whitespace cleanup
Remove trailing white spaces and mixed up indents Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche
parent
71e653980b
commit
72b2c66256
|
|
@ -2233,4 +2233,3 @@ Sven Vermeulen (27):
|
|||
Allow initrc_t to read stunnel configuration
|
||||
Introduce exec-check interfaces for passwd binaries and useradd binaries
|
||||
chfn_t reads in file context information and executes nscd
|
||||
|
||||
|
|
|
|||
|
|
@ -859,24 +859,24 @@ Dominick Grift (126):
|
|||
Typo fix in ksmtuned_admin() by Shintaro Fujiwara
|
||||
Fix monolithic built
|
||||
Change file context spec for aide log files to catch suffixes
|
||||
Module version bumps for changes in various policy modules by Sven
|
||||
Module version bumps for changes in various policy modules by Sven
|
||||
Vermeulen
|
||||
Squid: Use a single pattern for brevity
|
||||
Irc was already allowed to create tcp sockets, it only needed an
|
||||
Irc was already allowed to create tcp sockets, it only needed an
|
||||
additional accept, and listen to be able to act as a proxy
|
||||
Its probably a better idea to use the httpd_sys_ra_content_t type sid
|
||||
Its probably a better idea to use the httpd_sys_ra_content_t type sid
|
||||
for logs in these locations
|
||||
Module version bump for changes to the tcsd policy module by Lukas
|
||||
Module version bump for changes to the tcsd policy module by Lukas
|
||||
Vrabec
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Grepl
|
||||
Module version bump for changes to the samba policy module by Dan Walsh
|
||||
Module version bump for changes to the telepathy policy module by
|
||||
Module version bump for changes to the telepathy policy module by
|
||||
Miroslav Grepl
|
||||
We do not have a boinc domain type attribute Change boolean
|
||||
description a bit
|
||||
Additional rabbitmq couchdb support
|
||||
Module version bumps for changes to various policy modules by Miroslav
|
||||
Module version bumps for changes to various policy modules by Miroslav
|
||||
Grepl
|
||||
Additional git tcp networking rules
|
||||
Additional ktalkd udp networking rules
|
||||
|
|
@ -889,25 +889,25 @@ Dominick Grift (126):
|
|||
Addtional tgtd tcp networking rules
|
||||
Additional polipo tcp networking rules
|
||||
Fix asterisk files_spool_filetrans()
|
||||
Module version bump for changes to the networkmanager policy module by
|
||||
Module version bump for changes to the networkmanager policy module by
|
||||
Lukas Vrabec
|
||||
Additional fs_tmpfs_filetrans() for munin service plugin content on
|
||||
Additional fs_tmpfs_filetrans() for munin service plugin content on
|
||||
tmpfs
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Grepl
|
||||
Support rlogind, and telnetd as init daemon domains ( i think fedora is
|
||||
Support rlogind, and telnetd as init daemon domains ( i think fedora is
|
||||
campaigning to get rid of (x)?inetd )
|
||||
Support mariadb logging, file context specification for mariadb specific
|
||||
Support mariadb logging, file context specification for mariadb specific
|
||||
config location
|
||||
Change logwatch boolean identifier to something more self-documenting.
|
||||
Change logwatch boolean identifier to something more self-documenting.
