Revert "bootloader: stricter permissions and more tailored file contexts"
This reverts commit b0c13980d2.
This commit is contained in:
Chris PeBenito
parent
cd29a19479
commit
0e80a8a7cf
@ -1,12 +1,6 @@
|
||||
/boot/grub.* -d gen_context(system_u:object_r:bootloader_run_t,s0)
|
||||
/boot/grub.*/.* gen_context(system_u:object_r:bootloader_run_t,s0)
|
||||
|
||||
/boot/grub.*/grub.cfg -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
/boot/grub.*/grub.conf -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
|
||||
/etc/lilo\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
/etc/grub.d(/.*)? -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
|
||||
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
/usr/sbin/grub2?-bios-setup -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
|
||||
@ -21,13 +21,6 @@ type bootloader_exec_t;
|
||||
application_domain(bootloader_t, bootloader_exec_t)
|
||||
role bootloader_roles types bootloader_t;
|
||||
|
||||
#
|
||||
# bootloader_run_t are image and other runtime
|
||||
# files
|
||||
#
|
||||
type bootloader_run_t alias run_bootloader_t;
|
||||
files_type(bootloader_run_t)
|
||||
|
||||
#
|
||||
# bootloader_etc_t is the configuration file,
|
||||
# grub.conf, lilo.conf, etc.
|
||||
@ -52,7 +45,7 @@ allow bootloader_t self:capability { dac_override dac_read_search fsetid sys_raw
|
||||
allow bootloader_t self:process { signal_perms execmem };
|
||||
allow bootloader_t self:fifo_file rw_fifo_file_perms;
|
||||
|
||||
allow bootloader_t bootloader_etc_t:file exec_file_perms;
|
||||
allow bootloader_t bootloader_etc_t:file read_file_perms;
|
||||
# uncomment the following lines if you use "lilo -p"
|
||||
#allow bootloader_t bootloader_etc_t:file manage_file_perms;
|
||||
#files_etc_filetrans(bootloader_t,bootloader_etc_t,file)
|
||||
@ -66,11 +59,6 @@ files_tmp_filetrans(bootloader_t, bootloader_tmp_t, { dir file lnk_file chr_file
|
||||
# for tune2fs (cjp: ?)
|
||||
files_root_filetrans(bootloader_t, bootloader_tmp_t, file)
|
||||
|
||||
manage_dirs_pattern(bootloader_t, bootloader_run_t, bootloader_run_t)
|
||||
manage_files_pattern(bootloader_t, bootloader_run_t, bootloader_run_t)
|
||||
manage_lnk_files_pattern(bootloader_t, bootloader_run_t, bootloader_run_t)
|
||||
files_boot_filetrans(bootloader_t, bootloader_run_t, { dir file lnk_file })
|
||||
|
||||
kernel_getattr_core_if(bootloader_t)
|
||||
kernel_read_network_state(bootloader_t)
|
||||
kernel_read_system_state(bootloader_t)
|
||||
@ -108,7 +96,10 @@ corecmd_exec_all_executables(bootloader_t)
|
||||
domain_use_interactive_fds(bootloader_t)
|
||||
|
||||
files_create_boot_dirs(bootloader_t)
|
||||
files_manage_boot_files(bootloader_t)
|
||||
files_manage_boot_symlinks(bootloader_t)
|
||||
files_read_etc_files(bootloader_t)
|
||||
files_exec_etc_files(bootloader_t)
|
||||
files_read_usr_src_files(bootloader_t)
|
||||
files_read_usr_files(bootloader_t)
|
||||
files_read_var_files(bootloader_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user