rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
cbd186764a
selinux-policy/targeted_temp_fixes.te
Johannes Segitz cbd186764a Accepting request 734854 from home:jsegitz:branches:security:SELinux 
- Moved back to fedora policy (20190802)
- Removed spec file conditionals for old SELinux userland
- Removed config.tgz
- Removed patches:
  * label_sysconfig.selinux.patch
  * label_var_run_rsyslog.patch
  * suse_additions_obs.patch
  * suse_additions_sslh.patch
  * suse_modifications_apache.patch
  * suse_modifications_cron.patch
  * suse_modifications_getty.patch
  * suse_modifications_logging.patch
  * suse_modifications_ntp.patch
  * suse_modifications_usermanage.patch
  * suse_modifications_virt.patch
  * suse_modifications_xserver.patch
  * sysconfig_network_scripts.patch
  * segenxml_interpreter.patch
- Added patches:
  * fix_djbdns.patch
  * fix_dbus.patch
  * fix_gift.patch
  * fix_java.patch
  * fix_hadoop.patch
  * fix_thunderbird.patch
  * postfix_paths.patch
  * fix_nscd.patch
  * fix_sysnetwork.patch
  * fix_logging.patch
  * fix_xserver.patch

OBS-URL: https://build.opensuse.org/request/show/734854
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=73
2019-10-04 02:15:03 +00:00

55 lines
1.9 KiB
Plaintext
Raw Blame History

policy_module(targeted_temp_fixes, 1.0)
require {
type iptables_t;
type nscd_t;
type lib_t;
type bin_t;
type init_t;
type irqbalance_t;
type iptables_var_lib_t;
type postfix_master_t;
type firewalld_t;
type postfix_map_exec_t;
type xdm_t;
type groupadd_t;
type useradd_t;
class netlink_selinux_socket { bind create };
class dir { add_name mounton write };
class file { create execute execute_no_trans getattr ioctl lock open read };
}
#============= firewalld_t ==============
allow firewalld_t iptables_var_lib_t:dir { add_name write };
allow firewalld_t iptables_var_lib_t:file { create lock open read };
#============= init_t ==============
allow init_t bin_t:dir mounton;
allow init_t lib_t:dir mounton;
allow init_t postfix_map_exec_t:file { execute execute_no_trans getattr ioctl open read };
files_rw_var_files(init_t)
fwupd_manage_cache_dirs(init_t)
ntp_read_drift_files(init_t)
#============= iptables_t ==============
kernel_rw_pipes(iptables_t)
#============= irqbalance_t ==============
init_nnp_daemon_domain(irqbalance_t)
#============= nscd_t ==============
files_exec_generic_pid_files(nscd_t)
#============= postfix_master_t ==============
files_read_var_lib_files(postfix_master_t)
files_read_var_lib_symlinks(postfix_master_t)
#============= xdm_t ==============
# KDE write to home directories
userdom_manage_user_home_content_files(xdm_t)
#============= groupadd_t ============== allow groupadd_t self:netlink_selinux_socket { bind create };
allow useradd_t self:netlink_selinux_socket { bind create };
selinux_compute_access_vector(groupadd_t)
selinux_compute_access_vector(useradd_t)
View Git Blame Copy Permalink