|
||||
Additional tcp networking rules
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Grepl
|
||||
Fix inconsistencies in the pkcs policy module
|
||||
Fix fetchmail inconsistencies
|
||||
Module version bump for changes in various policy modules by Dan Walsh
|
||||
Support for window managers to stream socket connect to pulseaudio
|
||||
Logwatch does not need to be able to bind tcp sockets to generic nodes
|
||||
Logwatch does not need to be able to bind tcp sockets to generic nodes
|
||||
since its only connecting
|
||||
Adds userhelper_exec_consolehelper for window managers
|
||||
Remove duplicate rules due to addition of auth_use_nsswitch()
|
||||
|
|
@ -918,7 +918,7 @@ Dominick Grift (126):
|
|||
condor_conf_t
|
||||
Hit by a nasty optional policy nesting issue
|
||||
We will find another way to run pa as a system server
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Module version bump for changes to various policy modules by Miroslav
|
||||
Grepl
|
||||
Clean up hypervkvp policy module (seems incomplete)
|
||||
Clean up initial redis policy module
|
||||
|
|
@ -950,45 +950,45 @@ Dominick Grift (126):
|
|||
stops avahi via its init script. I also created a
|
||||
avahi_manage_pid_files() for udev_t because the script manages a file
|
||||
called "checked_nameservers.*" in /run/avahi-daemon
|
||||
Cleanups of various modules with regard to regular expressions and white
|
||||
Cleanups of various modules with regard to regular expressions and white
|
||||
space
|
||||
apt: As it turns out the /var/backups directory is labeled in the backup
|
||||
apt: As it turns out the /var/backups directory is labeled in the backup
|
||||
module (which i incidentally did not have installed earlier). Instead
|
||||
of creating this file with a file type transition to
|
||||
apt_var_cache_t, allow apt_t to manage backup_store files
|
||||
mta: this needs to be verified again, it should just have been running
|
||||
mta: this needs to be verified again, it should just have been running
|
||||
in exim_t. I might have taken this from old logs
|
||||
mandb: /etc/cron.daily/man-db executes dpkg, reads dpkg db on Debian
|
||||
slocate: catch /usr/bin/updatedb.mlocate, and /etc/cron.daily/mlocate on
|
||||
slocate: catch /usr/bin/updatedb.mlocate, and /etc/cron.daily/mlocate on
|
||||
Debian
|
||||
dpkg: catch /etc/cron.daily/dpkg on Debian dpkg: allow
|
||||
/etc/cron.daily/dpkg to manage backup store files on Debian
|
||||
cron: consistent usage of regular expressions cron: prelink no longer
|
||||
runs in the system cronjob domain
|
||||
alsa: alsactl wants to associate pulse-shm-.* to device_t type
|
||||
filesystems. This happens early on but i do not understand how that
|
||||
alsa: alsactl wants to associate pulse-shm-.* to device_t type
|
||||
filesystems. This happens early on but i do not understand how that
|
||||
(/dev) relates to /dev/shm in this regard
|
||||
devicekit: reads udev pid files modemmanager: reads udev pid files
|
||||
vdagent: spice-vdagentd uses /dev/vport1p1 virtio console
|
||||
tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes
|
||||
tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes
|
||||
/dev/pts/0 inherited from init script
|
||||
revert regular expressions
|
||||
wm: allow $1_wm_t to stream connect to $1_gkeyringd_t
|
||||
mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and
|
||||
mta: allow system_mail_t (user_mail_domains) to read kernel sysctls and
|
||||
to read exim var lib files.
|
||||
mta: These are duplicates because system_mail_t is a user_mail_domain,
|
||||
as it is based off of the mta_base_mail_template() which assigns that
|
||||
mta: These are duplicates because system_mail_t is a user_mail_domain,
|
||||
as it is based off of the mta_base_mail_template() which assigns that
|
||||
type attribute
|
||||
locate: extra rules needed by debian /etc/cron.daily/locate script
|
||||
backup: in Debian /etc/cron.daily/passwd backs-up shadow, passwd etc to
|
||||
backup: in Debian /etc/cron.daily/passwd backs-up shadow, passwd etc to
|
||||
/var/backups
|
||||
avahi: create interfaces that will allow calles to create avahi pid dirs
|
||||
avahi: create interfaces that will allow calles to create avahi pid dirs
|
||||
and create specifc avahi pid objects with a type transition (for
|
||||
udev, which runs: /usr/lib/avahi/avahi-daemon-check-dns.sh in
|
||||
Debian
|
||||
Initial gdomap policy module
|
||||
Initial minissdpd policy module
|
||||
alsa: due to a bug in gnome 3.4, in debian, alsactl does all kinds of
|
||||
alsa: due to a bug in gnome 3.4, in debian, alsactl does all kinds of
|
||||
weird things related to pulseaudio
|
||||
various: revert regex fixes: fcsort does not want this now
|
||||
gdomap: gdomap_port_t is now available, gdomap binds tcp, and udp socket
|
||||
|
|
@ -1211,7 +1211,7 @@ Dominick Grift (889):
|
|||
fcoemon sends to lldpad with a dgram socket
|
||||
Initial quantum policy module
|
||||
Initial dspam policy module
|
||||
Module version bump for Telepathy file context spec fixes from Laurent
|
||||
Module version bump for Telepathy file context spec fixes from Laurent
|
||||
Bigonville.
