Navigation

← Previous Changeset
Next Changeset →

Changeset 2683

Timestamp:

05/15/08 08:10:34 (7 months ago)

Author:

pebenito

Message:

trunk: a pile of misc fixes, mainly sync xml docs with interface implementation.

Files:

trunk/policy/modules/admin/portage.if (modified) (3 diffs)
trunk/policy/modules/apps/awstats.if (modified) (1 diff)
trunk/policy/modules/apps/ethereal.if (modified) (1 diff)
trunk/policy/modules/apps/evolution.if (modified) (3 diffs)
trunk/policy/modules/apps/wireshark.if (modified) (1 diff)
trunk/policy/modules/kernel/corecommands.if (modified) (3 diffs)
trunk/policy/modules/kernel/domain.if (modified) (1 diff)
trunk/policy/modules/kernel/files.if (modified) (3 diffs)
trunk/policy/modules/kernel/filesystem.if (modified) (4 diffs)
trunk/policy/modules/kernel/terminal.if (modified) (2 diffs)
trunk/policy/modules/services/fetchmail.if (modified) (1 diff)
trunk/policy/modules/services/mta.if (modified) (1 diff)
trunk/policy/modules/services/ppp.if (modified) (5 diffs)
trunk/policy/modules/services/privoxy.if (modified) (1 diff)
trunk/policy/modules/services/radius.if (modified) (1 diff)
trunk/policy/modules/services/radvd.if (modified) (1 diff)
trunk/policy/modules/services/rwho.if (modified) (1 diff)
trunk/policy/modules/services/sasl.if (modified) (1 diff)
trunk/policy/modules/services/smartmon.if (modified) (1 diff)
trunk/policy/modules/services/snmp.if (modified) (1 diff)
trunk/policy/modules/services/tftp.if (modified) (1 diff)
trunk/policy/modules/services/tor.if (modified) (2 diffs)
trunk/policy/modules/services/uucp.if (modified) (1 diff)
trunk/policy/modules/services/zabbix.if (modified) (1 diff)
trunk/policy/modules/services/zebra.if (modified) (1 diff)
trunk/policy/modules/system/logging.if (modified) (3 diffs)
trunk/policy/modules/system/miscfiles.if (modified) (1 diff)
trunk/policy/modules/system/modutils.if (modified) (1 diff)
trunk/policy/modules/system/selinuxutil.if (modified) (2 diffs)
trunk/policy/modules/system/userdomain.if (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/policy/modules/admin/portage.if

r2668	r2683
93	93	gen_require(`
94	94	class dbus send_msg;
	95	type portage_devpts_t, portage_log_t, portage_tmp_t;
	96	type portage_tmpfs_t;
95	97	')
96	98
…	…
220	222	#
221	223	interface(`portage_fetch_domain',`
	224	gen_require(`
	225	type portage_cache_t, portage_conf_t, portage_ebuild_t;
	226	type portage_tmp_t, portage_fetch_tmp_t;
	227	')
222	228
223	229	allow $1 self:capability { dac_override fowner fsetid };
…	…
291	297	#
292	298	interface(`portage_main_domain',`
	299	gen_require(`
	300	type portage_log_t, portage_tmp_t;
	301	')
293	302
294	303	# - setfscreate for merging to live fs

trunk/policy/modules/apps/awstats.if

r2420	r2683
35	35	gen_require(`
36	36	type httpd_awstats_script_exec_t;
	37	type httpd_awstats_content_t;
37	38	')
38	39

trunk/policy/modules/apps/ethereal.if

r2655	r2683
193	193	## </summary>
194	194	## </param>
195		~~## <param name="user_domain">~~
196		~~## <summary>~~
197		~~## The type of the user domain.~~
198		~~## </summary>~~
199		~~## </param>~~
200	195	#
201	196	template(`ethereal_admin_template',`

trunk/policy/modules/apps/evolution.if

r2655	r2683
810	810	## </summary>
811	811	## </param>
812		## <param name="object">
	812	## <param name="file_type">
	813	## <summary>
	814	## Private file type.
	815	## </summary>
	816	## </param>
	817	## <param name="class">
813	818	## <summary>
814	819	## The object class of the object being created. If
…	…
865	870	## evolution over dbus.
866	871	## </summary>
	872	## <param name="userdomain_prefix">
	873	## <summary>
	874	## The prefix of the user domain (e.g., user
	875	## is the prefix for user_t).
	876	## </summary>
	877	## </param>
867	878	## <param name="domain">
868	879	## <summary>
…	…
886	897	## evolution_alarm over dbus.
887	898	## </summary>
	899	## <param name="userdomain_prefix">
	900	## <summary>
	901	## The prefix of the user domain (e.g., user
	902	## is the prefix for user_t).
	903	## </summary>
	904	## </param>
888	905	## <param name="domain">
889	906	## <summary>

