list_dirs_pattern($1, debugfs_t, debugfs_t)
')
+########################################
+## <summary>
++<<<<<<< HEAD
+## Manage information from the debugging filesystem.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kernel_manage_debugfs',`
+ gen_require(`
+ type debugfs_t;
+ ')
+
+ manage_files_pattern($1, debugfs_t, debugfs_t)
+ read_lnk_files_pattern($1, debugfs_t, debugfs_t)
+ list_dirs_pattern($1, debugfs_t, debugfs_t)
+')
+
########################################
## <summary>
## Do not audit attempts to write kernel debugging filesystem dirs.
-## Manage information from the debugging filesystem.
++||||||| merged common ancestors
++<<<<<<< Temporary merge branch 1
++## Do not audit attempts to write kernel debugging filesystem dirs.
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+ ## Domain to not audit.
+ ## </summary>
+ ## </param>
+ #
+ interface(`kernel_dontaudit_write_debugfs_dirs',`
+ gen_require(`
+ type debugfs_t;
+ ')
+
+ dontaudit $1 debugfs_t:dir write;
+ ')
+
+ ########################################
+ ## <summary>
-interface(`kernel_manage_debugfs',`
++||||||| merged common ancestors
++=======
++## Read/Write information from the debugging filesystem.
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+ ## Domain allowed access.
+ ## </summary>
+ ## </param>
+ #
- manage_files_pattern($1, debugfs_t, debugfs_t)
++interface(`kernel_rw_debugfs',`
+ gen_require(`
+ type debugfs_t;
+ ')
+
++ rw_files_pattern($1, debugfs_t, debugfs_t)
+ read_lnk_files_pattern($1, debugfs_t, debugfs_t)
+ list_dirs_pattern($1, debugfs_t, debugfs_t)
+ ')
+
++########################################
++## <summary>
++## Manage information from the debugging filesystem.
++=======
++## Do not audit attempts to write kernel debugging filesystem dirs.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`kernel_dontaudit_write_debugfs_dirs',`
++ gen_require(`
++ type debugfs_t;
++ ')
++
++ dontaudit $1 debugfs_t:dir write;
++')
++
++########################################
++## <summary>
++## Manage information from the debugging filesystem.
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`kernel_dontaudit_write_debugfs_dirs',`
+ gen_require(`
+ type debugfs_t;
+ ')
+
+ dontaudit $1 debugfs_t:dir write;
+')
+
########################################
## <summary>
## Mount a kernel VM filesystem.
manage_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
')
++<<<<<<< HEAD
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an portreserve environment.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`portreserve_admin',`
++ gen_require(`
++ type portreserve_t, portreserve_etc_t, portreserve_var_run_t;
++ type portreserve_initrc_exec_t;
++ ')
++
++ allow $1 portreserve_t:process { ptrace signal_perms };
++ ps_process_pattern($1, portreserve_t)
++
++ portreserve_initrc_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 portreserve_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ files_list_etc($1)
++ admin_pattern($1, portreserve_etc_t)
++
++ files_list_pids($1)
++ admin_pattern($1, portreserve_var_run_t)
++')
++||||||| merged common ancestors
++<<<<<<< Temporary merge branch 1
++
++########################################
++## <summary>
++## Execute portreserve in the portreserve domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`portreserve_initrc_domtrans',`
++ gen_require(`
++ type portreserve_initrc_exec_t;
++ ')
++
++ init_labeled_script_domtrans($1, portreserve_initrc_exec_t)
++')
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an portreserve environment.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`portreserve_admin',`
++ gen_require(`
++ type portreserve_t, portreserve_etc_t, portreserve_var_run_t;
++ type portreserve_initrc_exec_t;
++ ')
++
++ allow $1 portreserve_t:process { ptrace signal_perms };
++ ps_process_pattern($1, portreserve_t)
++
++ portreserve_initrc_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 portreserve_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ files_list_etc($1)
++ admin_pattern($1, portreserve_etc_t)
++
++ files_list_pids($1)
++ admin_pattern($1, portreserve_var_run_t)
++')
++||||||| merged common ancestors
++=======
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an portreserve environment.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`portreserve_admin',`
++ gen_require(`
++ type portreserve_t, portreserve_etc_t, portreserve_var_run_t;
++ type portreserve_initrc_exec_t;
++ ')
++
++ allow $1 portreserve_t:process { ptrace signal_perms };
++ ps_process_pattern($1, portreserve_t)
++
++ portreserve_initrc_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 portreserve_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ files_list_etc($1)
++ admin_pattern($1, portreserve_etc_t)
++
++ files_list_pids($1)
++ admin_pattern($1, portreserve_var_run_t)
++')
++>>>>>>> Temporary merge branch 2
++=======
+
+ ########################################
+ ## <summary>
+ ## Execute portreserve in the portreserve domain.