|
||||
Initial isns policy module
|
||||
Various changes to tcs policy module
|
||||
|
|
@ -1257,7 +1257,7 @@ Dominick Grift (889):
|
|||
Changes to the abrt policy module and relevant dependencies
|
||||
numad sends/receives msgs from Fedora
|
||||
Amtu executable file in installed in /usr/sbin in Fedora
|
||||
The (usr/)? expression does not work consistently so better not use it
|
||||
The (usr/)? expression does not work consistently so better not use it
|
||||
at all
|
||||
Changes to the httpd policy module
|
||||
Merge branch 'master' of
|
||||
|
|
@ -1308,7 +1308,7 @@ Dominick Grift (889):
|
|||
Changes to the ccs policy module
|
||||
Changes to the cdrecord policy module
|
||||
Changes to the certmaster policy module and various role attribute fixes
|
||||
cdrecord needs to read and write callers unix domain stream socket not
|
||||
cdrecord needs to read and write callers unix domain stream socket not
|
||||
create it
|
||||
Changes to the certmonger policy module and its dependencies
|
||||
Initial cachefilesd policy module
|
||||
|
|
@ -1354,9 +1354,9 @@ Dominick Grift (889):
|
|||
Changes to the djbdns policy module
|
||||
Changes to the dkim policy module
|
||||
Changes to the dmidecode policy module
|
||||
Module bump for Laurent Bigonville trousers init script file context
|
||||
Module bump for Laurent Bigonville trousers init script file context
|
||||
specification fix
|
||||
Module bump for Laurent Bigonville libvirt init script file context
|
||||
Module bump for Laurent Bigonville libvirt init script file context
|
||||
specification fix
|
||||
Changes to the dnsmasq policy module and relevant dependencies
|
||||
Changes to the dovecot policy module
|
||||
|
|
@ -1383,7 +1383,7 @@ Dominick Grift (889):
|
|||
Initial glusterfs policy module
|
||||
Add gatekeeper newline
|
||||
Deprecate glusterd_admin() use glusterfs_admin() instead
|
||||
Portage module version bump for autofs support by Matthew Thode and
|
||||
Portage module version bump for autofs support by Matthew Thode and
|
||||
clean up
|
||||
cfengine: This location is now labeled with a cfengine private type
|
||||
Changes to the slpd policy module
|
||||
|
|
@ -1395,8 +1395,8 @@ Dominick Grift (889):
|
|||
Changes to the gnomeclock policy module
|
||||
Deprecate various DBUS interfaces and relevant dependencies
|
||||
Changes to the cachefilesd policy module
|
||||
Remove file context specification for kgpg which is a GUI frontend to
|
||||
GPG. Domain transition to gpg_t will happen when kgpg runs gpg.
|
||||
Remove file context specification for kgpg which is a GUI frontend to
|
||||
GPG. Domain transition to gpg_t will happen when kgpg runs gpg.
