Changeset 2676
- Timestamp:
- 05/06/08 15:52:46
(7 months ago)
- Author:
- pebenito
- Message:
rbacsep: start adding rbac constraints.
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r2675 |
r2676 |
|
| 18 | 18 | base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
|---|
| 19 | 19 | base_te_files := $(base_mods) |
|---|
| 20 | | base_post_te_files := $(user_files) $(poldir)/constraints |
|---|
| | 20 | base_post_te_files := $(user_files) $(poldir)/constraints $(poldir)/rbac |
|---|
| 21 | 21 | base_fc_files := $(base_mods:.te=.fc) |
|---|
| 22 | 22 | |
|---|
| … | … | |
| 158 | 158 | |
|---|
| 159 | 159 | $(tmpdir)/post_te_files.conf: M4PARAM += -D self_contained_policy |
|---|
| 160 | | $(tmpdir)/post_te_files.conf: $(m4support) $( |
|---|
| | 160 | $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(base_post_te_files) |
|---|
| 161 | 161 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
|---|
| 162 | 162 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
|---|
| r2675 |
r2676 |
|
| 34 | 34 | |
|---|
| 35 | 35 | pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps) |
|---|
| 36 | | post_te_files := $(user_files) $(poldir)/constraints |
|---|
| | 36 | post_te_files := $(user_files) $(poldir)/constraints $(poldir)/rbac |
|---|
| 37 | 37 | |
|---|
| 38 | 38 | policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf |
|---|
| … | … | |
| 143 | 143 | $(verbose) $(M4) $(M4PARAM) -s $^ > $@ |
|---|
| 144 | 144 | |
|---|
| 145 | | $(tmpdir)/post_te_files.conf: $(m4support) $( |
|---|
| | 145 | $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(post_te_files) |
|---|
| 146 | 146 | @test -d $(tmpdir) || mkdir -p $(tmpdir) |
|---|
| 147 | 147 | $(verbose) $(M4) $(M4PARAM) $^ > $@ |
|---|
| r2437 |
r2676 |
|
| 43 | 43 | |
|---|
| 44 | 44 | # |
|---|
| 45 | | # SELinux process role change constraint: |
|---|
| 46 | | # |
|---|
| 47 | | constrain process transition |
|---|
| 48 | | ( |
|---|
| 49 | | r1 == r2 |
|---|
| 50 | | |
|---|
| 51 | | or ( t1 == can_change_process_role and t2 == process_user_target ) |
|---|
| 52 | | |
|---|
| 53 | | or ( t1 == cron_source_domain and t2 == cron_job_domain ) |
|---|
| 54 | | |
|---|
| 55 | | or ( t1 == can_system_change and r2 == system_r ) |
|---|
| 56 | | |
|---|
| 57 | | or ( t1 == process_uncond_exempt ) |
|---|
| 58 | | ); |
|---|
| 59 | | |
|---|
| 60 | | # |
|---|
| 61 | 45 | # SELinux dynamic transition constraint: |
|---|
| 62 | 46 | # |
|---|
| 63 | 47 | constrain process dyntransition |
|---|
| 64 | 48 | ( |
|---|
| 65 | | u1 == u2 and r1 == r2 |
|---|
| | 49 | u1 == u2 |
|---|
| 66 | 50 | ); |
|---|
| 67 | 51 | |
|---|
Download in other formats:
* Generating other formats may take time.
