Changeset 2668

Show
Ignore:
Timestamp:
04/29/08 08:58:34 (7 months ago)
Author:
pebenito
Message:

trunk: Move user roles into individual modules.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/Changelog

    r2664 r2668  
     1- Move user roles into individual modules. 
    12- Make hald_log_t a log file. 
    23- Cryptsetup runs shell scripts.  Patch from Martin Orr. 

  • trunk/policy/modules/admin/acct.te

    r2553 r2668  
    11 
    2 policy_module(acct,1.1.0
     2policy_module(acct,1.1.1
    33 
    44######################################## 
     
    6767miscfiles_read_localization(acct_t) 
    6868 
    69 userdom_dontaudit_search_sysadm_home_dirs(acct_t) 
    7069userdom_dontaudit_use_unpriv_user_fds(acct_t) 
     70 
     71sysadm_dontaudit_search_home_dirs(acct_t) 
    7172 
    7273optional_policy(` 

  • trunk/policy/modules/admin/alsa.te

    r2656 r2668  
    11 
    2 policy_module(alsa,1.4.0
     2policy_module(alsa,1.4.1
    33 
    44######################################## 
     
    6161userdom_manage_unpriv_user_semaphores(alsa_t) 
    6262userdom_manage_unpriv_user_shared_mem(alsa_t) 
    63 userdom_search_generic_user_home_dirs(alsa_t) 
    64 userdom_dontaudit_search_sysadm_home_dirs(alsa_t) 
     63 
     64sysadm_dontaudit_search_home_dirs(alsa_t) 
     65 
     66unprivuser_search_home_dirs(alsa_t) 
    6567 
    6668optional_policy(` 

  • trunk/policy/modules/admin/amanda.te

    r2553 r2668  
    11 
    2 policy_module(amanda,1.8.0
     2policy_module(amanda,1.8.1
    33 
    44####################################### 
     
    182182manage_fifo_files_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t) 
    183183manage_sock_files_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t) 
    184 userdom_sysadm_home_dir_filetrans(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file }) 
     184sysadm_home_dir_filetrans(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file }) 
    185185 
    186186manage_dirs_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t) 
     
    229229miscfiles_read_localization(amanda_recover_t) 
    230230 
    231 userdom_search_sysadm_home_content_dirs(amanda_recover_t) 
     231sysadm_search_home_content_dirs(amanda_recover_t) 

  • trunk/policy/modules/admin/anaconda.te

    r2170 r2668  
    11 
    2 policy_module(anaconda,1.2.0
     2policy_module(anaconda,1.2.1
    33 
    44######################################## 
     
    3535unconfined_domain(anaconda_t) 
    3636 
    37 userdom_generic_user_home_dir_filetrans_generic_user_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file }) 
     37unprivuser_home_dir_filetrans_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file }) 
    3838 
    3939optional_policy(` 

  • trunk/policy/modules/admin/bootloader.te

    r2553 r2668  
    11 
    2 policy_module(bootloader,1.7.0
     2policy_module(bootloader,1.7.1
    33 
    44######################################## 
     
    213213 
    214214optional_policy(` 
    215         userdom_dontaudit_search_staff_home_dirs(bootloader_t) 
    216         userdom_dontaudit_search_sysadm_home_dirs(bootloader_t) 
    217 ') 
     215        staff_dontaudit_search_home_dirs(bootloader_t) 
     216') 
     217 
     218optional_policy(` 
     219        sysadm_dontaudit_search_home_dirs(bootloader_t) 
     220') 

  • trunk/policy/modules/admin/dmesg.te

    r2553 r2668  
    11 
    2 policy_module(dmesg,1.1.0
     2policy_module(dmesg,1.1.1
    33 
    44######################################## 
     
    5151miscfiles_read_localization(dmesg_t) 
    5252 
    53 userdom_use_sysadm_terms(dmesg_t) 
    5453userdom_dontaudit_use_unpriv_user_fds(dmesg_t) 
     54 
     55sysadm_use_terms(dmesg_t) 
    5556 
    5657optional_policy(` 

