more pieces of ftp
This commit is contained in:
parent
ff85670a68
commit
a5ec7cb6c4
|
@ -42,6 +42,12 @@ gen_tunable(cron_can_relabel,false)
|
|||
## to support fcron.
|
||||
gen_tunable(fcron_crond,false)
|
||||
|
||||
## Allow ftp to read and write files in the user home directories
|
||||
gen_tunable(ftp_home_dir,false)
|
||||
|
||||
## Allow ftpd to run directly without inetd
|
||||
gen_tunable(ftpd_is_daemon,false)
|
||||
|
||||
## Allow BIND to write the master zone files.
|
||||
## Generally this is used for dynamic DNS.
|
||||
gen_tunable(named_write_master_zones,false)
|
||||
|
|
|
@ -293,11 +293,10 @@ interface(`storage_raw_write_lvm_volume',`
|
|||
interface(`storage_getattr_scsi_generic',`
|
||||
gen_require(`
|
||||
type scsi_generic_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 scsi_generic_device_t:blk_file getattr;
|
||||
allow $1 scsi_generic_device_t:chr_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -312,11 +311,10 @@ interface(`storage_getattr_scsi_generic',`
|
|||
interface(`storage_setattr_scsi_generic',`
|
||||
gen_require(`
|
||||
type scsi_generic_device_t;
|
||||
class blk_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 scsi_generic_device_t:blk_file setattr;
|
||||
allow $1 scsi_generic_device_t:chr_file setattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -358,11 +356,10 @@ interface(`storage_write_scsi_generic',`
|
|||
gen_require(`
|
||||
attribute scsi_generic_write;
|
||||
type scsi_generic_device_t;
|
||||
class blk_file { getattr write ioctl };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 scsi_generic_device_t:blk_file { getattr write ioctl };
|
||||
allow $1 scsi_generic_device_t:chr_file { getattr write ioctl };
|
||||
typeattribute $1 scsi_generic_write;
|
||||
')
|
||||
|
||||
|
@ -378,11 +375,10 @@ interface(`storage_write_scsi_generic',`
|
|||
interface(`storage_getattr_scsi_generic',`
|
||||
gen_require(`
|
||||
type scsi_generic_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 scsi_generic_device_t:blk_file getattr;
|
||||
allow $1 scsi_generic_device_t:chr_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -397,11 +393,10 @@ interface(`storage_getattr_scsi_generic',`
|
|||
interface(`storage_set_scsi_generic_attributes',`
|
||||
gen_require(`
|
||||
type scsi_generic_device_t;
|
||||
class blk_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 scsi_generic_device_t:blk_file setattr;
|
||||
allow $1 scsi_generic_device_t:chr_file setattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -571,11 +566,10 @@ interface(`storage_read_tape_device',`
|
|||
interface(`storage_write_tape_device',`
|
||||
gen_require(`
|
||||
type tape_device_t;
|
||||
class blk_file { getattr write ioctl };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 tape_device_t:blk_file { getattr write ioctl };
|
||||
allow $1 tape_device_t:chr_file { getattr write ioctl };
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -590,11 +584,10 @@ interface(`storage_write_tape_device',`
|
|||
interface(`storage_getattr_tape_device',`
|
||||
gen_require(`
|
||||
type tape_device_t;
|
||||
class blk_file getattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 tape_device_t:blk_file getattr;
|
||||
allow $1 tape_device_t:chr_file getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -609,11 +602,10 @@ interface(`storage_getattr_tape_device',`
|
|||
interface(`storage_setattr_tape_device',`
|
||||
gen_require(`
|
||||
type tape_device_t;
|
||||
class blk_file setattr;
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
allow $1 tape_device_t:blk_file setattr;
|
||||
allow $1 tape_device_t:chr_file setattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -632,8 +624,8 @@ interface(`storage_unconfined',`
|
|||
attribute scsi_generic_read, scsi_generic_write;
|
||||
')
|
||||
|
||||
allow $1 { fixed_disk_device_t removable_device_t }:blk_file *;
|
||||
allow $1 { lvm_vg_t scsi_generic_device_t tape_device_t }:blk_file *;
|
||||
allow $1 { fixed_disk_device_t removable_device_t lvm_vg_t }:blk_file *;
|
||||
allow $1 { scsi_generic_device_t tape_device_t }:chr_file *;
|
||||
|
||||
typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
|
||||
typeattribute $1 scsi_generic_read, scsi_generic_write;
|
||||
|
|
Loading…
Reference in New Issue