Reduced the number of differences in amanda between the targeted and the refpolicy

This commit is contained in:
Don Miner 2005-10-24 21:35:50 +00:00
parent 87ab639061
commit c11417c4df
2 changed files with 22 additions and 0 deletions

View File

@ -115,6 +115,10 @@ files_create_tmp_files(amanda_t, amanda_tmp_t, { file dir })
kernel_read_system_state(amanda_t) kernel_read_system_state(amanda_t)
kernel_read_kernel_sysctl(amanda_t) kernel_read_kernel_sysctl(amanda_t)
kernel_dontaudit_getattr_unlabeled_file(amanda_t) kernel_dontaudit_getattr_unlabeled_file(amanda_t)
kernel_dontaudit_read_proc_symlink(amanda_t)
# Added for targeted policy
term_use_unallocated_tty(amanda_t)
corenet_tcp_sendrecv_all_if(amanda_t) corenet_tcp_sendrecv_all_if(amanda_t)
corenet_udp_sendrecv_all_if(amanda_t) corenet_udp_sendrecv_all_if(amanda_t)

View File

@ -568,6 +568,24 @@ interface(`kernel_dontaudit_read_system_state',`
dontaudit $1 proc_t:file read; dontaudit $1 proc_t:file read;
') ')
########################################
## <summary>
## Do not audit attempts by caller to
## read system state information in proc.
## </summary>
## <param name="domain">
## The process type not to audit.
## </param>
#
interface(`kernel_dontaudit_read_proc_symlink',`
gen_require(`
type proc_t;
class lnk_file read;
')
dontaudit $1 proc_t:lnk_file read;
')
####################################### #######################################
## <summary> ## <summary>
## Allow caller to read the state information for software raid. ## Allow caller to read the state information for software raid.