  • trunk/policy/modules/admin/firstboot.te

    r2553 r2668  
    11 
    2 policy_module(firstboot,1.6.0
     2policy_module(firstboot,1.6.1
    33 
    44gen_require(` 
     
    8989 
    9090# Add/remove user home directories 
    91 userdom_manage_generic_user_home_content_dirs(firstboot_t) 
    92 userdom_manage_generic_user_home_content_files(firstboot_t) 
    93 userdom_manage_generic_user_home_content_symlinks(firstboot_t) 
    94 userdom_manage_generic_user_home_content_pipes(firstboot_t) 
    95 userdom_manage_generic_user_home_content_sockets(firstboot_t) 
    96 userdom_home_filetrans_generic_user_home_dir(firstboot_t) 
    97 userdom_generic_user_home_dir_filetrans_generic_user_home_content(firstboot_t,{ dir file lnk_file fifo_file sock_file }) 
     91unprivuser_manage_home_content_dirs(firstboot_t) 
     92unprivuser_manage_home_content_files(firstboot_t) 
     93unprivuser_manage_home_content_symlinks(firstboot_t) 
     94unprivuser_manage_home_content_pipes(firstboot_t) 
     95unprivuser_manage_home_content_sockets(firstboot_t) 
     96unprivuser_home_filetrans_home_dir(firstboot_t) 
     97unprivuser_home_dir_filetrans_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file }) 
    9898 
    9999optional_policy(` 

  • trunk/policy/modules/admin/kudzu.te

    r2553 r2668  
    11 
    2 policy_module(kudzu,1.5.0
     2policy_module(kudzu,1.5.1
    33 
    44######################################## 
     
    123123sysnet_read_config(kudzu_t) 
    124124 
    125 userdom_search_sysadm_home_dirs(kudzu_t) 
    126125userdom_dontaudit_use_unpriv_user_fds(kudzu_t) 
     126 
     127sysadm_search_home_dirs(kudzu_t) 
    127128 
    128129optional_policy(` 

  • trunk/policy/modules/admin/logrotate.te

    r2656 r2668  
    11 
    2 policy_module(logrotate,1.8.0
     2policy_module(logrotate,1.8.1
    33 
    44######################################## 
     
    116116seutil_dontaudit_read_config(logrotate_t) 
    117117 
    118 userdom_dontaudit_search_sysadm_home_dirs(logrotate_t) 
    119118userdom_use_unpriv_users_fds(logrotate_t) 
    120119 
     
    123122 
    124123mta_send_mail(logrotate_t) 
     124 
     125sysadm_dontaudit_search_home_dirs(logrotate_t) 
    125126 
    126127ifdef(`distro_debian', ` 

  • trunk/policy/modules/admin/logwatch.te

    r2553 r2668  
    11 
    2 policy_module(logwatch,1.7.0
     2policy_module(logwatch,1.7.1
    33 
    44################################# 
     
    8989sysnet_dns_name_resolve(logwatch_t) 
    9090 
    91 userdom_dontaudit_search_sysadm_home_dirs(logwatch_t) 
    92 userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t) 
     91mta_send_mail(logwatch_t) 
    9392 
    94 mta_send_mail(logwatch_t) 
     93sysadm_dontaudit_search_home_dirs(logwatch_t) 
    9594 
    9695optional_policy(` 

  • trunk/policy/modules/admin/mrtg.te

    r2553 r2668  
    11 
    2 policy_module(mrtg,1.3.0
     2policy_module(mrtg,1.3.1
    33 
    44######################################## 
     
    116116 
    117117userdom_dontaudit_use_unpriv_user_fds(mrtg_t) 
    118 userdom_use_sysadm_terms(mrtg_t) 
     118 
     119sysadm_use_terms(mrtg_t) 
    119120 
    120121ifdef(`enable_mls',` 

  • trunk/policy/modules/admin/portage.if

    r2449 r2668  
    273273        sysnet_dns_name_resolve($1) 
    274274 
    275         userdom_dontaudit_read_sysadm_home_content_files($1) 
     275        sysadm_dontaudit_read_home_content_files($1) 
    276276 
    277277        ifdef(`hide_broken_symptoms',` 

