Changeset 2786

Show
Ignore:
Timestamp:
08/20/08 14:45:39 (4 months ago)
Author:
cpebenito
Message:

trunk: firstboot update from dan.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/policy/modules/admin/firstboot.if

    r2763 r2786  
    143143        dontaudit $1 firstboot_t:fifo_file { read write }; 
    144144') 
     145 
     146######################################## 
     147## <summary> 
     148##      Do not audit attemps to read and write to a firstboot 
     149##      unix domain stream socket. 
     150## </summary> 
     151## <param name="domain"> 
     152##      <summary> 
     153##      Domain to not audit. 
     154##      </summary> 
     155## </param> 
     156# 
     157interface(`firstboot_dontaudit_rw_stream_sockets',` 
     158        gen_require(` 
     159                type firstboot_t; 
     160        ') 
     161 
     162        dontaudit $1 firstboot_t:unix_stream_socket { read write }; 
     163') 

  • trunk/policy/modules/admin/firstboot.te

    r2763 r2786  
    11 
    2 policy_module(firstboot, 1.7.0
     2policy_module(firstboot, 1.7.1
    33 
    44gen_require(` 
     
    3636allow firstboot_t firstboot_etc_t:file { getattr read }; 
    3737 
    38 # The big hammer 
    39 unconfined_domain(firstboot_t)  
    40  
    4138kernel_read_system_state(firstboot_t) 
    4239kernel_read_kernel_sysctls(firstboot_t) 
     
    6461files_manage_etc_files(firstboot_t) 
    6562files_manage_etc_runtime_files(firstboot_t) 
    66 files_etc_filetrans_etc_runtime(firstboot_t, { file dir }) 
    6763files_read_usr_files(firstboot_t) 
    6864files_manage_var_dirs(firstboot_t) 
     
    111107optional_policy(` 
    112108        unconfined_domtrans(firstboot_t) 
     109        # The big hammer 
     110        unconfined_domain(firstboot_t)  
    113111') 
    114112 
     
    132130        domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t) 
    133131') 
    134  
    135 ifdef(`xserver.te', ` 
    136         domain_auto_trans(firstboot_t, xserver_exec_t, xdm_xserver_t) 
    137 ') 
    138132') dnl end TODO 

  • trunk/policy/modules/services/ntp.te

    r2763 r2786  
    11 
    2 policy_module(ntp, 1.6.0
     2policy_module(ntp, 1.6.1
    33 
    44######################################## 
     
    118118        firstboot_dontaudit_use_fds(ntpd_t) 
    119119        firstboot_dontaudit_rw_pipes(ntpd_t) 
     120        firstboot_dontaudit_rw_stream_sockets(ntpd_t) 
    120121') 
    121122