Corecommands patch from Dan Walsh.
This commit is contained in:
Chris PeBenito
parent
05351730cc
commit
4b23c6747b
@ -44,15 +44,17 @@ ifdef(`distro_redhat',`
|
||||
/etc/apcupsd/offbattery -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/apcupsd/onbattery -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/avahi/.*\.action -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/cron.daily/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.hourly/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.weekly/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.monthly/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.daily(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.hourly(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.weekly(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/cron.monthly(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/dhcp/dhclient\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
@ -64,6 +66,7 @@ ifdef(`distro_redhat',`
|
||||
/etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/mail/make -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/mgetty\+sendfax/new_fax -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
@ -159,6 +162,7 @@ ifdef(`distro_gentoo',`
|
||||
/usr/lib(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@ -214,7 +218,9 @@ ifdef(`distro_gentoo',`
|
||||
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@ -228,12 +234,14 @@ ifdef(`distro_gentoo',`
|
||||
/usr/share/sectool/.*\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
|
||||
@ -954,6 +954,25 @@ interface(`corecmd_getattr_all_executables',`
|
||||
getattr_files_pattern($1, bin_t, exec_type)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read all executable files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`corecmd_read_all_executables',`
|
||||
gen_require(`
|
||||
attribute exec_type;
|
||||
')
|
||||
|
||||
read_files_pattern($1, exec_type, exec_type)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute all executable files.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(corecommands, 1.12.1)
|
||||
policy_module(corecommands, 1.12.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user