more pieces of ftp

This commit is contained in:
Chris PeBenito 2005-09-29 13:32:28 +00:00
parent ff85670a68
commit a5ec7cb6c4
2 changed files with 16 additions and 18 deletions

View File

@ -42,6 +42,12 @@ gen_tunable(cron_can_relabel,false)
## to support fcron. ## to support fcron.
gen_tunable(fcron_crond,false) gen_tunable(fcron_crond,false)
## Allow ftp to read and write files in the user home directories
gen_tunable(ftp_home_dir,false)
## Allow ftpd to run directly without inetd
gen_tunable(ftpd_is_daemon,false)
## Allow BIND to write the master zone files. ## Allow BIND to write the master zone files.
## Generally this is used for dynamic DNS. ## Generally this is used for dynamic DNS.
gen_tunable(named_write_master_zones,false) gen_tunable(named_write_master_zones,false)

View File

@ -293,11 +293,10 @@ interface(`storage_raw_write_lvm_volume',`
interface(`storage_getattr_scsi_generic',` interface(`storage_getattr_scsi_generic',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
class blk_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 scsi_generic_device_t:blk_file getattr; allow $1 scsi_generic_device_t:chr_file getattr;
') ')
######################################## ########################################
@ -312,11 +311,10 @@ interface(`storage_getattr_scsi_generic',`
interface(`storage_setattr_scsi_generic',` interface(`storage_setattr_scsi_generic',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
class blk_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 scsi_generic_device_t:blk_file setattr; allow $1 scsi_generic_device_t:chr_file setattr;
') ')
######################################## ########################################
@ -358,11 +356,10 @@ interface(`storage_write_scsi_generic',`
gen_require(` gen_require(`
attribute scsi_generic_write; attribute scsi_generic_write;
type scsi_generic_device_t; type scsi_generic_device_t;
class blk_file { getattr write ioctl };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 scsi_generic_device_t:blk_file { getattr write ioctl }; allow $1 scsi_generic_device_t:chr_file { getattr write ioctl };
typeattribute $1 scsi_generic_write; typeattribute $1 scsi_generic_write;
') ')
@ -378,11 +375,10 @@ interface(`storage_write_scsi_generic',`
interface(`storage_getattr_scsi_generic',` interface(`storage_getattr_scsi_generic',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
class blk_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 scsi_generic_device_t:blk_file getattr; allow $1 scsi_generic_device_t:chr_file getattr;
') ')
######################################## ########################################
@ -397,11 +393,10 @@ interface(`storage_getattr_scsi_generic',`
interface(`storage_set_scsi_generic_attributes',` interface(`storage_set_scsi_generic_attributes',`
gen_require(` gen_require(`
type scsi_generic_device_t; type scsi_generic_device_t;
class blk_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 scsi_generic_device_t:blk_file setattr; allow $1 scsi_generic_device_t:chr_file setattr;
') ')
######################################## ########################################
@ -571,11 +566,10 @@ interface(`storage_read_tape_device',`
interface(`storage_write_tape_device',` interface(`storage_write_tape_device',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
class blk_file { getattr write ioctl };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 tape_device_t:blk_file { getattr write ioctl }; allow $1 tape_device_t:chr_file { getattr write ioctl };
') ')
######################################## ########################################
@ -590,11 +584,10 @@ interface(`storage_write_tape_device',`
interface(`storage_getattr_tape_device',` interface(`storage_getattr_tape_device',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
class blk_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 tape_device_t:blk_file getattr; allow $1 tape_device_t:chr_file getattr;
') ')
######################################## ########################################
@ -609,11 +602,10 @@ interface(`storage_getattr_tape_device',`
interface(`storage_setattr_tape_device',` interface(`storage_setattr_tape_device',`
gen_require(` gen_require(`
type tape_device_t; type tape_device_t;
class blk_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
allow $1 tape_device_t:blk_file setattr; allow $1 tape_device_t:chr_file setattr;
') ')
######################################## ########################################
@ -632,8 +624,8 @@ interface(`storage_unconfined',`
attribute scsi_generic_read, scsi_generic_write; attribute scsi_generic_read, scsi_generic_write;
') ')
allow $1 { fixed_disk_device_t removable_device_t }:blk_file *; allow $1 { fixed_disk_device_t removable_device_t lvm_vg_t }:blk_file *;
allow $1 { lvm_vg_t scsi_generic_device_t tape_device_t }:blk_file *; allow $1 { scsi_generic_device_t tape_device_t }:chr_file *;
typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write; typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
typeattribute $1 scsi_generic_read, scsi_generic_write; typeattribute $1 scsi_generic_read, scsi_generic_write;