ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(acct_t)
term_dontaudit_use_generic_pty(acct_t)
- files_dontaudit_read_root_file(acct_t)
+ files_dontaudit_read_root_files(acct_t)
')
optional_policy(`cron',`
files_read_etc_files(amanda_t)
files_read_etc_runtime_files(amanda_t)
-files_list_all_dirs(amanda_t)
+files_list_all(amanda_t)
files_read_all_files(amanda_t)
files_read_all_symlinks(amanda_t)
-files_read_all_blk_nodes(amanda_t)
-files_read_all_chr_nodes(amanda_t)
+files_read_all_blk_files(amanda_t)
+files_read_all_chr_files(amanda_t)
files_getattr_all_pipes(amanda_t)
files_getattr_all_sockets(amanda_t)
domain_use_wide_inherit_fd(consoletype_t)
-files_dontaudit_read_root_file(consoletype_t)
+files_dontaudit_read_root_files(consoletype_t)
files_list_usr(consoletype_t)
libs_use_ld_so(consoletype_t)
files_list_etc(dmesg_t)
# for when /usr is not mounted:
- files_dontaudit_search_isid_type_dir(dmesg_t)
+ files_dontaudit_search_isid_type_dirs(dmesg_t)
init_use_fd(dmesg_t)
init_use_script_pty(dmesg_t)
# for /etc/sysconfig/hwconf - probably need a new type
files_rw_etc_runtime_files(kudzu_t)
# for file systems that are not yet mounted
-files_dontaudit_search_isid_type_dir(kudzu_t)
+files_dontaudit_search_isid_type_dirs(kudzu_t)
init_use_fd(kudzu_t)
init_use_script_pty(kudzu_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(kudzu_t)
term_dontaudit_use_generic_pty(kudzu_t)
- files_dontaudit_read_root_file(kudzu_t)
+ files_dontaudit_read_root_files(kudzu_t)
# cjp: this was originally in the else block
# of ifdef userhelper.te, but it seems to
files_read_etc_runtime_files(logrotate_t)
files_read_all_pids(logrotate_t)
# Write to /var/spool/slrnpull - should be moved into its own type.
-files_manage_generic_spools(logrotate_t)
+files_manage_generic_spool(logrotate_t)
files_manage_generic_spool_dirs(logrotate_t)
# cjp: why is this needed?
files_list_all(prelink_t)
files_getattr_all_files(prelink_t)
-files_write_non_security_dir(prelink_t)
+files_write_non_security_dirs(prelink_t)
files_read_etc_files(prelink_t)
files_read_etc_runtime_files(prelink_t)
domain_use_wide_inherit_fd(quota_t)
-files_list_all_dirs(quota_t)
+files_list_all(quota_t)
files_read_all_files(quota_t)
files_read_all_symlinks(quota_t)
files_getattr_all_pipes(quota_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(quota_t)
term_dontaudit_use_generic_pty(quota_t)
- files_dontaudit_read_root_file(quota_t)
+ files_dontaudit_read_root_files(quota_t)
')
optional_policy(`selinuxutil',`
userdom_dontaudit_search_sysadm_home_dir(readahead_t)
ifdef(`targeted_policy',`
- files_dontaudit_read_root_file(readahead_t)
+ files_dontaudit_read_root_files(readahead_t)
term_dontaudit_use_unallocated_tty(readahead_t)
term_dontaudit_use_generic_pty(readahead_t)
')
files_read_etc_files($1_su_t)
files_read_etc_runtime_files($1_su_t)
files_search_var_lib($1_su_t)
- files_dontaudit_getattr_tmp_dir($1_su_t)
+ files_dontaudit_getattr_tmp_dirs($1_su_t)
auth_domtrans_chk_passwd($1_su_t)
auth_dontaudit_read_shadow($1_su_t)
files_read_etc_files($1_su_t)
files_read_etc_runtime_files($1_su_t)
files_search_var_lib($1_su_t)
- files_dontaudit_getattr_tmp_dir($1_su_t)
+ files_dontaudit_getattr_tmp_dirs($1_su_t)
init_dontaudit_use_fd($1_su_t)
