rpm: various changes both from fedora and myself. rpm: ntp post install scrript want to restart ntpd.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This commit is contained in:
parent
b7c851c66b
commit
b9df0a9727
|
@ -43,6 +43,7 @@ type rpm_script_exec_t;
|
||||||
domain_obj_id_change_exemption(rpm_script_t)
|
domain_obj_id_change_exemption(rpm_script_t)
|
||||||
domain_system_change_exemption(rpm_script_t)
|
domain_system_change_exemption(rpm_script_t)
|
||||||
corecmd_shell_entry_type(rpm_script_t)
|
corecmd_shell_entry_type(rpm_script_t)
|
||||||
|
corecmd_bin_entry_type(rpm_script_t)
|
||||||
domain_type(rpm_script_t)
|
domain_type(rpm_script_t)
|
||||||
domain_entry_file(rpm_t, rpm_script_exec_t)
|
domain_entry_file(rpm_t, rpm_script_exec_t)
|
||||||
domain_interactive_fd(rpm_script_t)
|
domain_interactive_fd(rpm_script_t)
|
||||||
|
@ -59,8 +60,7 @@ files_tmpfs_file(rpm_script_tmpfs_t)
|
||||||
# rpm Local policy
|
# rpm Local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
|
allow rpm_t self:capability { chown dac_override fowner setfcap fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
|
||||||
|
|
||||||
allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execstack execheap };
|
allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execstack execheap };
|
||||||
allow rpm_t self:process { getattr setexec setfscreate setrlimit };
|
allow rpm_t self:process { getattr setexec setfscreate setrlimit };
|
||||||
allow rpm_t self:fd use;
|
allow rpm_t self:fd use;
|
||||||
|
@ -83,6 +83,7 @@ logging_log_filetrans(rpm_t, rpm_log_t, file)
|
||||||
manage_dirs_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
|
manage_dirs_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
|
||||||
manage_files_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
|
manage_files_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
|
||||||
files_tmp_filetrans(rpm_t, rpm_tmp_t, { file dir })
|
files_tmp_filetrans(rpm_t, rpm_tmp_t, { file dir })
|
||||||
|
can_exec(rpm_t, rpm_tmp_t)
|
||||||
|
|
||||||
manage_dirs_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
manage_dirs_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
||||||
manage_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
manage_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
||||||
|
@ -90,6 +91,7 @@ manage_lnk_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
||||||
manage_fifo_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
manage_fifo_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
||||||
manage_sock_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
manage_sock_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
|
||||||
fs_tmpfs_filetrans(rpm_t, rpm_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
fs_tmpfs_filetrans(rpm_t, rpm_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
||||||
|
can_exec(rpm_t, rpm_tmpfs_t)
|
||||||
|
|
||||||
manage_dirs_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
|
manage_dirs_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
|
||||||
manage_files_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
|
manage_files_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
|
||||||
|
@ -102,6 +104,7 @@ files_var_lib_filetrans(rpm_t, rpm_var_lib_t, dir)
|
||||||
manage_files_pattern(rpm_t, rpm_var_run_t, rpm_var_run_t)
|
manage_files_pattern(rpm_t, rpm_var_run_t, rpm_var_run_t)
|
||||||
files_pid_filetrans(rpm_t, rpm_var_run_t, file)
|
files_pid_filetrans(rpm_t, rpm_var_run_t, file)
|
||||||
|
|
||||||
|
kernel_read_crypto_sysctls(rpm_t)
|
||||||
kernel_read_network_state(rpm_t)
|
kernel_read_network_state(rpm_t)
|
||||||
kernel_read_system_state(rpm_t)
|
kernel_read_system_state(rpm_t)
|
||||||
kernel_read_kernel_sysctls(rpm_t)
|
kernel_read_kernel_sysctls(rpm_t)
|
||||||
|
@ -241,7 +244,10 @@ allow rpm_script_t rpm_tmp_t:file read_file_perms;
|
||||||
allow rpm_script_t rpm_script_tmp_t:dir mounton;
|
allow rpm_script_t rpm_script_tmp_t:dir mounton;
|
||||||
manage_dirs_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
|
manage_dirs_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
|
||||||
manage_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
|
manage_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
|
||||||
|
manage_blk_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
|
||||||
|
manage_chr_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
|
||||||
files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
|
files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
|
||||||
|
can_exec(rpm_script_t, rpm_script_tmp_t)
|
||||||
|
|
||||||
manage_dirs_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
manage_dirs_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
||||||
manage_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
manage_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
||||||
|
@ -249,7 +255,9 @@ manage_lnk_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
||||||
manage_fifo_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
manage_fifo_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
||||||
manage_sock_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
manage_sock_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
|
||||||
fs_tmpfs_filetrans(rpm_script_t, rpm_script_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
fs_tmpfs_filetrans(rpm_script_t, rpm_script_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
||||||
|
can_exec(rpm_script_t, rpm_script_tmpfs_t)
|
||||||
|
|
||||||
|
kernel_read_crypto_sysctls(rpm_script_t)
|
||||||
kernel_read_kernel_sysctls(rpm_script_t)
|
kernel_read_kernel_sysctls(rpm_script_t)
|
||||||
kernel_read_system_state(rpm_script_t)
|
kernel_read_system_state(rpm_script_t)
|
||||||
kernel_read_network_state(rpm_script_t)
|
kernel_read_network_state(rpm_script_t)
|
||||||
|
@ -355,6 +363,10 @@ optional_policy(`
|
||||||
lvm_domtrans(rpm_script_t)
|
lvm_domtrans(rpm_script_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
ntp_domtrans(rpm_script_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
tzdata_domtrans(rpm_t)
|
tzdata_domtrans(rpm_t)
|
||||||
tzdata_domtrans(rpm_script_t)
|
tzdata_domtrans(rpm_script_t)
|
||||||
|
|
Loading…
Reference in New Issue