trunk/policy/modules/apps/wireshark.if

r2639	r2683
193	193	## </summary>
194	194	## </param>
195		~~## <param name="user_domain">~~
196		~~## <summary>~~
197		~~## The type of the user domain.~~
198		~~## </summary>~~
199		~~## </param>~~
200	195	#
201	196	template(`wireshark_admin_template',`

trunk/policy/modules/kernel/corecommands.if

r2490	r2683
196	196
197	197	getattr_files_pattern($1,bin_t,bin_t)
	198	')
	199
	200	########################################
	201	## <summary>
	202	## Get the attributes of files in bin directories.
	203	## </summary>
	204	## <param name="domain">
	205	## <summary>
	206	## Domain allowed access.
	207	## </summary>
	208	## </param>
	209	#
	210	interface(`corecmd_dontaudit_getattr_bin_files',`
	211	gen_require(`
	212	type bin_t;
	213	')
	214
	215	dontaudit $1 bin_t:dir search_dir_perms;
	216	dontaudit $1 bin_t:file getattr_file_perms;
198	217	')
199	218
…	…
686	705	#
687	706	interface(`corecmd_sbin_domtrans',`
688		corecmd_bin_domtrans($1,$2~~,$3~~)
	707	corecmd_bin_domtrans($1,$2)
689	708	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
690	709	')
…	…
727	746	#
728	747	interface(`corecmd_sbin_spec_domtrans',`
729		corecmd_bin_spec_domtrans($1,$2~~,$3~~)
	748	corecmd_bin_spec_domtrans($1,$2)
730	749	refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
731	750	')

trunk/policy/modules/kernel/domain.if

r2531	r2683
1220	1220	## </summary>
1221	1221	## </param>
	1222	## <param name="target_domain">
	1223	## <summary>
	1224	## The type of the new process.
	1225	## </summary>
	1226	## </param>
1222	1227	#
1223	1228	# cjp: added for userhelper

trunk/policy/modules/kernel/files.if

r2478	r2683
4209	4209	interface(`files_manage_generic_locks',`
4210	4210	gen_require(`
4211		type var_lock_t;
	4211	type var_t, var_lock_t;
4212	4212	')
4213	4213
…	…
4230	4230	gen_require(`
4231	4231	attribute lockfile;
	4232	type var_t;
4232	4233	')
4233	4234
…	…
4660	4661	## </summary>
4661	4662	## </param>
	4663	## <param name="file">
	4664	## <summary>
	4665	## Type to which the created node will be transitioned.
	4666	## </summary>
	4667	## </param>
	4668	## <param name="class">
	4669	## <summary>
	4670	## Object class(es) (single or set including {}) for which this
	4671	## the transition will occur.
	4672	## </summary>
	4673	## </param>
4662	4674	#
4663	4675	interface(`files_spool_filetrans',`