# Write to utmp.
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(updfstab_t)
term_dontaudit_use_generic_pty(updfstab_t)
- files_dontaudit_read_root_file(updfstab_t)
+ files_dontaudit_read_root_files(updfstab_t)
')
optional_policy(`authlogin',`
files_read_etc_files($1_userhelper_t)
# Read /var.
files_read_var_files($1_userhelper_t)
- files_read_var_symlink($1_userhelper_t)
+ files_read_var_symlinks($1_userhelper_t)
# for some PAM modules and for cwd
files_search_home($1_userhelper_t)
files_mountpoint(bootloader_tmp_t)
# new file system defaults to file_t, granting file_t access is still bad.
- files_manage_isid_type_dir(bootloader_t)
- files_manage_isid_type_file(bootloader_t)
- files_manage_isid_type_symlink(bootloader_t)
- files_manage_isid_type_blk_node(bootloader_t)
- files_manage_isid_type_chr_node(bootloader_t)
+ files_manage_isid_type_dirs(bootloader_t)
+ files_manage_isid_type_files(bootloader_t)
+ files_manage_isid_type_symlinks(bootloader_t)
+ files_manage_isid_type_blk_files(bootloader_t)
+ files_manage_isid_type_chr_files(bootloader_t)
# for mke2fs
mount_domtrans(bootloader_t)
dontaudit $1 file_type:dir getattr;
')
-########################################
-## <summary>
-## Search all directories.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-#
-interface(`files_search_all',`
- gen_require(`
- attribute file_type;
- ')
-
- allow $1 file_type:dir { getattr search };
-')
-
-########################################
-## <summary>
-## List the contents of all directories.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-#
-interface(`files_list_all',`
- gen_require(`
- attribute file_type;
- ')
-
- allow $1 file_type:dir r_dir_perms;
-')
-
########################################
## <summary>
## List all non-security directories.
allow $1 file_type:lnk_file getattr;
')
-########################################
-## <summary>
-## Get the attributes of all sockets
-## with the type of a file.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-#
-# cjp: added for initrc_t/distro_redhat. I
-# do not think it has any effect.
-interface(`files_getattr_all_file_type_sockets',`
- gen_require(`
- attribute file_type;
- ')
-
- allow $1 file_type:socket_class_set getattr;
-')
-
########################################
## <summary>
## Do not audit attempts to get the attributes
## Domain to not audit.
## </param>
#
-interface(`files_dontaudit_getattr_non_security_blk_dev',`
+interface(`files_dontaudit_getattr_non_security_blk_files',`
gen_require(`
attribute file_type, security_file_type;
')
## Domain to not audit.
## </param>
#
-interface(`files_dontaudit_getattr_non_security_chr_dev',`
+interface(`files_dontaudit_getattr_non_security_chr_files',`
gen_require(`
attribute file_type, security_file_type;
')
## Domain allowed access.
## </param>
#
-interface(`files_read_all_blk_nodes',`
+interface(`files_read_all_blk_files',`
gen_require(`
attribute file_type;
')
## Domain allowed access.
## </param>
#
-interface(`files_read_all_chr_nodes',`
+interface(`files_read_all_chr_files',`
gen_require(`
attribute file_type;
')
########################################
#
-# files_search_all_dirs(domain)
+# files_search_all(domain)
#
-interface(`files_search_all_dirs',`
+interface(`files_search_all',`
gen_require(`
attribute file_type;
')
########################################
#
-# files_list_all_dirs(domain)
+# files_list_all(domain)
#
-interface(`files_list_all_dirs',`
+interface(`files_list_all',`
gen_require(`
attribute file_type;
')
########################################
#
-# files_dontaudit_read_root_file(domain)
+# files_dontaudit_read_root_files(domain)
#
-interface(`files_dontaudit_read_root_file',`
+interface(`files_dontaudit_read_root_files',`
gen_require(`
type root_t;
')
########################################
#
-# files_dontaudit_rw_root_file(domain)
+# files_dontaudit_rw_root_files(domain)
#
-interface(`files_dontaudit_rw_root_file',`
+interface(`files_dontaudit_rw_root_files',`
gen_require(`
type root_t;
')
########################################
#
-# files_dontaudit_rw_root_chr_dev(domain)
+# files_dontaudit_rw_root_chr_files(domain)
#
-interface(`files_dontaudit_rw_root_chr_dev',`
+interface(`files_dontaudit_rw_root_chr_files',`
gen_require(`
type root_t;
')
