RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

trunk: start adding open perm to obvious places.

This commit is contained in:
Chris PeBenito 2008-05-23 18:22:57 +00:00
parent 7d8fbdc062
commit cbe82b179b
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/admin/amanda.te
View File

@ -94,7 +94,7 @@ can_exec(amanda_t,amanda_inetd_exec_t)
# access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists) # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms; allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
allow amanda_t amanda_gnutarlists_t:file manage_file_perms; allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms; allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t) manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t) manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)

4
policy/modules/services/gpm.te
View File

@ -41,8 +41,8 @@ files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file manage_file_perms; allow gpm_t gpm_var_run_t:file manage_file_perms;
files_pid_filetrans(gpm_t,gpm_var_run_t,file) files_pid_filetrans(gpm_t,gpm_var_run_t,file)
allow gpm_t gpmctl_t:sock_file manage_file_perms; allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
allow gpm_t gpmctl_t:fifo_file manage_file_perms; allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;
dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file }) dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file })
kernel_read_kernel_sysctls(gpm_t) kernel_read_kernel_sysctls(gpm_t)

14
policy/support/obj_perm_sets.spt
View File

@ -193,7 +193,7 @@ define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
define(`create_dir_perms',`{ getattr create }') define(`create_dir_perms',`{ getattr create }')
define(`rename_dir_perms',`{ getattr rename }') define(`rename_dir_perms',`{ getattr rename }')
define(`delete_dir_perms',`{ getattr rmdir }') define(`delete_dir_perms',`{ getattr rmdir }')
define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }') define(`manage_dir_perms',`{ create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
define(`relabelfrom_dir_perms',`{ getattr relabelfrom }') define(`relabelfrom_dir_perms',`{ getattr relabelfrom }')
define(`relabelto_dir_perms',`{ getattr relabelto }') define(`relabelto_dir_perms',`{ getattr relabelto }')
define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }') define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }')
@ -209,10 +209,10 @@ define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
define(`append_file_perms',`{ getattr append lock ioctl }') define(`append_file_perms',`{ getattr append lock ioctl }')
define(`write_file_perms',`{ getattr write append lock ioctl }') define(`write_file_perms',`{ getattr write append lock ioctl }')
define(`rw_file_perms',`{ getattr read write append ioctl lock }') define(`rw_file_perms',`{ getattr read write append ioctl lock }')
define(`create_file_perms',`{ getattr create }') define(`create_file_perms',`{ getattr create open }')
define(`rename_file_perms',`{ getattr rename }') define(`rename_file_perms',`{ getattr rename }')
define(`delete_file_perms',`{ getattr unlink }') define(`delete_file_perms',`{ getattr unlink }')
define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') define(`manage_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_file_perms',`{ getattr relabelfrom }') define(`relabelfrom_file_perms',`{ getattr relabelfrom }')
define(`relabelto_file_perms',`{ getattr relabelto }') define(`relabelto_file_perms',`{ getattr relabelto }')
define(`relabel_file_perms',`{ getattr relabelfrom relabelto }') define(`relabel_file_perms',`{ getattr relabelfrom relabelto }')
@ -243,10 +243,10 @@ define(`read_fifo_file_perms',`{ getattr read lock ioctl }')
define(`append_fifo_file_perms',`{ getattr append lock ioctl }') define(`append_fifo_file_perms',`{ getattr append lock ioctl }')
define(`write_fifo_file_perms',`{ getattr write append lock ioctl }') define(`write_fifo_file_perms',`{ getattr write append lock ioctl }')
define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }') define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }')
define(`create_fifo_file_perms',`{ getattr create }') define(`create_fifo_file_perms',`{ getattr create open }')
define(`rename_fifo_file_perms',`{ getattr rename }') define(`rename_fifo_file_perms',`{ getattr rename }')
define(`delete_fifo_file_perms',`{ getattr unlink }') define(`delete_fifo_file_perms',`{ getattr unlink }')
define(`manage_fifo_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') define(`manage_fifo_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_fifo_file_perms',`{ getattr relabelfrom }') define(`relabelfrom_fifo_file_perms',`{ getattr relabelfrom }')
define(`relabelto_fifo_file_perms',`{ getattr relabelto }') define(`relabelto_fifo_file_perms',`{ getattr relabelto }')
define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }') define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }')
@ -279,7 +279,7 @@ define(`rw_blk_file_perms',`{ getattr read write append ioctl lock }')
define(`create_blk_file_perms',`{ getattr create }') define(`create_blk_file_perms',`{ getattr create }')
define(`rename_blk_file_perms',`{ getattr rename }') define(`rename_blk_file_perms',`{ getattr rename }')
define(`delete_blk_file_perms',`{ getattr unlink }') define(`delete_blk_file_perms',`{ getattr unlink }')
define(`manage_blk_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') define(`manage_blk_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_blk_file_perms',`{ getattr relabelfrom }') define(`relabelfrom_blk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_blk_file_perms',`{ getattr relabelto }') define(`relabelto_blk_file_perms',`{ getattr relabelto }')
define(`relabel_blk_file_perms',`{ getattr relabelfrom relabelto }') define(`relabel_blk_file_perms',`{ getattr relabelfrom relabelto }')
@ -296,7 +296,7 @@ define(`rw_chr_file_perms',`{ getattr read write append ioctl lock }')
define(`create_chr_file_perms',`{ getattr create }') define(`create_chr_file_perms',`{ getattr create }')
define(`rename_chr_file_perms',`{ getattr rename }') define(`rename_chr_file_perms',`{ getattr rename }')
define(`delete_chr_file_perms',`{ getattr unlink }') define(`delete_chr_file_perms',`{ getattr unlink }')
define(`manage_chr_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }') define(`manage_chr_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_chr_file_perms',`{ getattr relabelfrom }') define(`relabelfrom_chr_file_perms',`{ getattr relabelfrom }')
define(`relabelto_chr_file_perms',`{ getattr relabelto }') define(`relabelto_chr_file_perms',`{ getattr relabelto }')
define(`relabel_chr_file_perms',`{ getattr relabelfrom relabelto }') define(`relabel_chr_file_perms',`{ getattr relabelfrom relabelto }')