Various permission set fixes.

Fix various interfaces to use permission sets for compatiblity with open permission.

Also use other permission sets where possible just because applicable permissions sets are available and the use of permission sets is encourage generally for compatibility.

The use of exec_file_perms permission set may be not be a good idea though since it may be a bit too coarse.

Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
This commit is contained in:
Dominick Grift 2010-03-03 17:54:34 +01:00 committed by Chris PeBenito
parent b58db31da6
commit bf530f532c

View File

@ -1313,7 +1313,7 @@ interface(`userdom_setattr_user_ptys',`
type user_devpts_t;
')
allow $1 user_devpts_t:chr_file setattr;
allow $1 user_devpts_t:chr_file setattr_chr_file_perms;
')
########################################
@ -1655,7 +1655,7 @@ interface(`userdom_dontaudit_setattr_user_home_content_files',`
type user_home_t;
')
dontaudit $1 user_home_t:file setattr;
dontaudit $1 user_home_t:file setattr_file_perms;
')
########################################
@ -1730,7 +1730,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',`
type user_home_t;
')
dontaudit $1 user_home_t:file append;
dontaudit $1 user_home_t:file append_file_perms;
')
########################################
@ -1748,7 +1748,7 @@ interface(`userdom_dontaudit_write_user_home_content_files',`
type user_home_t;
')
dontaudit $1 user_home_t:file write;
dontaudit $1 user_home_t:file write_file_perms;
')
########################################
@ -1849,7 +1849,7 @@ interface(`userdom_dontaudit_exec_user_home_content_files',`
type user_home_t;
')
dontaudit $1 user_home_t:file execute;
dontaudit $1 user_home_t:file exec_file_perms;
')
########################################
@ -2193,7 +2193,7 @@ interface(`userdom_dontaudit_append_user_tmp_files',`
type user_tmp_t;
')
dontaudit $1 user_tmp_t:file append;
dontaudit $1 user_tmp_t:file append_file_perms;
')
########################################
@ -2467,7 +2467,7 @@ interface(`userdom_getattr_user_ttys',`
type user_tty_device_t;
')
allow $1 user_tty_device_t:chr_file getattr;
allow $1 user_tty_device_t:chr_file getattr_chr_file_perms;
')
########################################
@ -2485,7 +2485,7 @@ interface(`userdom_dontaudit_getattr_user_ttys',`
type user_tty_device_t;
')
dontaudit $1 user_tty_device_t:chr_file getattr;
dontaudit $1 user_tty_device_t:chr_file getattr_chr_file_perms;
')
########################################
@ -2503,7 +2503,7 @@ interface(`userdom_setattr_user_ttys',`
type user_tty_device_t;
')
allow $1 user_tty_device_t:chr_file setattr;
allow $1 user_tty_device_t:chr_file setattr_chr_file_perms;
')
########################################
@ -2521,7 +2521,7 @@ interface(`userdom_dontaudit_setattr_user_ttys',`
type user_tty_device_t;
')
dontaudit $1 user_tty_device_t:chr_file setattr;
dontaudit $1 user_tty_device_t:chr_file setattr_chr_file_perms;
')
########################################