo',`
|
|||
#
|
||||
# /var
|
||||
#
|
||||
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
|
||||
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
|
||||
/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
|
||||
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
|
||||
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
|
||||
/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -198,18 +198,17 @@ interface(`lvm_domtrans_clvmd',`
|
|||
#
|
||||
interface(`lvm_admin',`
|
||||
gen_require(`
|
||||
type clvmd_t, clvmd_exec_t, clvmd_initrc_exec_t, lvm_unit_t;
|
||||
type clvmd_t, clvmd_initrc_exec_t, lvm_t, lvm_unit_t;
|
||||
type lvm_etc_t, lvm_lock_t, lvm_metadata_t;
|
||||
type lvm_var_lib_t, lvm_var_run_t, clvmd_var_run_t, lvm_tmp_t;
|
||||
')
|
||||
|
||||
allow $1 clvmd_t:process { ptrace signal_perms };
|
||||
ps_process_pattern($1, clvmd_t)
|
||||
admin_process_pattern($1, { clvmd_t lvm_t })
|
||||
|
||||
init_startstop_service($1, $2, clvmd_t, clvmd_initrc_exec_t, lvm_unit_t)
|
||||
|
||||
files_search_etc($1)
|
||||
admin_pattern($1, lvm_etc_t)
|
||||
admin_pattern($1, { lvm_etc_t lvm_metadata_t })
|
||||
|
||||
files_search_locks($1)
|
||||
admin_pattern($1, lvm_lock_t)
|
||||
|
|
|
|||
|
|
@ -126,7 +126,6 @@ logging_send_syslog_msg(clvmd_t)
|
|||
|
||||
miscfiles_read_localization(clvmd_t)
|
||||
|
||||
seutil_dontaudit_search_config(clvmd_t)
|
||||
seutil_sigchld_newrole(clvmd_t)
|
||||
seutil_read_config(clvmd_t)
|
||||
seutil_read_file_contexts(clvmd_t)
|
||||
|
|
@ -312,7 +311,7 @@ seutil_read_file_contexts(lvm_t)
|
|||
seutil_search_default_contexts(lvm_t)
|
||||
seutil_sigchld_newrole(lvm_t)
|
||||
|
||||
userdom_use_user_terminals(lvm_t)
|
||||
userdom_use_inherited_user_terminals(lvm_t)
|
||||
|
||||
ifdef(`init_systemd',`
|
||||
init_rw_stream_sockets(lvm_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue