Changeset 117 for selinux/build
- Timestamp:
- Jan 26, 2007, 2:33:54 PM (18 years ago)
- Location:
- selinux/build
- Files:
-
- 2 edited
- 3 moved
Legend:
- Unmodified
- Added
- Removed
-
selinux/build/openafs.if
r99 r117 38 38 fs_manage_nfs_named_sockets($1) 39 39 allow $1 nfs_t:file entrypoint; 40 allow $1 nfs_t:{file dir} rx_file_perms; 40 41 ') -
selinux/build/scripts.te
r112 r117 8 8 9 9 require { 10 attribute domain, userdomain, unpriv_userdomain; 10 11 type user_t; 11 12 }; 12 13 14 type user_setuid_t, domain, userdomain, unpriv_userdomain; 15 role user_r types user_setuid_t; 16 domain_interactive_fd(user_setuid_t) 17 files_read_etc_files(user_setuid_t) 18 libs_use_ld_so(user_setuid_t) 19 libs_use_shared_libs(user_setuid_t) 20 miscfiles_read_localization(user_setuid_t) 21 corecmd_exec_all_executables(user_setuid_t) 22 term_use_all_user_ptys(user_setuid_t) 23 24 allow user_setuid_t bin_t:file entrypoint; 25 allow user_setuid_t sbin_t:file entrypoint; 26 27 # allow user_setuid_t domain to call setuid and setgid 28 allow user_setuid_t self:capability { setuid setgid }; 29 30 # transition back to the user domain when executing "user" binaries 31 domain_auto_trans(user_setuid_t, nfs_t, user_t) 32 33 # allow user_setuid_t domain to signal its caller 34 allow user_setuid_t user_t:process sigchld; 35 13 36 afs_access(user_t); 37 afs_access(user_setuid_t); 14 38 zephyr_access(user_t); 15 39
Note: See TracChangeset
for help on using the changeset viewer.