clean up rpc hack
This commit is contained in:
parent
d828b5ca8f
commit
f00434fae9
|
@ -132,6 +132,23 @@ interface(`rpc_udp_sendto',`
|
|||
allow rpc_t $1:udp_socket recvfrom;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to get the attributes
|
||||
## of the NFS export file.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`rpc_dontaudit_getattr_exports',`
|
||||
gen_require(`
|
||||
type exports_t;
|
||||
')
|
||||
|
||||
dontaudit $1 exports_t:file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow read access to exports.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rpc,1.0.1)
|
||||
policy_module(rpc,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -71,9 +71,6 @@ optional_policy(`nis',`
|
|||
nis_read_ypserv_config(rpcd_t)
|
||||
')
|
||||
|
||||
# FIXME
|
||||
dontaudit userdomain exports_t:file getattr;
|
||||
|
||||
########################################
|
||||
#
|
||||
# NFSD local policy
|
||||
|
|
|
@ -365,6 +365,10 @@ template(`base_user_template',`
|
|||
quota_dontaudit_getattr_db($1_t)
|
||||
')
|
||||
|
||||
optional_policy(`rpc',`
|
||||
rpc_dontaudit_getattr_exports($1_t)
|
||||
')
|
||||
|
||||
optional_policy(`rpm',`
|
||||
files_getattr_var_lib_dir($1_t)
|
||||
files_search_var_lib($1_t)
|
||||
|
|
Loading…
Reference in New Issue