Changeset 99 for selinux/build
- Timestamp:
- Jan 20, 2007, 10:09:26 PM (18 years ago)
- Location:
- selinux/build
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
selinux/build/afsagent.te
r79 r99 1 policy_module(afsagent,1.0.0) 1 # Joe Presbrey 2 # presbrey@mit.edu 3 # 2006/1/15 4 5 policy_module(signup,1.0.0) 2 6 3 7 require { 4 type user_t;8 attribute domain, userdomain, unpriv_userdomain; 5 9 }; 6 10 7 type afsagent_t; 8 role afsagent_r types afsagent_t; 11 require { type sudo_exec_t; }; 12 type signup_t, domain, userdomain, unpriv_userdomain; 13 type signup_su_t, domain, userdomain; 14 role system_r types { signup_t signup_su_t }; 15 role user_r types { signup_t signup_su_t }; 16 afs_access(signup_t) 17 afs_access(signup_su_t) 18 afs_access(useradd_t) 19 files_read_etc_files(signup_t) 20 libs_use_ld_so(signup_t) 21 libs_use_shared_libs(signup_t) 22 miscfiles_read_localization(signup_t) 23 files_read_etc_files(signup_su_t) 24 libs_use_ld_so(signup_su_t) 25 libs_use_shared_libs(signup_su_t) 26 miscfiles_read_localization(signup_su_t) 27 domain_auto_trans(signup_t, sudo_exec_t, signup_su_t) 28 auth_rw_shadow(signup_su_t) 29 sysnet_dns_name_resolve(signup_t) 30 sysnet_dns_name_resolve(signup_su_t) 31 usermanage_run_useradd(signup_su_t,system_r,signup_t) 32 usermanage_run_groupadd(signup_su_t,system_r,signup_t) 33 allow groupadd_t signup_t:fifo_file { getattr ioctl read write }; 34 allow groupadd_t signup_t:process sigchld; 35 36 allow useradd_t { httpd_t signup_t }:fd use; 37 allow useradd_t { httpd_t signup_t }:fifo_file { getattr ioctl read write}; 38 allow useradd_t signup_t:process sigchld; 39 allow signup_su_t signup_t:fd use; 40 allow signup_su_t signup_t:fifo_file { ioctl write }; 41 allow signup_su_t signup_t:process sigchld; 42 allow signup_su_t sudo_exec_t:file entrypoint; 43 allow signup_su_t self:capability { audit_write setgid setuid }; 44 dev_read_urand(signup_t) 45 kernel_read_system_state(signup_t) 46 logging_send_syslog_msg(signup_su_t) 47 48 corecmd_exec_all_executables(signup_t) 49 allow signup_t sbin_t:dir search; 50 allow signup_t sbin_t:file { execute execute_no_trans read }; 51 allow signup_t shell_exec_t:file { execute execute_no_trans getattr read }; 52 allow signup_t self:fifo_file { getattr ioctl read write }; 53 54 # SUEXEC # 55 require { type httpd_suexec_t, httpd_t; }; 56 allow httpd_suexec_t { signup_t }:process { transition siginh rlimitinh noatsecure }; 57 allow { signup_t } httpd_t:fd { use }; 58 allow { signup_t } httpd_t:fifo_file { getattr ioctl read write }; 59 allow { signup_t } httpd_t:process { sigchld }; 60 allow { signup_t } httpd_suexec_t:fd { use }; -
selinux/build/openafs.if
r92 r99 37 37 fs_manage_nfs_named_pipes($1) 38 38 fs_manage_nfs_named_sockets($1) 39 allow $1 nfs_t:file entrypoint; 39 40 ')
Note: See TracChangeset
for help on using the changeset viewer.