|
||||
(rhbz#862229)
|
||||
Initial mandb policy module
|
||||
Changes to the hadoop policy module
|
||||
|
|
@ -1492,7 +1492,7 @@ Dominick Grift (889):
|
|||
Changes to the iodine policy module
|
||||
Changes to the kerberos policy module
|
||||
Changes to the kdumpgui policy module
|
||||
Update deprecated interface calls ( gnome_read_config ->
|
||||
Update deprecated interface calls ( gnome_read_config ->
|
||||
gnome_read_generic_home_content )
|
||||
Changes to the mozilla policy module
|
||||
Changes to the thunderbird policy module
|
||||
|
|
@ -1663,7 +1663,7 @@ Dominick Grift (889):
|
|||
Fix a fatal syntax error in mozilla_plugin_role()
|
||||
Changes to the plymouth policy module
|
||||
Changes to the policykit policy module
|
||||
Module version bump for fixes in shorewall, fail2ban and portage policy
|
||||
Module version bump for fixes in shorewall, fail2ban and portage policy
|
||||
modules by Sven Vermeulen
|
||||
Tab clean up in the puppet file context file
|
||||
Changes to ther puppet policy module and relevant dependencies
|
||||
|
|
@ -1696,7 +1696,7 @@ Dominick Grift (889):
|
|||
Tab clean up in the razor file context file
|
||||
Changes to the razor policy module and relevant dependencies
|
||||
Smokeping cgi needs to run ping with a domain transition Remove
|
||||
redundant socket create already provided by
|
||||
redundant socket create already provided by
|
||||
sysnet_dns_name_resolve()
|
||||
Changes to the virt policy module
|
||||
Changes to the apache policy module
|
||||
|
|
@ -1779,7 +1779,7 @@ Dominick Grift (889):
|
|||
Changes to the shutdown policy module and relevant dependencies
|
||||
Tab clean up in the slocate file context file
|
||||
Changes to the slocate policy module and relevant dependencies
|
||||
These domains transition to shutdown domain now so they no longer need
|
||||
These domains transition to shutdown domain now so they no longer need
|
||||
direct access
|
||||
Re-add missing network rule in screen policy module
|
||||
fail2ban server sets scheduler
|
||||
|
|
@ -1802,7 +1802,7 @@ Dominick Grift (889):
|
|||
Changes to the soundserver policy module
|
||||
Tab clean up in the spamassassin file context file
|
||||
Changes to the spamassassin policy module and relevant dependendies
|
||||
spamassassin_role callers create ~/.spamd with the spamd_home_t user
|
||||
spamassassin_role callers create ~/.spamd with the spamd_home_t user
|
||||
home type instead
|
||||
Re-add sys_admin capability that was lost with porting from Fedora
|
||||
Move mailscanner content to mailscanner module
|
||||
|
|
@ -1865,7 +1865,7 @@ Dominick Grift (889):
|
|||
Changes to the ulogd policy module
|
||||
Tab clean up in the uml file context file
|
||||
Changes to the uml policy module
|
||||
Make it so that irc clients can also get attributes of cifs, nfs, fuse
|
||||
Make it so that irc clients can also get attributes of cifs, nfs, fuse
|
||||
and other file systems
|
||||
Changes to the updfstab policy module
|
||||
Changes to the uptime policy module
|
||||
|
|
@ -1954,7 +1954,7 @@ Dominick Grift (889):
|
|||
Zabbix sends signals from Fedora
|
||||
Blueman sets scheduler and sends signals from Fedora
|
||||
pcscd_read_pub_files is deprecated, use pcscd_read_pid_files instead
|
||||
Module version bumps for fixes in portage and virt modules by Sven
|
||||
Module version bumps for fixes in portage and virt modules by Sven
|
||||
Vermeulen
|
||||
Policy module version bumps for various changes by Sven Vermeulen
|
||||
Changes to the openvpn policy module
|
||||
|
|
@ -2020,11 +2020,11 @@ Dominick Grift (889):
|
|||
Changes to the amavis policy module
|
||||
Changes to the ppp policy module
|
||||
Initial jockey policy module
|
||||
Module version bumps for "several named transition for directories
|
||||
created in /var/run by initscripts" in various modules by Laurent
|
||||
Module version bumps for "several named transition for directories
