add anaconda
This commit is contained in:
Chris PeBenito
parent
b9ae3aab39
commit
9edc289521
@ -1,5 +1,6 @@
|
||||
- Fix errors uncovered by sediff.
|
||||
- Added policies:
|
||||
anaconda
|
||||
kudzu
|
||||
radvd
|
||||
|
||||
|
||||
5
refpolicy/policy/modules/admin/anaconda.fc
Normal file
5
refpolicy/policy/modules/admin/anaconda.fc
Normal file
@ -0,0 +1,5 @@
|
||||
#
|
||||
# Currently anaconda does not have any file context since it is
|
||||
# started during install. This is a placeholder to satisfy
|
||||
# the policy Makefile dependencies.
|
||||
#
|
||||
1
refpolicy/policy/modules/admin/anaconda.if
Normal file
1
refpolicy/policy/modules/admin/anaconda.if
Normal file
@ -0,0 +1 @@
|
||||
## <summary>Policy for the Anaconda installer.</summary>
|
||||
59
refpolicy/policy/modules/admin/anaconda.te
Normal file
59
refpolicy/policy/modules/admin/anaconda.te
Normal file
@ -0,0 +1,59 @@
|
||||
|
||||
policy_module(anaconda,1.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type anaconda_t;
|
||||
domain_type(anaconda_t)
|
||||
domain_obj_id_change_exempt(anaconda_t)
|
||||
role system_r types anaconda_t;
|
||||
|
||||
########################################
|
||||
#
|
||||
# Local policy
|
||||
#
|
||||
|
||||
# Run other rc scripts in the anaconda_t domain.
|
||||
init_domtrans_script(anaconda_t)
|
||||
|
||||
libs_domtrans_ldconfig(anaconda_t)
|
||||
|
||||
logging_send_syslog_msg(anaconda_t)
|
||||
|
||||
modutils_domtrans_insmod(anaconda_t)
|
||||
|
||||
unconfined_domain_template(anaconda_t)
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
bootloader_create_runtime_file(anaconda_t)
|
||||
')
|
||||
|
||||
optional_policy(`dmesg.te',`
|
||||
dmesg_domtrans(anaconda_t)
|
||||
')
|
||||
|
||||
optional_policy(`rpm.te',`
|
||||
rpm_domtrans(anaconda_t)
|
||||
')
|
||||
|
||||
optional_policy(`udev.te',`
|
||||
udev_domtrans(anaconda_t)
|
||||
')
|
||||
|
||||
optional_policy(`usermanage.te',`
|
||||
usermanage_domtrans_admin_passwd(anaconda_t)
|
||||
')
|
||||
|
||||
ifdef(`TODO',`
|
||||
optional_policy(`su.te',`
|
||||
role system_r types sysadm_su_t;
|
||||
domain_auto_trans(anaconda_t, su_exec_t, sysadm_su_t)
|
||||
')
|
||||
optional_policy(`ssh.te',`
|
||||
role system_r types sysadm_ssh_agent_t;
|
||||
domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
|
||||
')
|
||||
')
|
||||
@ -156,6 +156,30 @@ interface(`usermanage_run_passwd',`
|
||||
allow passwd_t $3:chr_file rw_term_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute password admin functions in
|
||||
## the admin passwd domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## Domain allowed access.
|
||||
## </param>
|
||||
#
|
||||
interface(`usermanage_domtrans_admin_passwd',`
|
||||
gen_require(`
|
||||
type sysadm_passwd_t, admin_passwd_exec_t;
|
||||
')
|
||||
|
||||
files_search_usr($1)
|
||||
corecmd_search_bin($1)
|
||||
domain_auto_trans($1,admin_passwd_exec_t,sysadm_passwd_t)
|
||||
|
||||
allow $1 sysadm_passwd_t:fd use;
|
||||
allow sysadm_passwd_t $1:fd use;
|
||||
allow sysadm_passwd_t $1:fifo_file rw_file_perms;
|
||||
allow sysadm_passwd_t $1:process sigchld;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute useradd in the useradd domain.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user