change read_shared_libraries to use_shared_libraries, plus a pty fix
This commit is contained in:
Chris PeBenito
parent
dd14d0d892
commit
c09d3225b9
@ -174,7 +174,7 @@
|
||||
#
|
||||
# rw_file_perms
|
||||
#
|
||||
{ getattr read write append ioctl lock }
|
||||
{ getattr read write append ioctl lock }
|
||||
|
||||
#
|
||||
# rw_msgq_perms
|
||||
@ -344,7 +344,7 @@ domain_make_entrypoint_file($1_t,$1_exec_t)
|
||||
role sysadm_r types $1_t;
|
||||
domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
|
||||
#
|
||||
# base_can_network($1,$2):
|
||||
@ -422,7 +422,7 @@ allow $1 $2:$3 { create ioctl read getattr lock write setattr append link unlink
|
||||
#
|
||||
# can_create_other_pty(): complete
|
||||
#
|
||||
terminal_make_pseudoterminal($1_t,$2_devpts_t)
|
||||
terminal_create_private_pseudoterminal($1_t,$2_devpts_t)
|
||||
allow $1_t $2_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
||||
|
||||
#
|
||||
@ -430,8 +430,9 @@ allow $1_t $2_devpts_t:chr_file { setattr ioctl read getattr lock write append }
|
||||
#
|
||||
# $2 may require more conversion
|
||||
type $1_devpts_t $2;
|
||||
terminal_make_pseudoterminal($1_t,$1_devpts_t)
|
||||
terminal_make_pseudoterminal($1_devpts_t)
|
||||
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
||||
terminal_create_private_pseudoterminal($1_t,$1_devpts_t)
|
||||
|
||||
#
|
||||
# can_exec(): complete
|
||||
@ -446,7 +447,7 @@ files_execute_system_config_script($1)
|
||||
corecommands_execute_general_programs($1)
|
||||
corecommands_execute_system_programs($1)
|
||||
libraries_use_dynamic_loader($1)
|
||||
libraries_read_shared_libraries($1)
|
||||
libraries_use_shared_libraries($1)
|
||||
libraries_execute_dynamic_loader($1)
|
||||
libraries_execute_library_scripts($1)
|
||||
|
||||
@ -706,7 +707,7 @@ init_use_file_descriptors($1_t)
|
||||
init_script_use_pseudoterminal($1_t)
|
||||
domain_use_widely_inheritable_file_descriptors($1_t)
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
logging_send_system_log_message($1_t)
|
||||
allow $1_t proc_t:dir r_dir_perms;
|
||||
allow $1_t proc_t:lnk_file read;
|
||||
@ -753,7 +754,7 @@ init_script_use_pseudoterminal($1_t)
|
||||
domain_use_widely_inheritable_file_descriptors($1_t)
|
||||
logging_send_system_log_message($1_t)
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
miscfiles_read_localization($1_t)
|
||||
tunable_policy(`targeted_policy', `
|
||||
terminal_ignore_use_general_physical_terminal($1_t)
|
||||
@ -790,7 +791,7 @@ allow $2_t $1:fd use;
|
||||
allow $2_t $1:process sigchld;
|
||||
allow $2_t self:process signal_perms;
|
||||
libraries_use_dynamic_loader($2_t)
|
||||
libraries_read_shared_libraries($2_t)
|
||||
libraries_use_shared_libraries($2_t)
|
||||
allow $2_t proc_t:dir r_dir_perms;
|
||||
allow $2_t proc_t:lnk_file read;
|
||||
allow $2_t device_t:dir getattr;
|
||||
@ -907,7 +908,7 @@ kernel_read_hardware_state($1_t)
|
||||
terminal_ignore_use_console($1_t)
|
||||
init_use_file_descriptors($1_t)
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
logging_send_system_log_message($1_t)
|
||||
tunable_policy(`targeted_policy', `
|
||||
terminal_ignore_use_general_physical_terminal($1_t)
|
||||
@ -926,7 +927,7 @@ dontaudit $1_t unpriv_userdomain:fd use;
|
||||
# legacy_domain(): complete
|
||||
#
|
||||
allow $1_t self:process execmem;
|
||||
libraries_legacy_read_shared_libraries($1_t)
|
||||
libraries_legacy_use_shared_libraries($1_t)
|
||||
libraries_legacy_use_dynamic_loader($1_t)
|
||||
|
||||
#
|
||||
@ -1041,7 +1042,7 @@ role system_r types $1_t;
|
||||
type $1_exec_t;
|
||||
domain_make_entrypoint_file($1_t,$1_exec_t)
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
logging_send_system_log_message($1_t)
|
||||
allow $1_t etc_t:dir r_dir_perms;
|
||||
|
||||
@ -1089,7 +1090,7 @@ type $1_exec_t, file_type, sysadmfile, exec_type;
|
||||
role sysadm_r types $1_t;
|
||||
domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
|
||||
libraries_use_dynamic_loader($1_t)
|
||||
libraries_read_shared_libraries($1_t)
|
||||
libraries_use_shared_libraries($1_t)
|
||||
in_user_role($1_t)
|
||||
domain_auto_trans(userdomain, $1_exec_t, $1_t)
|
||||
|
||||
@ -1109,7 +1110,7 @@ allow authbind_t $1:{ tcp_socket udp_socket } rw_socket_perms;
|
||||
# uses_shlib(): complete
|
||||
#
|
||||
libraries_use_dynamic_loader($1)
|
||||
libraries_read_shared_libraries($1)
|
||||
libraries_use_shared_libraries($1)
|
||||
|
||||
#
|
||||
# var_lib_domain():
|
||||
|
||||
Loading…
Reference in New Issue
Block a user