|
||||
created in /var/run by initscripts" in various modules by Laurent
|
||||
Bigonville
|
||||
Module version bumps for fixes in various modules by Laurent Bigonville
|
||||
Module version bump for changes to the consolekit policy module by
|
||||
Module version bump for changes to the consolekit policy module by
|
||||
Laurent Bigonville
|
||||
Changes to the stunnel policy module
|
||||
Module version bumps for fixes in various modules by Sven Vermeulen
|
||||
|
|
@ -2063,7 +2063,7 @@ Dominick Grift (889):
|
|||
Changes to the wdmd policy module and relevant dependencies
|
||||
Changes to the nscd policy module and relevant dependencies
|
||||
Changes to the dbus policy module
|
||||
Module version bumps for fixes in various policy modules by Laurent
|
||||
Module version bumps for fixes in various policy modules by Laurent
|
||||
Bigonville
|
||||
Changes to the cups policy module
|
||||
Changes to the dbus policy module
|
||||
|
|
@ -2071,25 +2071,25 @@ Dominick Grift (889):
|
|||
Remove redundant net_bind_service capabilities in various modules
|
||||
Changes to the virt policy module
|
||||
Changes to the puppet policy module
|
||||
Module version bumps for fixes in various policy module by Sven
|
||||
Module version bumps for fixes in various policy module by Sven
|
||||
Vermeulen
|
||||
Module version bumps for file context fixes in various policy modules by
|
||||
Module version bumps for file context fixes in various policy modules by
|
||||
Laurent Bigonville
|
||||
Make httpd_manage_all_user_content() do what it advertises
|
||||
Add more networking rules to mplayer policy module for compatibility
|
||||
Fix fcronsighup file context. Should be crontab_exec_t as per previous
|
||||
Fix fcronsighup file context. Should be crontab_exec_t as per previous
|
||||
spec
|
||||
Module version bumps for changes in various modules by Sven Vermeulen
|
||||
Move asterisk_exec() and modify XML header
|
||||
Consolekit creates /var/run/console directories with a type transition
|
||||
Consolekit creates /var/run/console directories with a type transition
|
||||
unconditionally
|
||||
Module version bump in consolekit policy module for changes by Sven
|
||||
Module version bump in consolekit policy module for changes by Sven
|
||||
Vermeulen
|
||||
The imaplogin executable file should be courier_pop_exec_t according to
|
||||
The imaplogin executable file should be courier_pop_exec_t according to
|
||||
existing file context specification
|
||||
Module version bump for changes to the fail2ban policy module by Sven
|
||||
Module version bump for changes to the fail2ban policy module by Sven
|
||||
Vermeulen
|
||||
Modules version bumps for changes in various policy modules by Sven
|
||||
Modules version bumps for changes in various policy modules by Sven
|
||||
Vermeulen
|
||||
|
||||
Laurent Bigonville (28):
|
||||
|
|
@ -2212,4 +2212,3 @@ Sven Vermeulen (75):
|
|||
Add setuid/setgid capability to ulogd_t
|
||||
Support tmux control socket
|
||||
Postfix creates defer(red) queue locations
|
||||
|
||||
|
|
|
|||
|
|
@ -181,7 +181,7 @@
|
|||
vhostmd (Dan Walsh)
|
||||
|
||||
* Tue Nov 17 2009 Chris PeBenito <selinux@tresys.com> - 2.20091117
|
||||
- Add separate x_pointer and x_keyboard classes inheriting from x_device.
|
||||
- Add separate x_pointer and x_keyboard classes inheriting from x_device.
|
||||
From Eamon Walsh.
|
||||
- Deprecated the userdom_xwindows_client_template().
|
||||
- Misc Gentoo fixes from Corentin Labbe.
|
||||
|
|
@ -713,7 +713,7 @@
|
|||
xserver
|
||||
|
||||
* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
|
||||
- Adds support for generating corenetwork interfaces based on attributes
|
||||
- Adds support for generating corenetwork interfaces based on attributes
|
||||
in addition to types.
|
||||
- Permits the listing of multiple nodes in a network_node() that will be
|
||||
given the same type.
