Merge pull request #454 from jpds/rwnetlinksocketperms-typo
obj_perm_sets.spt: Fixed typo in rw_netlink_socket_perms.
This commit is contained in:
Chris PeBenito
GitHub
commit
d55544121b
@ -156,7 +156,7 @@ allow portage_t self:process { setfscreate };
|
||||
# - kill for mysql merging, at least
|
||||
allow portage_t self:capability { kill setfcap sys_nice };
|
||||
dontaudit portage_t self:capability { dac_read_search };
|
||||
dontaudit portage_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
dontaudit portage_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
# user post-sync scripts
|
||||
can_exec(portage_t, portage_conf_t)
|
||||
@ -342,7 +342,7 @@ optional_policy(`
|
||||
#
|
||||
|
||||
allow portage_sandbox_t self:process ptrace;
|
||||
dontaudit portage_sandbox_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
dontaudit portage_sandbox_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
allow portage_sandbox_t portage_log_t:file { create_file_perms delete_file_perms setattr_file_perms append_file_perms };
|
||||
logging_log_filetrans(portage_sandbox_t, portage_log_t, file)
|
||||
|
||||
@ -27,7 +27,7 @@ files_tmp_file(vpnc_tmp_t)
|
||||
allow vpnc_t self:capability { dac_override dac_read_search ipc_lock net_admin net_raw setuid };
|
||||
allow vpnc_t self:process { getsched signal };
|
||||
allow vpnc_t self:fifo_file rw_fifo_file_perms;
|
||||
allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow vpnc_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
allow vpnc_t self:tcp_socket { accept listen };
|
||||
allow vpnc_t self:rawip_socket create_socket_perms;
|
||||
allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };
|
||||
|
||||
@ -24,7 +24,7 @@ allow iodined_t self:capability { net_admin net_raw setgid setuid sys_chroot };
|
||||
allow iodined_t self:rawip_socket create_socket_perms;
|
||||
allow iodined_t self:tun_socket create_socket_perms;
|
||||
allow iodined_t self:udp_socket connected_socket_perms;
|
||||
allow iodined_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow iodined_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
manage_dirs_pattern(iodined_t, iodined_runtime_t, iodined_runtime_t)
|
||||
manage_files_pattern(iodined_t, iodined_runtime_t, iodined_runtime_t)
|
||||
|
||||
@ -99,7 +99,7 @@ corenet_tcp_connect_epmap_port(eventlogd_t)
|
||||
|
||||
allow lsassd_t self:capability { chown dac_override fowner fsetid sys_time };
|
||||
allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow lsassd_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
allow lsassd_t likewise_krb5_ad_t:file read_file_perms;
|
||||
allow lsassd_t netlogond_var_lib_t:file read_file_perms;
|
||||
@ -160,7 +160,7 @@ optional_policy(`
|
||||
|
||||
allow lwiod_t self:capability { chown dac_override fowner fsetid sys_resource };
|
||||
allow lwiod_t self:process setrlimit;
|
||||
allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow lwiod_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
allow lwiod_t { likewise_krb5_ad_t netlogond_var_lib_t }:file read_file_perms;
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ dontaudit zebra_t self:capability sys_tty_config;
|
||||
allow zebra_t self:process { signal_perms getcap setcap };
|
||||
allow zebra_t self:fifo_file rw_fifo_file_perms;
|
||||
allow zebra_t self:unix_stream_socket { accept connectto listen };
|
||||
allow zebra_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow zebra_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
allow zebra_t self:tcp_socket { connect connected_stream_socket_perms };
|
||||
allow zebra_t self:udp_socket create_socket_perms;
|
||||
allow zebra_t self:rawip_socket create_socket_perms;
|
||||
|
||||
@ -88,7 +88,7 @@ allow ipsec_t self:udp_socket create_socket_perms;
|
||||
allow ipsec_t self:key_socket create_socket_perms;
|
||||
allow ipsec_t self:fifo_file rw_fifo_file_perms;
|
||||
allow ipsec_t self:netlink_xfrm_socket create_netlink_socket_perms;
|
||||
allow ipsec_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow ipsec_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
|
||||
|
||||
@ -462,7 +462,7 @@ userdom_use_user_terminals(setkey_t)
|
||||
allow ipsec_supervisor_t self:capability { dac_override dac_read_search kill net_admin };
|
||||
allow ipsec_supervisor_t self:process { signal signull };
|
||||
allow ipsec_supervisor_t self:fifo_file rw_fifo_file_perms;
|
||||
allow ipsec_supervisor_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow ipsec_supervisor_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
allow ipsec_supervisor_t self:netlink_xfrm_socket create_netlink_socket_perms;
|
||||
|
||||
allow ipsec_supervisor_t ipsec_conf_file_t:dir list_dir_perms;
|
||||
|
||||
@ -100,7 +100,7 @@ define(`create_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_wr
|
||||
#
|
||||
# Permissions for using netlink sockets for operations that modify state.
|
||||
#
|
||||
define(`rw_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
|
||||
define(`rw_netlink_socket_perms', `{ rw_socket_perms nlmsg_read nlmsg_write }')
|
||||
|
||||
#
|
||||
# Permissions for using netlink sockets for operations that observe state.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user