trunk/policy/modules/kernel/filesystem.if

r2472	r2683
780	780	## <summary>
781	781	## Do not audit attempts to read
	782	## dirs on a CIFS or SMB filesystem.
	783	## </summary>
	784	## <param name="domain">
	785	## <summary>
	786	## Domain to not audit.
	787	## </summary>
	788	## </param>
	789	#
	790	interface(`fs_dontaudit_list_cifs_dirs',`
	791	gen_require(`
	792	type cifs_t;
	793	')
	794
	795	dontaudit $1 cifs_t:dir list_dir_perms;
	796	')
	797
	798	########################################
	799	## <summary>
	800	## Do not audit attempts to read
782	801	## files on a CIFS or SMB filesystem.
783	802	## </summary>
…	…
832	851	allow $1 cifs_t:dir list_dir_perms;
833	852	read_lnk_files_pattern($1,cifs_t,cifs_t)
	853	')
	854
	855	########################################
	856	## <summary>
	857	## Read named pipes
	858	## on a CIFS or SMB network filesystem.
	859	## </summary>
	860	## <param name="domain">
	861	## <summary>
	862	## Domain allowed access.
	863	## </summary>
	864	## </param>
	865	#
	866	interface(`fs_read_cifs_named_pipes',`
	867	gen_require(`
	868	type cifs_t;
	869	')
	870
	871	read_fifo_files_pattern($1,cifs_t,cifs_t)
	872	')
	873
	874	########################################
	875	## <summary>
	876	## Read named pipes
	877	## on a CIFS or SMB network filesystem.
	878	## </summary>
	879	## <param name="domain">
	880	## <summary>
	881	## Domain allowed access.
	882	## </summary>
	883	## </param>
	884	#
	885	interface(`fs_read_cifs_named_sockets',`
	886	gen_require(`
	887	type cifs_t;
	888	')
	889
	890	read_sock_files_pattern($1,cifs_t,cifs_t)
834	891	')
835	892
…	…
1648	1705	')
1649	1706
	1707	#########################################
	1708	## <summary>
	1709	## Read named sockets on a NFS filesystem.
	1710	## </summary>
	1711	## <param name="domain">
	1712	## <summary>
	1713	## Domain allowed access.
	1714	## </summary>
	1715	## </param>
	1716	#
	1717	interface(`fs_read_nfs_named_sockets',`
	1718	gen_require(`
	1719	type nfs_t;
	1720	')
	1721
	1722	read_sock_files_pattern($1,nfs_t,nfs_t)
	1723	')
	1724
	1725	#########################################
	1726	## <summary>
	1727	## Read named pipes on a NFS network filesystem.
	1728	## </summary>
	1729	## <param name="domain">
	1730	## <summary>
	1731	## Domain allowed access.
	1732	## </summary>
	1733	## </param>
	1734	## <rolecap/>
	1735	#
	1736	interface(`fs_read_nfs_named_pipes',`
	1737	gen_require(`
	1738	type nfs_t;
	1739	')
	1740
	1741	read_fifo_files_pattern($1,nfs_t,nfs_t)
	1742	')
	1743
1650	1744	########################################
1651	1745	## <summary>
…	…
2612	2706	interface(`fs_rw_rpc_named_pipes',`
2613	2707	gen_require(`
2614		type nfs_t;
	2708	type rpc_pipefs_t;
2615	2709	')
2616	2710

trunk/policy/modules/kernel/terminal.if

r2410	r2683
626	626	gen_require(`
627	627	attribute ptynode;
	628	type devpts_t;
628	629	')
629	630
…	…
668	669	gen_require(`
669	670	attribute ptynode;
	671	type devpts_t;
670	672	')
671	673

trunk/policy/modules/services/fetchmail.if

r2659	r2683
9	9	## <summary>
10	10	## Domain allowed access.
11		~~## </summary>~~
12		~~## </param>~~
13		~~## <param name="role">~~
14		~~## <summary>~~
15		~~## The role to be allowed to manage the fetchmail domain.~~
16		~~## </summary>~~
17		~~## </param>~~
18		~~## <param name="terminal">~~
19		~~## <summary>~~
20		~~## The type of the user terminal.~~
21	11	## </summary>
22	12	## </param>

trunk/policy/modules/services/mta.if

r2543	r2683
294	294	## </summary>
295	295	## </param>
	296	## <param name="entry_point">
	297	## <summary>
	298	## Type of the program to be used as an entry point to this domain.
	299	## </summary>
	300	## </param>
296	301	#
297	302	interface(`mta_mailserver',`

