This patch allows setfiles to use file handles inherited from apt (for dpkg
postinst scripts), adds those rsync permissions that were rejected previously
due to not using interfaces, allows fsadm_t to stat /run/mount/utab, and
allows system_cronjob_t some access it requires (including net_admin for
when it runs utilities that set buffers).
This patch is slightly more involved than just running sed. It also adds
typealias rules and doesn't change the FC entries.
The /dev/apm_bios device doesn't exist on modern systems. I have left that
policy in for the moment on the principle of making one change per patch. But
I might send another patch to remove that as it won't exist with modern
kernels.
Allow devicekit_power_t to chat to xdm via dbus and log via syslog.
Allow mount_t to do more with it's runtime files and stat more filesystem
types.
Allow xauth to send sigchld to xdm.
Allow semanage to search policy_src_t dirs and read /dev/urandom.
This patch adds a lot of policy that is needed to setup an initramfs and grub
on Debian nowadays.
Also changed a comment about ia64 to correctly mention EFI.
If loopback devices are not pregenerated (kernel option
CONFIG_BLK_DEV_LOOP_MIN_COUNT=0), mount needs to write to
/dev/loop-control do create them dynamically when needed.
In debian mount was trying to list / on a tmpfs (/run/lock). Since
var_lock_t is a mountpoint type, and so is mnt_t, i decided to implement
a files_list_all_mountpoints() and call that for mount because it makes
sense
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
Puppet calls mount to obtain the list of mounted file systems, redirecting its
output to a temporary file (labeled puppet_tmp_t). This allows the mount domain
to write to this resource.
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Replaced calls to interfaces allowing access to all files except
auth_file_type files with calls to interfaces allowing access to
non_auth_file_type files.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Chris PeBenito
cgzones
Chris PeBenito
Luis Ressel
Chris PeBenito
Dominick Grift
Laurent Bigonville
Sven Vermeulen
James Carter
Matthew Ife