## Domain allowed access.
## </param>
#
-interface(`files_getattr_default_dir',`
+interface(`files_getattr_default_dirs',`
gen_require(`
type default_t;
')
## Domain to not audit.
## </param>
#
-interface(`files_dontaudit_getattr_default_dir',`
+interface(`files_dontaudit_getattr_default_dirs',`
gen_require(`
type default_t;
')
## Domain allowed access.
## </param>
#
-interface(`files_setattr_etc_dir',`
+interface(`files_setattr_etc_dirs',`
gen_require(`
type etc_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_getattr_isid_type_dir',`
+interface(`files_getattr_isid_type_dirs',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_dontaudit_search_isid_type_dir',`
+interface(`files_dontaudit_search_isid_type_dirs',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_list_isid_type_dir',`
+interface(`files_list_isid_type_dirs',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_rw_isid_type_dir',`
+interface(`files_rw_isid_type_dirs',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_manage_isid_type_dir',`
+interface(`files_manage_isid_type_dirs',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_mounton_isid_type_dir',`
+interface(`files_mounton_isid_type_dirs',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_read_isid_type_file',`
+interface(`files_read_isid_type_files',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_manage_isid_type_file',`
+interface(`files_manage_isid_type_files',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_manage_isid_type_symlink',`
+interface(`files_manage_isid_type_symlinks',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_rw_isid_type_blk_node',`
+interface(`files_rw_isid_type_blk_files',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_manage_isid_type_blk_node',`
+interface(`files_manage_isid_type_blk_files',`
gen_require(`
type file_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_manage_isid_type_chr_node',`
+interface(`files_manage_isid_type_chr_files',`
gen_require(`
type file_t;
')
## Domain allowed access.
## </param>
#
-interface(`files_getattr_tmp_dir',`
+interface(`files_getattr_tmp_dirs',`
gen_require(`
type tmp_t;
')
## The type of the process performing this action.
## </param>
#
-interface(`files_dontaudit_getattr_tmp_dir',`
+interface(`files_dontaudit_getattr_tmp_dirs',`
gen_require(`
type tmp_t;
')
## Domain to not audit.
## </param>
#
-interface(`files_dontaudit_write_var',`
+interface(`files_dontaudit_write_var_dirs',`
gen_require(`
type var_t;
')
## Domain allowed access.
## </param>
#
-interface(`files_read_var_symlink',`
+interface(`files_read_var_symlinks',`
gen_require(`
type var_t;
')
')
')
-########################################
-## <summary>
-## Search directories in /var/lib.
-## </summary>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-#
-interface(`files_search_var_lib_dir',`
- gen_require(`
- type var_t, var_lib_t;
- ')
-
- allow $1 var_t:dir search;
- allow $1 var_lib_t:dir search;
-')
-
########################################
## <summary>
## Get the attributes of the /var/lib directory.
## The type of the process performing this action.
## </param>
#
-interface(`files_getattr_var_lib_dir',`
+interface(`files_getattr_var_lib_dirs',`
gen_require(`
type var_t, var_lib_t;
')
## Domain allowed access.
## </param>
#
-interface(`files_rw_locks_dir',`
+interface(`files_rw_lock_dirs',`
gen_require(`
type var_t, var_lock_t;
')