trunk/policy/modules/services/ppp.if

r2606	r2683
101	101	## <summary>
102	102	## Domain allowed access.
	103	## </summary>
	104	## </param>
	105	## <param name="role">
	106	## <summary>
	107	## The role to allow the ppp domain.
	108	## </summary>
	109	## </param>
	110	## <param name="terminal">
	111	## <summary>
	112	## The type of the terminal allow the ppp domain to use.
103	113	## </summary>
104	114	## </param>
…	…
127	137	## </summary>
128	138	## </param>
	139	## <param name="role">
	140	## <summary>
	141	## The role to allow the ppp domain.
	142	## </summary>
	143	## </param>
	144	## <param name="terminal">
	145	## <summary>
	146	## The type of the terminal allow the ppp domain to use.
	147	## </summary>
	148	## </param>
129	149	## <rolecap/>
130	150	#
…	…
281	301	## </summary>
282	302	## </param>
283		~~## <param name="role">~~
284		~~## <summary>~~
285		~~## The role to be allowed to manage the ppp domain.~~
286		~~## </summary>~~
287		~~## </param>~~
288		~~## <param name="terminal">~~
289		~~## <summary>~~
290		~~## The type of the user terminal.~~
291		~~## </summary>~~
292		~~## </param>~~
293	303	## <rolecap/>
294	304	#
…	…
296	306	gen_require(`
297	307	type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
298		type pppd_etc_t, pppd_s~~cript_t, pppd_s~~ecret_t;
299		type pppd_etc_rw_t, pppd_var_~~lib_t, pppd_var_~~run_t;
	308	type pppd_etc_t, pppd_secret_t;
	309	type pppd_etc_rw_t, pppd_var_run_t;
300	310
301	311	type pptp_t, pptp_log_t, pptp_var_run_t;
…	…
320	330	manage_files_pattern($1, pppd_secret_t, pppd_secret_t)
321	331
322		~~files_list_var_lib($1)~~
323		~~manage_files_pattern($1, pppd_var_lib_t, pppd_var_lib_t)~~
324
325	332	files_list_pids($1)
326	333	manage_files_pattern($1, pppd_var_run_t, pppd_var_run_t)

trunk/policy/modules/services/privoxy.if

r2595	r2683
9	9	## <summary>
10	10	## Domain allowed access.
11		~~## </summary>~~
12		~~## </param>~~
13		~~## <param name="role">~~
14		~~## <summary>~~
15		~~## The role to be allowed to manage the privoxy domain.~~
16		~~## </summary>~~
17		~~## </param>~~
18		~~## <param name="terminal">~~
19		~~## <summary>~~
20		~~## The type of the user terminal.~~
21	11	## </summary>
22	12	## </param>

trunk/policy/modules/services/radius.if

r2595	r2683
25	25	## </summary>
26	26	## </param>
27		~~## <param name="role">~~
28		~~## <summary>~~
29		~~## The role to be allowed to manage the radius domain.~~
30		~~## </summary>~~
31		~~## </param>~~
32		~~## <param name="terminal">~~
33		~~## <summary>~~
34		~~## The type of the user terminal.~~
35		~~## </summary>~~
36		~~## </param>~~
37	27	## <rolecap/>
38	28	#
39	29	interface(`radius_admin',`
40	30	gen_require(`
41		type radius~~_t, radius_etc_t, radius~~_log_t;
42		type radius~~_etc_rw_t, radius_var_lib_t, radius~~_var_run_t;
	31	type radiusd_t, radiusd_etc_t, radiusd_log_t;
	32	type radiusd_etc_rw_t, radiusd_var_lib_t, radiusd_var_run_t;
43	33	')
44	34
45		allow $1 radius_t:process { ptrace signal_perms getattr };
46		ps_process_pattern($1, radius_t)
	35	allow $1 radiusd_t:process { ptrace signal_perms getattr };
	36	ps_process_pattern($1, radiusd_t)
47	37
48	38	files_list_etc($1)
49		manage_files_pattern($1, radius~~_etc_t, radius~~_etc_t)
	39	manage_files_pattern($1, radiusd_etc_t, radiusd_etc_t)
50	40
51	41	logging_list_logs($1)
52		manage_files_pattern($1, radius~~_log_t, radius~~_log_t)
	42	manage_files_pattern($1, radiusd_log_t, radiusd_log_t)
53	43
54		manage_files_pattern($1, radius~~_etc_rw_t, radius~~_etc_rw_t)
	44	manage_files_pattern($1, radiusd_etc_rw_t, radiusd_etc_rw_t)
55	45
56	46	files_list_var_lib($1)
57		manage_files_pattern($1, radius~~_var_lib_t, radius~~_var_lib_t)
	47	manage_files_pattern($1, radiusd_var_lib_t, radiusd_var_lib_t)
58	48
59	49	files_list_pids($1)
60		manage_files_pattern($1, radius~~_var_run_t, radius~~_var_run_t)
	50	manage_files_pattern($1, radiusd_var_run_t, radiusd_var_run_t)
61	51	')

trunk/policy/modules/services/radvd.if

r2595	r2683
9	9	## <summary>
10	10	## Domain allowed access.
11		~~## </summary>~~
12		~~## </param>~~
13		~~## <param name="role">~~
14		~~## <summary>~~
15		~~## The role to be allowed to manage the radvd domain.~~
16		~~## </summary>~~
17		~~## </param>~~
18		~~## <param name="terminal">~~
19		~~## <summary>~~
20		~~## The type of the user terminal.~~
21	11	## </summary>
22	12	## </param>

