change read_shared_libraries to use_shared_libraries, plus a pty fix
This commit is contained in:
Chris PeBenito
parent
dd14d0d892
commit
c09d3225b9
@ -174,7 +174,7 @@
|
|||||||
#
|
#
|
||||||
# rw_file_perms
|
# rw_file_perms
|
||||||
#
|
#
|
||||||
{ getattr read write append ioctl lock }
|
{ getattr read write append ioctl lock }
|
||||||
|
|
||||||
#
|
#
|
||||||
# rw_msgq_perms
|
# rw_msgq_perms
|
||||||
@ -344,7 +344,7 @@ domain_make_entrypoint_file($1_t,$1_exec_t)
|
|||||||
role sysadm_r types $1_t;
|
role sysadm_r types $1_t;
|
||||||
domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
|
domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
|
||||||
libraries_use_dynamic_loader($1_t)
|
libraries_use_dynamic_loader($1_t)
|
||||||
libraries_read_shared_libraries($1_t)
|
libraries_use_shared_libraries($1_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# base_can_network($1,$2):
|
# base_can_network($1,$2):
|
||||||
@ -422,7 +422,7 @@ allow $1 $2:$3 { create ioctl read getattr lock write setattr append link unlink
|
|||||||
#
|
#
|
||||||
# can_create_other_pty(): complete
|
# can_create_other_pty(): complete
|
||||||
#
|
#
|
||||||
terminal_make_pseudoterminal($1_t,$2_devpts_t)
|
terminal_create_private_pseudoterminal($1_t,$2_devpts_t)
|
||||||
allow $1_t $2_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
allow $1_t $2_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -430,8 +430,9 @@ allow $1_t $2_devpts_t:chr_file { setattr ioctl read getattr lock write append }
|
|||||||
#
|
#
|
||||||
# $2 may require more conversion
|
# $2 may require more conversion
|
||||||
type $1_devpts_t $2;
|
type $1_devpts_t $2;
|
||||||
terminal_make_pseudoterminal($1_t,$1_devpts_t)
|
terminal_make_pseudoterminal($1_devpts_t)
|
||||||
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
|
||||||
|
terminal_create_private_pseudoterminal($1_t,$1_devpts_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# can_exec(): complete
|
# can_exec(): complete
|
||||||
@ -446,7 +447,7 @@ files_execute_system_config_script($1)
|
|||||||
corecommands_execute_general_programs($1)
|
corecommands_execute_general_programs($1)
|
||||||
corecommands_execute_system_programs($1)
|
corecommands_execute_system_programs($1)
|
||||||
libraries_use_dynamic_loader($1)
|
libraries_use_dynamic_loader($1)
|
||||||
libraries_read_shared_libraries($1)
|
libraries_use_shared_libraries($1)
|
||||||
libraries_execute_dynamic_loader($1)
|
libraries_execute_dynamic_loader($1)
|
||||||
libraries_execute_library_scripts($1)
|
libraries_execute_library_scripts($1)
|
||||||
|
|
||||||
@ -706,7 +707,7 @@ init_use_file_descriptors($1_t)
|
|||||||
init_script_use_pseudoterminal($1_t)
|
init_script_use_pseudoterminal($1_t)
|
||||||
domain_use_widely_inheritable_file_descriptors($1_t)
|
domain_use_widely_inheritable_file_descriptors($1_t)
|
||||||
libraries_use_dynamic_loader($1_t)
|
libraries_use_dynamic_loader($1_t)
|
||||||
libraries_read_shared_libraries($1_t)
|
libraries_use_shared_libraries($1_t)
|
||||||
logging_send_system_log_message($1_t)
|
logging_send_system_log_message($1_t)
|
||||||
allow $1_t proc_t:dir r_dir_perms;
|
allow $1_t proc_t:dir r_dir_perms;
|
||||||
allow $1_t proc_t:lnk_file read;
|
allow $1_t proc_t:lnk_file read;
|
||||||
@ -753,7 +754,7 @@ init_script_use_pseudoterminal($1_t)
|
|||||||
domain_use_widely_inheritable_file_descriptors($1_t)
|
domain_use_widely_inheritable_file_descriptors($1_t)
|
||||||
logging_send_system_log_message($1_t)
|
logging_send_system_log_message($1_t)
|
||||||
libraries_use_dynamic_loader($1_t)
|
libraries_use_dynamic_loader($1_t)
|
||||||
libraries_read_shared_libraries($1_t)
|