|
||||
|
|
@ -777,7 +777,7 @@
|
|||
- Add appconfig dependency to the load target.
|
||||
- Miscellaneous fixes from Dan Walsh.
|
||||
- Fix corenetwork gen_context()'s to expand during the policy
|
||||
build phase instead of during the generation phase.
|
||||
build phase instead of during the generation phase.
|
||||
- Added policies:
|
||||
amanda
|
||||
avahi
|
||||
|
|
|
|||
|
|
@ -8,4 +8,3 @@ staff_r:staff_su_t:s0 staff_r:staff_t:s0
|
|||
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
|
||||
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
|
||||
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,3 @@ system_r:crond_t:s0 user_r:user_t:s0 user_r:cronjob_t:s0
|
|||
system_r:xdm_t:s0 user_r:user_t:s0
|
||||
user_r:user_su_t:s0 user_r:user_t:s0
|
||||
user_r:user_sudo_t:s0 user_r:user_t:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -8,4 +8,3 @@ staff_r:staff_su_t:s0 staff_r:staff_t:s0
|
|||
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
|
||||
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
|
||||
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,3 @@ system_r:crond_t:s0 user_r:user_t:s0 user_r:cronjob_t:s0
|
|||
system_r:xdm_t:s0 user_r:user_t:s0
|
||||
user_r:user_su_t:s0 user_r:user_t:s0
|
||||
user_r:user_sudo_t:s0 user_r:user_t:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -4,4 +4,3 @@ system_r:initrc_su_t guest_r:guest_t
|
|||
system_r:local_login_t guest_r:guest_t
|
||||
system_r:remote_login_t guest_r:guest_t
|
||||
system_r:sshd_t guest_r:guest_t
|
||||
|
||||
|
|
|
|||
|
|
@ -8,4 +8,3 @@ staff_r:staff_su_t staff_r:staff_t
|
|||
staff_r:staff_sudo_t staff_r:staff_t
|
||||
sysadm_r:sysadm_su_t sysadm_r:sysadm_t
|
||||
sysadm_r:sysadm_sudo_t sysadm_r:sysadm_t
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,3 @@ system_r:crond_t user_r:user_t user_r:cronjob_t
|
|||
system_r:xdm_t user_r:user_t
|
||||
user_r:user_su_t user_r:user_t
|
||||
user_r:user_sudo_t user_r:user_t
|
||||
|
||||
|
|
|
|||
|
|
@ -116,5 +116,3 @@ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|||
|
||||
.SH "SEE ALSO"
|
||||
selinux(8), httpd(8), chcon(1), setsebool(8)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -26,5 +26,3 @@ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|||
|
||||
.SH "SEE ALSO"
|
||||
selinux(8), named(8), chcon(1), setsebool(8)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -53,5 +53,3 @@ service vsftpd restart
|
|||
|
||||
.SH "СМОТРИ ТАКЖЕ"
|
||||
selinux(8), ftpd(8), chcon(1), setsebool(8)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -133,5 +133,3 @@ setsebool -P httpd_can_network_connect 1
|
|||
|
||||
.SH "СМОТРИ ТАКЖЕ"
|
||||
selinux(8), httpd(8), chcon(1), setsebool(8)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -27,5 +27,3 @@ setsebool -P named_write_master_zones 1
|
|||
|
||||
.SH "СМОТРИ ТАКЖЕ"
|
||||
selinux(8), named(8), chcon(1), setsebool(8)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ constrain process { transition dyntransition noatsecure siginh rlimitinh }
|
|||
(
|
||||
u1 == u2
|
||||
or ( t1 == can_change_process_identity and t2 == process_user_target )
|
||||
or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
|
||||
or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
|
||||
or ( t1 == can_system_change and u2 == system_u )
|
||||
or ( t1 == process_uncond_exempt )
|
||||
);
|
||||
|
|