  • trunk/policy/modules/admin/portage.te

    r2553 r2668  
    11 
    2 policy_module(portage,1.5.0
     2policy_module(portage,1.5.1
    33 
    44######################################## 

  • trunk/policy/modules/admin/readahead.te

    r2553 r2668  
    11 
    2 policy_module(readahead,1.5.0
     2policy_module(readahead,1.5.1
    33 
    44######################################## 
     
    8080 
    8181userdom_dontaudit_use_unpriv_user_fds(readahead_t) 
    82 userdom_dontaudit_search_sysadm_home_dirs(readahead_t) 
     82 
     83sysadm_dontaudit_search_home_dirs(readahead_t) 
    8384 
    8485optional_policy(` 

  • trunk/policy/modules/admin/usermanage.te

    r2656 r2668  
    11 
    2 policy_module(usermanage,1.10.0
     2policy_module(usermanage,1.10.1
    33 
    44######################################## 
     
    160160logging_send_syslog_msg(crack_t) 
    161161 
    162 userdom_dontaudit_search_sysadm_home_dirs(crack_t) 
     162sysadm_dontaudit_search_home_dirs(crack_t) 
    163163 
    164164ifdef(`distro_debian',` 
     
    237237 
    238238userdom_use_unpriv_users_fds(groupadd_t) 
     239 
    239240# for when /root is the cwd 
    240 userdom_dontaudit_search_sysadm_home_dirs(groupadd_t) 
     241sysadm_dontaudit_search_home_dirs(groupadd_t) 
    241242 
    242243optional_policy(` 
     
    502503 
    503504userdom_use_unpriv_users_fds(useradd_t) 
    504 # for when /root is the cwd 
    505 userdom_dontaudit_search_sysadm_home_dirs(useradd_t) 
    506505# Add/remove user home directories 
    507 userdom_home_filetrans_generic_user_home_dir(useradd_t) 
    508506userdom_manage_all_users_home_content_dirs(useradd_t) 
    509507userdom_manage_all_users_home_content_files(useradd_t) 
    510 userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set) 
     508unprivuser_home_filetrans_home_dir(useradd_t) 
     509unprivuser_home_dir_filetrans_home_content(useradd_t,notdevfile_class_set) 
    511510 
    512511mta_manage_spool(useradd_t) 

  • trunk/policy/modules/apps/calamaris.te

    r2360 r2668  
    11 
    2 policy_module(calamaris,1.2.0
     2policy_module(calamaris,1.2.1
    33 
    44######################################## 
     
    6868sysnet_read_config(calamaris_t) 
    6969 
    70 userdom_dontaudit_list_sysadm_home_dirs(calamaris_t) 
     70sysadm_dontaudit_list_home_dirs(calamaris_t) 
    7171 
    7272squid_read_log(calamaris_t) 

  • trunk/policy/modules/apps/games.te

    r2656 r2668  
    11 
    2 policy_module(games,1.6.0
     2policy_module(games,1.6.1
    33 
    44######################################## 
     
    5959 
    6060userdom_dontaudit_use_unpriv_user_fds(games_t) 
    61 userdom_dontaudit_search_sysadm_home_dirs(games_t) 
     61 
     62sysadm_dontaudit_search_home_dirs(games_t) 
    6263 
    6364optional_policy(` 

  • trunk/policy/modules/apps/mono.te

    r2553 r2668  
    11 
    2 policy_module(mono,1.4.0
     2policy_module(mono,1.4.1
    33 
    44######################################## 
     
    1818allow mono_t self:process { execheap execmem }; 
    1919 
    20 userdom_generic_user_home_dir_filetrans_generic_user_home_content(mono_t,{ dir file lnk_file fifo_file sock_file }) 
     20unprivuser_home_dir_filetrans_home_content(mono_t,{ dir file lnk_file fifo_file sock_file }) 
    2121 
    2222init_dbus_chat_script(mono_t) 

