Merge pull request #750 from dsugar100/selinux_dbus
Setup domain for dbus selinux interface
This commit is contained in:
Chris PeBenito
GitHub
commit
6507eebc23
|
|
@ -48,6 +48,9 @@
|
|||
/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
|
||||
/usr/sbin/semanage -- gen_context(system_u:object_r:semanage_exec_t,s0)
|
||||
/usr/sbin/semodule -- gen_context(system_u:object_r:semanage_exec_t,s0)
|
||||
|
||||
/usr/share/system-config-selinux/selinux_server\.py -- gen_context(system_u:object_r:selinux_dbus_exec_t,s0)
|
||||
|
||||
/usr/libexec/selinux/semanage_migrate_store -- gen_context(system_u:object_r:semanage_exec_t,s0)
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,26 @@
|
|||
## <summary>Policy for SELinux policy and userland applications.</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive messages from
|
||||
## selinux semanage dbus interface.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`seutil_semanage_dbus_chat',`
|
||||
gen_require(`
|
||||
type selinux_dbus_t;
|
||||
class dbus send_msg;
|
||||
')
|
||||
|
||||
allow $1 selinux_dbus_t:dbus send_msg;
|
||||
allow selinux_dbus_t $1:dbus send_msg;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute checkpolicy in the checkpolicy domain.
|
||||
|
|
|
|||
|
|
@ -97,6 +97,10 @@ application_domain(run_init_t, run_init_exec_t)
|
|||
domain_system_change_exemption(run_init_t)
|
||||
role run_init_roles types run_init_t;
|
||||
|
||||
type selinux_dbus_t;
|
||||
type selinux_dbus_exec_t;
|
||||
dbus_system_domain(selinux_dbus_t, selinux_dbus_exec_t)
|
||||
|
||||
type semanage_t;
|
||||
type semanage_exec_t;
|
||||
application_domain(semanage_t, semanage_exec_t)
|
||||
|
|
@ -482,6 +486,25 @@ optional_policy(`
|
|||
daemontools_domtrans_start(run_init_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# selinux DBUS local policy
|
||||
#
|
||||
|
||||
allow selinux_dbus_t self:fifo_file rw_inherited_fifo_file_perms;
|
||||
allow selinux_dbus_t self:unix_stream_socket create_socket_perms;
|
||||
|
||||
corecmd_exec_bin(selinux_dbus_t)
|
||||
|
||||
files_read_etc_symlinks(selinux_dbus_t)
|
||||
files_list_usr(selinux_dbus_t)
|
||||
|
||||
policykit_dbus_chat(selinux_dbus_t)
|
||||
|
||||
miscfiles_read_localization(selinux_dbus_t)
|
||||
|
||||
seutil_domtrans_semanage(selinux_dbus_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# semodule local policy
|
||||
|
|
|
|||
Loading…
Reference in New Issue