@ -100,7 +100,7 @@ constrain process { transition dyntransition noatsecure siginh rlimitinh }
|
|||
(
|
||||
r1 == r2
|
||||
or ( t1 == can_change_process_role and t2 == process_user_target )
|
||||
or ( t1 == cron_source_domain and t2 == cron_job_domain )
|
||||
or ( t1 == cron_source_domain and t2 == cron_job_domain )
|
||||
or ( t1 == can_system_change and r2 == system_r )
|
||||
or ( t1 == process_uncond_exempt )
|
||||
);
|
||||
|
|
|
|||
|
|
@ -289,4 +289,3 @@ optional_policy(`
|
|||
|
||||
logging_read_all_logs(logrotate_mail_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -105,4 +105,3 @@ optional_policy(`
|
|||
rpm_exec(sectoolm_t)
|
||||
rpm_dontaudit_manage_db(sectoolm_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
policy_module(sigrok, 1.0.1)
|
||||
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
|
|
|
|||
|
|
@ -62,4 +62,3 @@ miscfiles_read_localization(syncthing_t)
|
|||
userdom_user_content_access_template(syncthing, syncthing_t)
|
||||
|
||||
userdom_use_user_terminals(syncthing_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1482,7 +1482,7 @@ interface(`domain_mmap_low_uncond',`
|
|||
interface(`domain_all_recvfrom_all_domains',`
|
||||
gen_require(`
|
||||
attribute domain;
|
||||
')
|
||||
')
|
||||
|
||||
corenet_all_recvfrom_labeled($1, domain)
|
||||
')
|
||||
|
|
@ -1493,7 +1493,7 @@ interface(`domain_all_recvfrom_all_domains',`
|
|||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## When setting up IMA/EVM key(s) are added to the
|
||||
## When setting up IMA/EVM key(s) are added to the
|
||||
## kernel keyring but the type of the key is the domain
|
||||
## adding the key. This interface will allow all domains
|
||||
## search the key so IMA/EVM validation can happen.
|
||||
|
|
|
|||
|
|
@ -6808,7 +6808,7 @@ interface(`files_manage_all_pid_dirs',`
|
|||
#
|
||||
interface(`files_read_all_pids',`
|
||||
refpolicywarn(`$0($*) has been deprecated, please use files_read_all_runtime_files() instead.')
|
||||
files_read_all_runtime_files($1)
|
||||
files_read_all_runtime_files($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
|
|||
|
|
@ -3698,4 +3698,3 @@ interface(`kernel_ib_manage_subnet_unlabeled_endports',`
|
|||
|
||||
allow $1 unlabeled_t:infiniband_endport manage_subnet;
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -16,4 +16,3 @@ attribute ubacxwin;
|
|||
attribute ubacdbus;
|
||||
attribute ubackey;
|
||||
attribute ubacdb;
|
||||
|
||||
|
|
|
|||
|
|
@ -48,4 +48,3 @@ interface(`secadm_role_change_to_template',`
|
|||
|
||||
allow secadm_r $1;
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -1363,4 +1363,3 @@ ifndef(`distro_redhat',`
|
|||
java_role(sysadm_r, sysadm_t)
|
||||
')
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -249,7 +249,6 @@ interface(`abrt_read_pid_files',`
|
|||
interface(`abrt_manage_pid_files',`
|
||||
refpolicywarn(`$0($*) has been deprecated, please use abrt_manage_runtime_files() instead.')
|
||||
abrt_manage_runtime_files($1)
|
||||
|
||||
')
|
||||
|
||||
######################################
|
||||
|
|
|
|||
|
|
@ -144,4 +144,3 @@ userdom_use_user_terminals(chronyc_t)
|
|||
|
||||
chronyd_dgram_send(chronyc_t)
|
||||
chronyd_read_config(chronyc_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ interface(`dnsmasq_delete_pid_files',`
|
|||
#
|
||||
interface(`dnsmasq_manage_pid_files',`
|
||||
refpolicywarn(`$0($*) has been deprecated, please use dnsmasq_manage_runtime_files() instead.')
