parent
ede0dadc05
commit
c753c066d1
|
@ -216,6 +216,25 @@ interface(`corecmd_dontaudit_getattr_bin_files',`
|
||||||
dontaudit $1 bin_t:file getattr_file_perms;
|
dontaudit $1 bin_t:file getattr_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Check if files in bin directories are executable (DAC-wise)
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`corecmd_check_exec_bin_files',`
|
||||||
|
gen_require(`
|
||||||
|
type bin_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 bin_t:dir search_dir_perms;
|
||||||
|
allow $1 bin_t:file { execute getattr };
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read files in bin directories.
|
## Read files in bin directories.
|
||||||
|
|
Loading…
Reference in New Issue