  • trunk/policy/modules/apps/uml.te

    r2553 r2668  
    11 
    2 policy_module(uml,1.5.0
     2policy_module(uml,1.5.1
    33 
    44######################################## 
     
    5858 
    5959userdom_dontaudit_use_unpriv_user_fds(uml_switch_t) 
    60 userdom_dontaudit_search_sysadm_home_dirs(uml_switch_t) 
     60 
     61sysadm_dontaudit_search_home_dirs(uml_switch_t) 
    6162 
    6263optional_policy(` 

  • trunk/policy/modules/apps/userhelper.if

    r2659 r2668  
    162162        tunable_policy(`! secure_mode',` 
    163163                #if we are not in secure mode then we can transition to sysadm_t 
    164                 userdom_bin_spec_domtrans_sysadm($1_userhelper_t) 
    165                 userdom_entry_spec_domtrans_sysadm($1_userhelper_t) 
     164                sysadm_bin_spec_domtrans($1_userhelper_t) 
     165                sysadm_entry_spec_domtrans($1_userhelper_t) 
    166166        ') 
    167167         

  • trunk/policy/modules/apps/userhelper.te

    r2431 r2668  
    11 
    2 policy_module(userhelper,1.3.0
     2policy_module(userhelper,1.3.1
    33 
    44######################################## 

  • trunk/policy/modules/apps/vmware.te

    r2656 r2668  
    11 
    2 policy_module(vmware,1.5.0
     2policy_module(vmware,1.5.1
    33 
    44######################################## 
     
    8888 
    8989userdom_dontaudit_use_unpriv_user_fds(vmware_host_t) 
    90 userdom_dontaudit_search_sysadm_home_dirs(vmware_host_t) 
     90 
     91sysadm_dontaudit_search_home_dirs(vmware_host_t) 
    9192 
    9293optional_policy(` 

  • trunk/policy/modules/services/afs.te

    r2360 r2668  
    11 
    2 policy_module(afs,1.2.0
     2policy_module(afs,1.2.1
    33 
    44######################################## 
     
    187187sysnet_read_config(afs_fsserver_t) 
    188188 
    189 userdom_dontaudit_use_sysadm_ttys(afs_fsserver_t) 
    190 userdom_dontaudit_use_sysadm_ptys(afs_fsserver_t) 
     189sysadm_dontaudit_use_terms(afs_fsserver_t) 
    191190 
    192191######################################## 
     
    236235sysnet_read_config(afs_kaserver_t) 
    237236 
    238 userdom_dontaudit_use_sysadm_ttys(afs_kaserver_t) 
    239 userdom_dontaudit_use_sysadm_ptys(afs_kaserver_t) 
     237sysadm_dontaudit_use_terms(afs_kaserver_t) 
    240238 
    241239######################################## 
     
    278276sysnet_read_config(afs_ptserver_t) 
    279277 
    280 userdom_dontaudit_use_sysadm_ttys(afs_ptserver_t) 
    281 userdom_dontaudit_use_sysadm_ptys(afs_ptserver_t) 
     278sysadm_dontaudit_use_terms(afs_ptserver_t) 
    282279 
    283280######################################## 
     
    320317sysnet_read_config(afs_vlserver_t) 
    321318 
    322 userdom_dontaudit_use_sysadm_ttys(afs_vlserver_t) 
    323 userdom_dontaudit_use_sysadm_ptys(afs_vlserver_t) 
     319sysadm_dontaudit_use_terms(afs_vlserver_t) 

  • trunk/policy/modules/services/amavis.te

    r2656 r2668  
    11 
    2 policy_module(amavis,1.6.0
     2policy_module(amavis,1.6.1
    33 
    44######################################## 
     
    144144sysnet_use_ldap(amavis_t) 
    145145 
    146 userdom_dontaudit_search_sysadm_home_dirs(amavis_t) 
    147  
    148146# Cron handling 
    149147cron_use_fds(amavis_t) 
     