## Domain to not audit.
## </param>
#
-interface(`files_dontaudit_getattr_pid_dir',`
+interface(`files_dontaudit_getattr_pid_dirs',`
gen_require(`
type var_run_t;
')
########################################
#
-# files_read_generic_spools(domain)
+# files_read_generic_spool(domain)
#
-interface(`files_read_generic_spools',`
+interface(`files_read_generic_spool',`
gen_require(`
type var_t, var_spool_t;
')
########################################
#
-# files_manage_generic_spools(domain)
+# files_manage_generic_spool(domain)
#
-interface(`files_manage_generic_spools',`
+interface(`files_manage_generic_spool',`
gen_require(`
type var_t, var_spool_t;
')
## Domain to allow
## </param>
#
-interface(`files_write_non_security_dir',`
+interface(`files_write_non_security_dirs',`
gen_require(`
attribute file_type, security_file_type;
')
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(httpd_t)
term_dontaudit_use_generic_pty(httpd_t)
- files_dontaudit_read_root_file(httpd_t)
+ files_dontaudit_read_root_files(httpd_t)
tunable_policy(`httpd_enable_homedirs',`
userdom_search_generic_user_home_dir(httpd_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(apmd_t)
term_dontaudit_use_generic_pty(apmd_t)
- files_dontaudit_read_root_file(apmd_t)
+ files_dontaudit_read_root_files(apmd_t)
unconfined_domain_template(apmd_t)
')
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(arpwatch_t)
term_dontaudit_use_generic_pty(arpwatch_t)
- files_dontaudit_read_root_file(arpwatch_t)
+ files_dontaudit_read_root_files(arpwatch_t)
')
optional_policy(`nis',`
domain_use_wide_inherit_fd(automount_t)
-files_dontaudit_write_var(automount_t)
-files_search_var_lib_dir(automount_t)
+files_dontaudit_write_var_dirs(automount_t)
+files_search_var_lib(automount_t)
files_search_mnt(automount_t)
files_getattr_home_dir(automount_t)
files_read_etc_files(automount_t)
files_read_etc_runtime_files(automount_t)
# for if the mount point is not labelled
-files_getattr_isid_type_dir(automount_t)
-files_getattr_default_dir(automount_t)
+files_getattr_isid_type_dirs(automount_t)
+files_getattr_default_dirs(automount_t)
# because config files can be shell scripts
files_exec_etc_files(automount_t)
userdom_dontaudit_search_sysadm_home_dir(automount_t)
ifdef(`targeted_policy', `
- files_dontaudit_read_root_file(automount_t)
+ files_dontaudit_read_root_files(automount_t)
term_dontaudit_use_unallocated_tty(automount_t)
term_dontaudit_use_generic_pty(automount_t)
')
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(avahi_t)
term_dontaudit_use_generic_pty(avahi_t)
- files_dontaudit_read_root_file(avahi_t)
+ files_dontaudit_read_root_files(avahi_t)
')
optional_policy(`dbus',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(named_t)
term_dontaudit_use_generic_pty(named_t)
- files_dontaudit_read_root_file(named_t)
+ files_dontaudit_read_root_files(named_t)
')
tunable_policy(`named_write_master_zones',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(bluetooth_t)
term_dontaudit_use_generic_pty(bluetooth_t)
- files_dontaudit_read_root_file(bluetooth_t)
+ files_dontaudit_read_root_files(bluetooth_t)
')
optional_policy(`dbus',`
files_read_etc_runtime_files(canna_t)
files_read_usr_files(canna_t)
files_search_tmp(canna_t)
-files_dontaudit_read_root_file(canna_t)
+files_dontaudit_read_root_files(canna_t)
init_use_fd(canna_t)
init_use_script_pty(canna_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(canna_t)
term_dontaudit_use_generic_pty(canna_t)
- files_dontaudit_read_root_file(canna_t)
+ files_dontaudit_read_root_files(canna_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cpucontrol_t)
term_dontaudit_use_generic_pty(cpucontrol_t)
- files_dontaudit_read_root_file(cpucontrol_t)
+ files_dontaudit_read_root_files(cpucontrol_t)
')
optional_policy(`nscd',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cpuspeed_t)
term_dontaudit_use_generic_pty(cpuspeed_t)
- files_dontaudit_read_root_file(cpuspeed_t)
+ files_dontaudit_read_root_files(cpuspeed_t)
')
optional_policy(`nscd',`
domain_use_wide_inherit_fd(crond_t)
files_read_etc_files(crond_t)
-files_read_generic_spools(crond_t)
+files_read_generic_spool(crond_t)
files_list_usr(crond_t)
# Read from /var/spool/cron.
files_search_var_lib(crond_t)
files_exec_etc_files(system_crond_t)
files_read_etc_files(system_crond_t)
files_read_etc_runtime_files(system_crond_t)
- files_list_all_dirs(system_crond_t)
+ files_list_all(system_crond_t)
files_getattr_all_dirs(system_crond_t)
files_getattr_all_files(system_crond_t)
files_getattr_all_symlinks(system_crond_t)
files_dontaudit_search_pids(system_crond_t)