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+ ## Domain allowed to transition.
+ ## </summary>
+ ## </param>
+ #
+ interface(`portreserve_initrc_domtrans',`
+ gen_require(`
+ type portreserve_initrc_exec_t;
+ ')
+
+ init_labeled_script_domtrans($1, portreserve_initrc_exec_t)
+ ')
########################################
## <summary>
files_list_pids($1)
admin_pattern($1, portreserve_var_run_t)
')
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
# smokeping local policy
#
++<<<<<<< HEAD
+dontaudit smokeping_t self:capability { dac_read_search dac_override };
++||||||| merged common ancestors
++<<<<<<< Temporary merge branch 1
++dontaudit smokeping_t self:capability { dac_read_search dac_override };
++||||||| merged common ancestors
++=======
+ dontaudit smokeping_t self:capability { dac_read_search dac_override };
++>>>>>>> Temporary merge branch 2
++=======
++dontaudit smokeping_t self:capability { dac_read_search dac_override };
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
allow smokeping_t self:fifo_file rw_fifo_file_perms;
allow smokeping_t self:udp_socket create_socket_perms;
allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
/var/spool/abrt-upload(/.*)? gen_context(system_u:object_r:public_content_rw_t,s0)
/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
++<<<<<<< HEAD
+/var/www/cobbler/images(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
+
++||||||| merged common ancestors
++||||||| merged common ancestors
++/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
++=======
++/var/spool/abrt-upload(/.*)? gen_context(system_u:object_r:public_content_rw_t,s0)
++>>>>>>> Temporary merge branch 2
++
++<<<<<<< Temporary merge branch 1
++||||||| merged common ancestors
++/var/www/cobbler/images(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
++
++=======
++/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
++
++>>>>>>> Temporary merge branch 2
++=======
++
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
ifdef(`distro_debian',`
/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/var/lib/usbutils(/.*)? gen_context(system_u:object_r:hwdata_t,s0)
kernel_setsched(mount_t)
kernel_use_fds(mount_t)
kernel_request_load_module(mount_t)
++<<<<<<< HEAD
+kernel_dontaudit_write_debugfs_dirs(mount_t)
+kernel_dontaudit_write_proc_dirs(mount_t)
++||||||| merged common ancestors
++>>>>>>> Temporary merge branch 2
++=======
+ kernel_dontaudit_getattr_core_if(mount_t)
+ kernel_dontaudit_write_debugfs_dirs(mount_t)
+ kernel_dontaudit_write_proc_dirs(mount_t)
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
# required for mount.smbfs
corecmd_exec_bin(mount_t)
dev_read_usbfs(mount_t)
dev_read_rand(mount_t)
dev_read_sysfs(mount_t)
++<<<<<<< HEAD
+dev_dontaudit_write_sysfs_dirs(mount_t)
+
++||||||| merged common ancestors
++>>>>>>> Temporary merge branch 2
++=======
+ dev_read_sysfs(mount_t)
+ dev_dontaudit_write_sysfs_dirs(mount_t)
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
dev_rw_lvm_control(mount_t)
dev_dontaudit_getattr_all_chr_files(mount_t)
dev_dontaudit_getattr_memory_dev(mount_t)
# For reading cert files
files_read_usr_files(mount_t)
files_list_mnt(mount_t)
++<<<<<<< HEAD
++files_write_all_dirs(mount_t)
++files_dontaudit_write_root_dirs(mount_t)
++||||||| merged common ancestors
++<<<<<<< Temporary merge branch 1
++files_dontaudit_write_root_dirs(mount_t)
++||||||| merged common ancestors
++=======
+files_write_all_dirs(mount_t)
++>>>>>>> Temporary merge branch 2
++=======
files_dontaudit_write_root_dirs(mount_t)
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
fs_list_all(mount_t)
fs_getattr_all_fs(mount_t)
# All socket classes.
#
define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket }')
++<<<<<<< HEAD
++||||||| merged common ancestors
++>>>>>>> Temporary merge branch 2
+
++=======
++
++>>>>>>> 23fb9e1d332adbb2e9815f68f7b6c39a87cf3db1
#
# Datagram socket classes.
projects / people / stevee / selinux-policy.git / commitdiff
