Merge branch 'monit_depend' of git://github.com/cgzones/refpolicy
This commit is contained in:
commit
aa0665cfac
@ -216,6 +216,25 @@ interface(`corecmd_dontaudit_getattr_bin_files',`
|
||||
dontaudit $1 bin_t:file getattr_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Check if files in bin directories are executable (DAC-wise)
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corecmd_check_exec_bin_files',`
|
||||
gen_require(`
|
||||
type bin_t;
|
||||
')
|
||||
|
||||
allow $1 bin_t:dir search_dir_perms;
|
||||
allow $1 bin_t:file { execute getattr };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read files in bin directories.
|
||||
|
@ -1798,6 +1798,24 @@ interface(`fs_relabelfrom_dos_fs',`
|
||||
allow $1 dosfs_t:filesystem relabelfrom;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Get attributes of directories on a dosfs filesystem.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fs_getattr_dos_dirs',`
|
||||
gen_require(`
|
||||
type dosfs_t;
|
||||
')
|
||||
|
||||
allow $1 dosfs_t:dir getattr;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search dosfs filesystem.
|
||||
|
@ -2776,11 +2776,11 @@ interface(`init_reload_generic_units',`
|
||||
#
|
||||
interface(`init_get_all_units_status',`
|
||||
gen_require(`
|
||||
attribute systemdunit;
|
||||
attribute init_script_file_type, systemdunit;
|
||||
class service status;
|
||||
')
|
||||
|
||||
allow $1 systemdunit:service status;
|
||||
allow $1 { init_script_file_type systemdunit }:service status;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -2795,11 +2795,11 @@ interface(`init_get_all_units_status',`
|
||||
#
|
||||
interface(`init_start_all_units',`
|
||||
gen_require(`
|
||||
attribute systemdunit;
|
||||
attribute init_script_file_type, systemdunit;
|
||||
class service start;
|
||||
')
|
||||
|
||||
allow $1 systemdunit:service start;
|
||||
allow $1 { init_script_file_type systemdunit }:service start;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -2814,11 +2814,11 @@ interface(`init_start_all_units',`
|
||||
#
|
||||
interface(`init_stop_all_units',`
|
||||
gen_require(`
|
||||
attribute systemdunit;
|
||||
attribute init_script_file_type, systemdunit;
|
||||
class service stop;
|
||||
')
|
||||
|
||||
allow $1 systemdunit:service stop;
|
||||
allow $1 { init_script_file_type systemdunit }:service stop;
|
||||
')
|
||||
|
||||
#######################################
|
||||
@ -2833,9 +2833,9 @@ interface(`init_stop_all_units',`
|
||||
#
|
||||
interface(`init_reload_all_units',`
|
||||
gen_require(`
|
||||
attribute systemdunit;
|
||||
attribute init_script_file_type, systemdunit;
|
||||
class service reload;
|
||||
')
|
||||
|
||||
allow $1 systemdunit:service reload;
|
||||
allow $1 { init_script_file_type systemdunit }:service reload;
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user