|
||||
dnsmasq_manage_runtime_files($1)
|
||||
dnsmasq_manage_runtime_files($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
|
|||
|
|
@ -35,4 +35,3 @@ interface(`mon_dontaudit_search_var_lib',`
|
|||
|
||||
dontaudit $1 mon_var_lib_t:dir search;
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -58,10 +58,10 @@ userdom_search_user_home_dirs(oidentd_t)
|
|||
|
||||
tunable_policy(`use_samba_home_dirs',`
|
||||
fs_list_cifs(oidentd_t)
|
||||
fs_read_cifs_files(oidentd_t)
|
||||
fs_read_cifs_files(oidentd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_list_nfs(oidentd_t)
|
||||
fs_read_nfs_files(oidentd_t)
|
||||
fs_read_nfs_files(oidentd_t)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -304,4 +304,3 @@ optional_policy(`
|
|||
optional_policy(`
|
||||
hal_read_state(policykit_resolve_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -98,4 +98,3 @@ optional_policy(`
|
|||
optional_policy(`
|
||||
udev_read_db(stunnel_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -130,7 +130,7 @@ interface(`tpm2_dbus_chat_abrmd',`
|
|||
## <desc>
|
||||
## <p>
|
||||
## Allow the tpm to open and read pipes from other
|
||||
## domain. This is seen when piping input to one
|
||||
## domain. This is seen when piping input to one
|
||||
## of the tpm2_* processes. For example:
|
||||
## sha512sum my_file | tpm2_hmac -k 0x81001000 -g sha256 /dev/stdin
|
||||
## </p>
|
||||
|
|
@ -224,4 +224,3 @@ interface(`tpm2_rw_abrmd_pipes',`
|
|||
allow $1 tpm2_abrmd_t:fd use;
|
||||
allow $1 tpm2_abrmd_t:fifo_file rw_fifo_file_perms;
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -1301,7 +1301,7 @@ interface(`xserver_read_xdm_tmp_files',`
|
|||
type xdm_tmp_t;
|
||||
')
|
||||
|
||||
files_search_tmp($1)
|
||||
files_search_tmp($1)
|
||||
read_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
|
||||
')
|
||||
|
||||
|
|
@ -1413,7 +1413,7 @@ interface(`xserver_domtrans',`
|
|||
type xserver_t, xserver_exec_t;
|
||||
')
|
||||
|
||||
allow $1 xserver_t:process siginh;
|
||||
allow $1 xserver_t:process siginh;
|
||||
domtrans_pattern($1, xserver_exec_t, xserver_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -968,4 +968,3 @@ interface(`miscfiles_manage_localization',`
|
|||
manage_files_pattern($1, locale_t, locale_t)
|
||||
manage_lnk_files_pattern($1, locale_t, locale_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -194,4 +194,3 @@ optional_policy(`
|
|||
|
||||
xserver_getattr_log(kmod_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -257,4 +257,3 @@ interface(`mount_rw_runtime_files',`
|
|||
|
||||
rw_files_pattern($1, mount_runtime_t, mount_runtime_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -92,4 +92,3 @@ ifdef(`distro_debian',`
|
|||
/run/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
|
||||
/run/resolvconf/.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -79,4 +79,3 @@
|
|||
/run/tmpfiles\.d/.* <<none>>
|
||||
|
||||
/var/log/journal(/.*)? gen_context(system_u:object_r:systemd_journal_t,s0)
|
||||
|
||||
|
|
|
|||
|
|
@ -422,4 +422,3 @@ kernel_read_kernel_sysctls(udevadm_t)
|
|||
kernel_read_system_state(udevadm_t)
|
||||
|
||||
seutil_read_file_contexts(udevadm_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -3215,7 +3215,7 @@ interface(`userdom_relabel_user_tmpfs_files',`
|
|||
|
||||
########################################
|
||||
## <summary>
|
||||
## Make the specified type usable in
|
||||
## Make the specified type usable in
|
||||
## the directory /run/user/%{USERID}/.
|
||||
## </summary>
|
||||
## <param name="type">
|
||||
|
|
|
|||
Loading…
Reference in New Issue