    152150 
    153151mta_read_config(amavis_t) 
     152 
     153sysadm_dontaudit_search_home_dirs(amavis_t) 
    154154 
    155155optional_policy(` 

  • trunk/policy/modules/services/apache.te

    r2553 r2668  
    11 
    2 policy_module(apache,1.9.0
     2policy_module(apache,1.9.1
    33 
    44# 
     
    420420        term_use_controlling_term(httpd_t) 
    421421 
    422         userdom_use_sysadm_terms(httpd_t) 
     422        sysadm_use_terms(httpd_t) 
    423423',` 
    424         userdom_dontaudit_use_sysadm_terms(httpd_t) 
     424        sysadm_dontaudit_use_terms(httpd_t) 
    425425') 
    426426 
     
    516516 
    517517tunable_policy(`httpd_tty_comm',` 
    518         # cjp: this is redundant: 
    519         term_use_controlling_term(httpd_helper_t) 
    520  
    521         userdom_use_sysadm_terms(httpd_helper_t) 
     518        sysadm_use_terms(httpd_helper_t) 
    522519') 
    523520 

  • trunk/policy/modules/services/apm.te

    r2553 r2668  
    11 
    2 policy_module(apm,1.6.0
     2policy_module(apm,1.6.1
    33 
    44######################################## 
     
    140140 
    141141userdom_dontaudit_use_unpriv_user_fds(apmd_t) 
    142 userdom_dontaudit_search_sysadm_home_dirs(apmd_t) 
    143142userdom_dontaudit_search_all_users_home_content(apmd_t) # Excessive? 
     143 
     144sysadm_dontaudit_search_home_dirs(apmd_t) 
    144145 
    145146ifdef(`distro_redhat',` 

  • trunk/policy/modules/services/arpwatch.te

    r2553 r2668  
    11 
    2 policy_module(arpwatch,1.5.0
     2policy_module(arpwatch,1.5.1
    33 
    44######################################## 
     
    8282 
    8383userdom_dontaudit_use_unpriv_user_fds(arpwatch_t) 
    84 userdom_dontaudit_search_sysadm_home_dirs(arpwatch_t) 
    8584 
    8685mta_send_mail(arpwatch_t) 
     86 
     87sysadm_dontaudit_search_home_dirs(arpwatch_t) 
    8788 
    8889optional_policy(` 

  • trunk/policy/modules/services/asterisk.te

    r2553 r2668  
    11 
    2 policy_module(asterisk,1.4.0
     2policy_module(asterisk,1.4.1
    33 
    44######################################## 
     
    127127 
    128128userdom_dontaudit_use_unpriv_user_fds(asterisk_t) 
    129 userdom_dontaudit_search_sysadm_home_dirs(asterisk_t) 
     129 
     130sysadm_dontaudit_search_home_dirs(asterisk_t) 
    130131 
    131132optional_policy(` 

  • trunk/policy/modules/services/audioentropy.te

    r2553 r2668  
    11 
    2 policy_module(audio_entropy,1.3.0
     2policy_module(audio_entropy,1.3.1
    33 
    44######################################## 
     
    5050 
    5151userdom_dontaudit_use_unpriv_user_fds(entropyd_t) 
    52 userdom_dontaudit_search_sysadm_home_dirs(entropyd_t) 
     52 
     53sysadm_dontaudit_search_home_dirs(entropyd_t) 
    5354 
    5455optional_policy(` 

  • trunk/policy/modules/services/automount.te

    r2553 r2668  
    11 
    2 policy_module(automount,1.8.0
     2policy_module(automount,1.8.1
    33 
    44######################################## 
     
    146146 
    147147userdom_dontaudit_use_unpriv_user_fds(automount_t) 
    148 userdom_dontaudit_search_sysadm_home_dirs(automount_t) 
     148 
     149sysadm_dontaudit_search_home_dirs(automount_t) 
    149150 
    150151optional_policy(` 

  • trunk/policy/modules/services/avahi.te

    r2553 r2668  
    11 
    2 policy_module(avahi,1.8.0
     2policy_module(avahi,1.8.1
    33 
    44######################################## 
     
    7979