# Access other spool directories like
# /var/spool/anacron and /var/spool/slrnpull.
- files_manage_generic_spools(system_crond_t)
+ files_manage_generic_spool(system_crond_t)
init_use_fd(system_crond_t)
init_use_script_fd(system_crond_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cupsd_t)
term_dontaudit_use_generic_pty(cupsd_t)
- files_dontaudit_read_root_file(cupsd_t)
+ files_dontaudit_read_root_files(cupsd_t)
')
optional_policy(`cron',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ptal_t)
term_dontaudit_use_generic_pty(ptal_t)
- files_dontaudit_read_root_file(ptal_t)
+ files_dontaudit_read_root_files(ptal_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(hplip_t)
term_dontaudit_use_generic_pty(hplip_t)
- files_dontaudit_read_root_file(hplip_t)
+ files_dontaudit_read_root_files(hplip_t)
')
optional_policy(`mount',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(cupsd_config_t)
term_dontaudit_use_generic_pty(cupsd_config_t)
- files_dontaudit_read_root_file(cupsd_config_t)
+ files_dontaudit_read_root_files(cupsd_config_t)
')
optional_policy(`cron',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(cyrus_t)
term_dontaudit_use_generic_pty(cyrus_t)
- files_dontaudit_read_root_file(cyrus_t)
+ files_dontaudit_read_root_files(cyrus_t)
')
optional_policy(`cron',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(system_dbusd_t)
term_dontaudit_use_generic_pty(system_dbusd_t)
- files_dontaudit_read_root_file(system_dbusd_t)
+ files_dontaudit_read_root_files(system_dbusd_t)
')
tunable_policy(`read_default_t',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(dhcpd_t)
term_dontaudit_use_generic_pty(dhcpd_t)
- files_dontaudit_read_root_file(dhcpd_t)
+ files_dontaudit_read_root_files(dhcpd_t)
')
optional_policy(`bind',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(dictd_t)
term_dontaudit_use_generic_pty(dictd_t)
- files_dontaudit_read_root_file(dictd_t)
+ files_dontaudit_read_root_files(dictd_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(distccd_t)
term_dontaudit_use_generic_pty(distccd_t)
- files_dontaudit_read_root_file(distccd_t)
+ files_dontaudit_read_root_files(distccd_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(dovecot_t)
term_dontaudit_use_generic_pty(dovecot_t)
- files_dontaudit_read_root_file(dovecot_t)
+ files_dontaudit_read_root_files(dovecot_t)
')
optional_policy(`kerberos',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(fetchmail_t)
term_dontaudit_use_generic_pty(fetchmail_t)
- files_dontaudit_read_root_file(fetchmail_t)
+ files_dontaudit_read_root_files(fetchmail_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(fingerd_t)
term_dontaudit_use_generic_pty(fingerd_t)
- files_dontaudit_read_root_file(fingerd_t)
+ files_dontaudit_read_root_files(fingerd_t)
')
optional_policy(`cron',`
files_search_etc(ftpd_t)
files_read_etc_files(ftpd_t)
files_read_etc_runtime_files(ftpd_t)
-files_search_var_lib_dir(ftpd_t)
+files_search_var_lib(ftpd_t)
fs_search_auto_mountpoints(ftpd_t)
fs_getattr_all_fs(ftpd_t)
userdom_dontaudit_use_unpriv_user_fd(ftpd_t)
ifdef(`targeted_policy',`
- files_dontaudit_read_root_file(ftpd_t)
+ files_dontaudit_read_root_files(ftpd_t)
term_dontaudit_use_generic_pty(ftpd_t)
term_dontaudit_use_unallocated_tty(ftpd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(gpm_t)
term_dontaudit_use_generic_pty(gpm_t)
- files_dontaudit_read_root_file(gpm_t)
+ files_dontaudit_read_root_files(gpm_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(hald_t)
term_dontaudit_use_generic_pty(hald_t)
- files_dontaudit_read_root_file(hald_t)
+ files_dontaudit_read_root_files(hald_t)
files_dontaudit_getattr_home_dir(hald_t)
')
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(howl_t)
term_dontaudit_use_generic_pty(howl_t)
- files_dontaudit_read_root_file(howl_t)
+ files_dontaudit_read_root_files(howl_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(i18n_input_t)
term_dontaudit_use_generic_pty(i18n_input_t)