trunk/policy/modules/services/rwho.if

r2595	r2683
127	127	## </summary>
128	128	## </param>
129		~~## <param name="role">~~
130		~~## <summary>~~
131		~~## The role to be allowed to manage the rwho domain.~~
132		~~## </summary>~~
133		~~## </param>~~
134		~~## <param name="terminal">~~
135		~~## <summary>~~
136		~~## The type of the user terminal.~~
137		~~## </summary>~~
138		~~## </param>~~
139	129	## <rolecap/>
140	130	#

trunk/policy/modules/services/sasl.if

r2595	r2683
30	30	## </summary>
31	31	## </param>
32		~~## <param name="role">~~
33		~~## <summary>~~
34		~~## The role to be allowed to manage the sasl domain.~~
35		~~## </summary>~~
36		~~## </param>~~
37		~~## <param name="terminal">~~
38		~~## <summary>~~
39		~~## The type of the user terminal.~~
40		~~## </summary>~~
41		~~## </param>~~
42	32	## <rolecap/>
43	33	#

trunk/policy/modules/services/smartmon.if

r2595	r2683
29	29	## </summary>
30	30	## </param>
31		~~## <param name="role">~~
32		~~## <summary>~~
33		~~## The role to be allowed to manage the smartmon domain.~~
34		~~## </summary>~~
35		~~## </param>~~
36		~~## <param name="terminal">~~
37		~~## <summary>~~
38		~~## The type of the user terminal.~~
39		~~## </summary>~~
40		~~## </param>~~
41	31	## <rolecap/>
42	32	#

trunk/policy/modules/services/snmp.if

r2595	r2683
96	96	## </summary>
97	97	## </param>
98		~~## <param name="role">~~
99		~~## <summary>~~
100		~~## The role to be allowed to manage the snmp domain.~~
101		~~## </summary>~~
102		~~## </param>~~
103		~~## <param name="terminal">~~
104		~~## <summary>~~
105		~~## The type of the user terminal.~~
106		~~## </summary>~~
107		~~## </param>~~
108	98	## <rolecap/>
109	99	#
110	100	interface(`snmp_admin',`
111	101	gen_require(`
112		type snmp~~_t, snmp~~_log_t;
113		type snmp~~_var_lib_t, snmp~~_var_run_t;
	102	type snmpd_t, snmpd_log_t;
	103	type snmpd_var_lib_t, snmpd_var_run_t;
114	104	')
115	105
116		allow $1 snmp_t:process { ptrace signal_perms getattr };
117		ps_process_pattern($1, snmp_t)
	106	allow $1 snmpd_t:process { ptrace signal_perms getattr };
	107	ps_process_pattern($1, snmpd_t)
118	108
119	109	logging_list_logs($1)
120		manage_files_pattern($1, snmp~~_log_t, snmp~~_log_t)
	110	manage_files_pattern($1, snmpd_log_t, snmpd_log_t)
121	111
122	112	files_list_var_lib($1)
123		manage_files_pattern($1, snmp~~_var_lib_t, snmp~~_var_lib_t)
	113	manage_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
124	114
125	115	files_list_pids($1)
126		manage_files_pattern($1, snmp~~_var_run_t, snmp~~_var_run_t)
	116	manage_files_pattern($1, snmpd_var_run_t, snmpd_var_run_t)
127	117	')

trunk/policy/modules/services/tftp.if

r2595	r2683
11	11	## </summary>
12	12	## </param>
13		~~## <param name="role">~~
14		~~## <summary>~~
15		~~## The role to be allowed to manage the tftp domain.~~
16		~~## </summary>~~
17		~~## </param>~~
18		~~## <param name="terminal">~~
19		~~## <summary>~~
20		~~## The type of the user terminal.~~
21		~~## </summary>~~
22		~~## </param>~~
23	13	## <rolecap/>
24	14	#
25	15	interface(`tftp_admin',`
26	16	gen_require(`
27		type tftp_t, tftpdir_t;
28		type tftp~~_rw_t, tftp~~_var_run_t;
	17	type tftpd_t, tftpdir_t;
	18	type tftpdir_rw_t, tftpd_var_run_t;
29	19	')
30	20
31		allow $1 tftp_t:process { ptrace signal_perms getattr };
32		ps_process_pattern($1, tftp_t)
	21	allow $1 tftpd_t:process { ptrace signal_perms getattr };
	22	ps_process_pattern($1, tftpd_t)
33	23
34		manage_files_pattern($1, tftp~~_rw_t, tftp~~_rw_t)
	24	manage_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
35	25
36	26	manage_files_pattern($1, tftpdir_t, tftpdir_t)
37	27
38	28	files_list_pids($1)
39		manage_files_pattern($1, tftp~~_var_run_t, tftp~~_var_run_t)
	29	manage_files_pattern($1, tftpd_var_run_t, tftpd_var_run_t)
40	30	')