libraries_use_shared_libraries($1_t)
|
||||||
miscfiles_read_localization($1_t)
|
miscfiles_read_localization($1_t)
|
||||||
tunable_policy(`targeted_policy', `
|
tunable_policy(`targeted_policy', `
|
||||||
terminal_ignore_use_general_physical_terminal($1_t)
|
terminal_ignore_use_general_physical_terminal($1_t)
|
||||||
@ -790,7 +791,7 @@ allow $2_t $1:fd use;
|
|||||||
allow $2_t $1:process sigchld;
|
allow $2_t $1:process sigchld;
|
||||||
allow $2_t self:process signal_perms;
|
allow $2_t self:process signal_perms;
|
||||||
libraries_use_dynamic_loader($2_t)
|
libraries_use_dynamic_loader($2_t)
|
||||||
libraries_read_shared_libraries($2_t)
|
libraries_use_shared_libraries($2_t)
|
||||||
allow $2_t proc_t:dir r_dir_perms;
|
allow $2_t proc_t:dir r_dir_perms;
|
||||||
allow $2_t proc_t:lnk_file read;
|
allow $2_t proc_t:lnk_file read;
|
||||||
allow $2_t device_t:dir getattr;
|
allow $2_t device_t:dir getattr;
|
||||||
@ -907,7 +908,7 @@ kernel_read_hardware_state($1_t)
|
|||||||
terminal_ignore_use_console($1_t)
|
terminal_ignore_use_console($1_t)
|
||||||
init_use_file_descriptors($1_t)
|
init_use_file_descriptors($1_t)
|
||||||
libraries_use_dynamic_loader($1_t)
|
libraries_use_dynamic_loader($1_t)
|
||||||
libraries_read_shared_libraries($1_t)
|
libraries_use_shared_libraries($1_t)
|
||||||
logging_send_system_log_message($1_t)
|
logging_send_system_log_message($1_t)
|
||||||
tunable_policy(`targeted_policy', `
|
tunable_policy(`targeted_policy', `
|
||||||
terminal_ignore_use_general_physical_terminal($1_t)
|
terminal_ignore_use_general_physical_terminal($1_t)
|
||||||
@ -926,7 +927,7 @@ dontaudit $1_t unpriv_userdomain:fd use;
|
|||||||
# legacy_domain(): complete
|
# legacy_domain(): complete
|
||||||
#
|
#
|
||||||
allow $1_t self:process execmem;
|
allow $1_t self:process execmem;
|
||||||
libraries_legacy_read_shared_libraries($1_t)
|
libraries_legacy_use_shared_libraries($1_t)
|
||||||
libraries_legacy_use_dynamic_loader($1_t)
|
libraries_legacy_use_dynamic_loader($1_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1041,7 +1042,7 @@ role system_r types $1_t;
|
|||||||
type $1_exec_t;
|
type $1_exec_t;
|
||||||
domain_make_entrypoint_file($1_t,$1_exec_t)
|
domain_make_entrypoint_file($1_t,$1_exec_t)
|
||||||
libraries_use_dynamic_loader($1_t)
|
libraries_use_dynamic_loader($1_t)
|
||||||
libraries_read_shared_libraries($1_t)
|
libraries_use_shared_libraries($1_t)
|
||||||
logging_send_system_log_message($1_t)
|
logging_send_system_log_message($1_t)
|
||||||
allow $1_t etc_t:dir r_dir_perms;
|
allow $1_t etc_t:dir r_dir_perms;
|
||||||
|
|
||||||
@ -1089,7 +1090,7 @@ type $1_exec_t, file_type, sysadmfile, exec_type;
|
|||||||
role sysadm_r types $1_t;
|
role sysadm_r types $1_t;
|
||||||
domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
|
domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
|
||||||
libraries_use_dynamic_loader($1_t)
|
libraries_use_dynamic_loader($1_t)
|
||||||
libraries_read_shared_libraries($1_t)
|
libraries_use_shared_libraries($1_t)
|
||||||
in_user_role($1_t)
|
in_user_role($1_t)
|
||||||
domain_auto_trans(userdomain, $1_exec_t, $1_t)
|
domain_auto_trans(userdomain, $1_exec_t, $1_t)
|
||||||
|
|
||||||
@ -1109,7 +1110,7 @@ allow authbind_t $1:{ tcp_socket udp_socket } rw_socket_perms;
|
|||||||
# uses_shlib(): complete
|
# uses_shlib(): complete
|
||||||
#
|
#
|
||||||
libraries_use_dynamic_loader($1)
|
libraries_use_dynamic_loader($1)
|
||||||
libraries_read_shared_libraries($1)
|
libraries_use_shared_libraries($1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# var_lib_domain():
|
# var_lib_domain():
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user