- files_dontaudit_read_root_file(i18n_input_t)
+ files_dontaudit_read_root_files(i18n_input_t)
')
tunable_policy(`use_nfs_home_dirs',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(inetd_t)
term_dontaudit_use_generic_pty(inetd_t)
- files_dontaudit_read_root_file(inetd_t)
+ files_dontaudit_read_root_files(inetd_t)
')
optional_policy(`amanda',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(innd_t)
term_dontaudit_use_generic_pty(innd_t)
- files_dontaudit_read_root_file(innd_t)
+ files_dontaudit_read_root_files(innd_t)
')
optional_policy(`cron',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(irqbalance_t)
term_dontaudit_use_generic_pty(irqbalance_t)
- files_dontaudit_read_root_file(irqbalance_t)
+ files_dontaudit_read_root_files(irqbalance_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(kadmind_t)
term_dontaudit_use_generic_pty(kadmind_t)
- files_dontaudit_read_root_file(kadmind_t)
+ files_dontaudit_read_root_files(kadmind_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(krb5kdc_t)
term_dontaudit_use_generic_pty(krb5kdc_t)
- files_dontaudit_read_root_file(krb5kdc_t)
+ files_dontaudit_read_root_files(krb5kdc_t)
')
optional_policy(`nis',`
term_dontaudit_use_unallocated_tty(slapd_t)
term_dontaudit_use_generic_pty(slapd_t)
- files_dontaudit_read_root_file(slapd_t)
+ files_dontaudit_read_root_files(slapd_t)
')
optional_policy(`kerberos',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(lpd_t)
term_dontaudit_use_generic_pty(lpd_t)
- files_dontaudit_read_root_file(lpd_t)
+ files_dontaudit_read_root_files(lpd_t)
')
optional_policy(`nis',`
files_filetrans_etc($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
# postfix needs this for newaliases
- files_getattr_tmp_dir($1_mail_t)
+ files_getattr_tmp_dirs($1_mail_t)
postfix_exec_master($1_mail_t)
domain_use_wide_inherit_fd(system_mail_t)
# postfix needs this for newaliases
- files_getattr_tmp_dir(system_mail_t)
+ files_getattr_tmp_dirs(system_mail_t)
postfix_exec_master(system_mail_t)
domain_use_wide_inherit_fd(mysqld_t)
-files_getattr_var_lib_dir(mysqld_t)
+files_getattr_var_lib_dirs(mysqld_t)
files_read_etc_runtime_files(mysqld_t)
files_read_etc_files(mysqld_t)
files_read_usr_files(mysqld_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(mysqld_t)
term_dontaudit_use_generic_pty(mysqld_t)
- files_dontaudit_read_root_file(mysqld_t)
+ files_dontaudit_read_root_files(mysqld_t)
')
optional_policy(`daemontools',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(NetworkManager_t)
term_dontaudit_use_generic_pty(NetworkManager_t)
- files_dontaudit_read_root_file(NetworkManager_t)
+ files_dontaudit_read_root_files(NetworkManager_t)
')
optional_policy(`bind',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ypbind_t)
term_dontaudit_use_generic_pty(ypbind_t)
- files_dontaudit_read_root_file(ypbind_t)
+ files_dontaudit_read_root_files(ypbind_t)
')
optional_policy(`mount',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(yppasswdd_t)
term_dontaudit_use_generic_pty(yppasswdd_t)
- files_dontaudit_read_root_file(yppasswdd_t)
+ files_dontaudit_read_root_files(yppasswdd_t)
')
optional_policy(`hostname',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(ypserv_t)
term_dontaudit_use_generic_pty(ypserv_t)
- files_dontaudit_read_root_file(ypserv_t)
+ files_dontaudit_read_root_files(ypserv_t)
')
optional_policy(`selinuxutil',`
term_dontaudit_use_unallocated_tty(nscd_t)
term_dontaudit_use_generic_pty(nscd_t)
- files_dontaudit_read_root_file(nscd_t)
+ files_dontaudit_read_root_files(nscd_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ntpd_t)
term_dontaudit_use_generic_pty(ntpd_t)
- files_dontaudit_read_root_file(ntpd_t)
+ files_dontaudit_read_root_files(ntpd_t)
')
optional_policy(`cron',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(openct_t)
term_dontaudit_use_generic_pty(openct_t)
- files_dontaudit_read_root_file(openct_t)