trunk/policy/modules/services/tor.if

r2595	r2683
29	29	## </summary>
30	30	## </param>
31		~~## <param name="role">~~
32		~~## <summary>~~
33		~~## The role to be allowed to manage the tor domain.~~
34		~~## </summary>~~
35		~~## </param>~~
36		~~## <param name="terminal">~~
37		~~## <summary>~~
38		~~## The type of the user terminal.~~
39		~~## </summary>~~
40		~~## </param>~~
41	31	## <rolecap/>
42	32	#
43	33	interface(`tor_admin',`
44	34	gen_require(`
45		type tor_t, tor_log_t, tor_etc_t;
	35	type tor_t, tor_var_log_t, tor_etc_t;
46	36	type tor_var_lib_t, tor_var_run_t;
47	37	')
…	…
51	41
52	42	logging_list_logs($1)
53		manage_files_pattern($1, tor_~~log_t, to~~r_log_t)
	43	manage_files_pattern($1, tor_var_log_t, tor_var_log_t)
54	44
55	45	files_list_etc($1)

trunk/policy/modules/services/uucp.if

r2595	r2683
72	72	## </summary>
73	73	## </param>
74		~~## <param name="role">~~
75		~~## <summary>~~
76		~~## The role to be allowed to manage the uucp domain.~~
77		~~## </summary>~~
78		~~## </param>~~
79		~~## <param name="terminal">~~
80		~~## <summary>~~
81		~~## The type of the user terminal.~~
82		~~## </summary>~~
83		~~## </param>~~
84	74	## <rolecap/>
85	75	#
86	76	interface(`uucp_admin',`
87	77	gen_require(`
88		type uucp~~_t, uucp_tmp_t, uucp~~_log_t;
89		type uucp~~_spool_t, uucp_ro_t, uucp~~_rw_t;
90		type uucp_var_run_t;
	78	type uucpd_t, uucpd_tmp_t, uucpd_log_t;
	79	type uucpd_spool_t, uucpd_ro_t, uucpd_rw_t;
	80	type uucpd_var_run_t;
91	81	')
92	82
93		allow $1 uucp_t:process { ptrace signal_perms getattr };
94		ps_process_pattern($1, uucp_t)
	83	allow $1 uucpd_t:process { ptrace signal_perms getattr };
	84	ps_process_pattern($1, uucpd_t)
95	85
96	86	files_list_tmp($1)
97		manage_files_pattern($1, uucp~~_tmp_t, uucp~~_tmp_t)
	87	manage_files_pattern($1, uucpd_tmp_t, uucpd_tmp_t)
98	88
99	89	logging_list_logs($1)
100		manage_files_pattern($1, uucp~~_log_t, uucp~~_log_t)
	90	manage_files_pattern($1, uucpd_log_t, uucpd_log_t)
101	91
102	92	files_list_spool($1)
103		manage_files_pattern($1, uucp~~_spool_t, uucp~~_spool_t)
	93	manage_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
104	94
105		manage_files_pattern($1, uucp~~_rw_t, uucp~~_rw_t)
	95	manage_files_pattern($1, uucpd_rw_t, uucpd_rw_t)
106	96
107		manage_files_pattern($1, uucp~~_ro_t, uucp~~_ro_t)
	97	manage_files_pattern($1, uucpd_ro_t, uucpd_ro_t)
108	98
109	99	files_list_pids($1)
110		manage_files_pattern($1, uucp~~_var_run_t, uucp~~_var_run_t)
	100	manage_files_pattern($1, uucpd_var_run_t, uucpd_var_run_t)
111	101	')

trunk/policy/modules/services/zabbix.if

r2593	r2683
88	88	## </summary>
89	89	## </param>
90		~~## <param name="role">~~
91		~~## <summary>~~
92		~~## The role to be allowed to manage the zabbix domain.~~
93		~~## </summary>~~
94		~~## </param>~~
95		~~## <param name="terminal">~~
96		~~## <summary>~~
97		~~## The type of the user terminal.~~
98		~~## </summary>~~
99		~~## </param>~~
100	90	## <rolecap/>
101	91	#

trunk/policy/modules/services/zebra.if

r2593	r2683
33	33	## </summary>
34	34	## </param>
35		~~## <param name="role">~~
36		~~## <summary>~~
37		~~## The role to be allowed to manage the zebra domain.~~
38		~~## </summary>~~
39		~~## </param>~~
40		~~## <param name="terminal">~~
41		~~## <summary>~~
42		~~## The type of the user terminal.~~
43		~~## </summary>~~
44		~~## </param>~~
45	35	## <rolecap/>
46	36	#

trunk/policy/modules/system/logging.if

r2552	r2683
691	691	## </summary>
692	692	## </param>
693		~~## <param name="role">~~
694		~~## <summary>~~
695		~~## The role to be allowed to manage the audit domain.~~
696		~~## </summary>~~
697		~~## </param>~~
698		~~## <param name="terminal">~~
699		~~## <summary>~~
700		~~## The type of the user terminal.~~
701		~~## </summary>~~
702		~~## </param>~~
703	693	## <rolecap/>
704	694	#
…	…
730	720	## <summary>
731	721	## Domain allowed access.
732		~~## </summary>~~
733		~~## </param>~~
734		~~## <param name="role">~~
735		~~## <summary>~~
736		~~## The role to be allowed to manage the syslog domain.~~
737		~~## </summary>~~
738		~~## </param>~~
739		~~## <param name="terminal">~~
740		~~## <summary>~~
741		~~## The type of the user terminal.~~
742	722	## </summary>
743	723	## </param>
…	…
789	769	## </summary>
790	770	## </param>
791		~~## <param name="role">~~
792		~~## <summary>~~
793		~~## The role to be allowed to manage the syslog domain.~~
794		~~## </summary>~~
795		~~## </param>~~
796		~~## <param name="terminal">~~
797		~~## <summary>~~
798		~~## The type of the user terminal.~~
799		~~## </summary>~~
800		~~## </param>~~
801	771	## <rolecap/>
802	772	#
803	773	interface(`logging_admin',`
804		logging_admin_audit($1~~, $2, $3~~)
805		logging_admin_syslog($1~~, $2, $3~~)
806		')
	774	logging_admin_audit($1)
	775	logging_admin_syslog($1)
	776	')

trunk/policy/modules/system/miscfiles.if

r2516	r2683
383	383	gen_require(`
384	384	type fonts_t;
	385	type tetex_data_t;
385	386	')
386	387

trunk/policy/modules/system/modutils.if

r2239	r2683
201	201	interface(`modutils_run_depmod',`
202	202	gen_require(`
203		type depmod_t;
	203	type depmod_t, insmod_t;
204	204	')
205	205

trunk/policy/modules/system/selinuxutil.if

r2537	r2683
818	818	interface(`seutil_rw_file_contexts',`
819	819	gen_require(`
820		type selinux_config_t, file_context_t;
	820	type selinux_config_t, file_context_t, default_context_t;
821	821	')
822	822
…	…
839	839	interface(`seutil_manage_file_contexts',`
840	840	gen_require(`
841		type selinux_config_t, file_context_t;
	841	type selinux_config_t, file_context_t, default_context_t;
842	842	')
843	843

trunk/policy/modules/system/userdomain.if

r2668	r2683
192	192	fs_read_nfs_named_pipes($1_t)
193	193	',`
194		fs_dontaudit_~~read_nfs_dir~~s($1_t)
	194	fs_dontaudit_list_nfs($1_t)
195	195	fs_dontaudit_read_nfs_files($1_t)
196	196	')
…	…
1113	1113
1114	1114	optional_policy(`
1115		~~mono_per_role_template($1, $1_t, $1_r)~~
1116		')
1117
1118		~~optional_policy(`~~
1119	1115	setroubleshoot_dontaudit_stream_connect($1_t)
1120	1116	')
…	…
4131	4127	#
4132	4128	interface(`userdom_sysadm_entry_spec_domtrans_to',`
4133		refpolicywarn(`$0($*) has been deprecated. Please use sysadm_entry_spec_domtrans~~_to~~() instead.')
4134		sysadm_entry_spec_domtrans~~_to~~($1)