+ files_dontaudit_read_root_files(openct_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(pegasus_t)
term_dontaudit_use_generic_pty(pegasus_t)
- files_dontaudit_read_root_file(pegasus_t)
+ files_dontaudit_read_root_files(pegasus_t)
')
optional_policy(`logging',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(portmap_t)
term_dontaudit_use_generic_pty(portmap_t)
- files_dontaudit_read_root_file(portmap_t)
+ files_dontaudit_read_root_files(portmap_t)
')
optional_policy(`inetd',`
files_read_etc_runtime_files(postfix_$1_t)
files_read_usr_symlinks(postfix_$1_t)
files_search_spool(postfix_$1_t)
- files_getattr_tmp_dir(postfix_$1_t)
+ files_getattr_tmp_dirs(postfix_$1_t)
init_use_fd(postfix_$1_t)
init_sigchld(postfix_$1_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(postfix_$1_t)
term_dontaudit_use_generic_pty(postfix_$1_t)
- files_dontaudit_read_root_file(postfix_$1_t)
+ files_dontaudit_read_root_files(postfix_$1_t)
')
optional_policy(`nscd',`
mta_getattr_spool(postgresql_t)
ifdef(`targeted_policy', `
- files_dontaudit_read_root_file(postgresql_t)
+ files_dontaudit_read_root_files(postgresql_t)
term_dontaudit_use_generic_pty(postgresql_t)
term_dontaudit_use_unallocated_tty(postgresql_t)
')
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(pppd_t)
term_dontaudit_use_generic_pty(pppd_t)
- files_dontaudit_read_root_file(pppd_t)
+ files_dontaudit_read_root_files(pppd_t)
optional_policy(`postfix',`
gen_require(`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(pptp_t)
term_dontaudit_use_generic_pty(pptp_t)
- files_dontaudit_read_root_file(pptp_t)
+ files_dontaudit_read_root_files(pptp_t)
')
optional_policy(`hostname',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(privoxy_t)
term_dontaudit_use_generic_pty(privoxy_t)
- files_dontaudit_read_root_file(privoxy_t)
+ files_dontaudit_read_root_files(privoxy_t)
')
optional_policy(`mount',`
ifdef(`targeted_policy', `
corenet_udp_bind_generic_port(procmail_t)
- files_getattr_tmp_dir(procmail_t)
+ files_getattr_tmp_dirs(procmail_t)
')
optional_policy(`logging',`
corenet_udp_bind_generic_port(procmail_t)
corenet_tcp_connect_spamd_port(procmail_t)
- files_getattr_tmp_dir(procmail_t)
+ files_getattr_tmp_dirs(procmail_t)
spamassassin_exec(procmail_t)
spamassassin_exec_client(procmail_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(radiusd_t)
term_dontaudit_use_generic_pty(radiusd_t)
- files_dontaudit_read_root_file(radiusd_t)
+ files_dontaudit_read_root_files(radiusd_t)
')
optional_policy(`cron',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(radvd_t)
term_dontaudit_use_generic_pty(radvd_t)
- files_dontaudit_read_root_file(radvd_t)
+ files_dontaudit_read_root_files(radvd_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(rdisc_t)
term_dontaudit_use_generic_pty(rdisc_t)
- files_dontaudit_read_root_file(rdisc_t)
+ files_dontaudit_read_root_files(rdisc_t)
')
optional_policy(`selinuxutil',`
files_read_world_readable_sockets(remote_login_t)
files_list_mnt(remote_login_t)
# for when /var/mail is a sym-link
-files_read_var_symlink(remote_login_t)
+files_read_var_symlinks(remote_login_t)
init_rw_utmp(remote_login_t)
userdom_dontaudit_search_sysadm_home_dir(roundup_t)
ifdef(`targeted_policy',`
- files_dontaudit_read_root_file(roundup_t)
+ files_dontaudit_read_root_files(roundup_t)
term_dontaudit_use_unallocated_tty(roundup_t)
term_dontaudit_use_generic_pty(roundup_t)
')
files_read_etc_files($1_t)
files_read_etc_runtime_files($1_t)
files_search_var($1_t)
- files_search_var_lib_dir($1_t)
+ files_search_var_lib($1_t)
init_use_fd($1_t)
init_use_script_pty($1_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty($1_t)
term_dontaudit_use_generic_pty($1_t)
- files_dontaudit_read_root_file($1_t)
+ files_dontaudit_read_root_files($1_t)
')
optional_policy(`mount',`
# does not really need this, but it is easier to just allow it
files_search_pids(nfsd_t)
# for exportfs and rpc.mountd
-files_getattr_tmp_dir(nfsd_t)
+files_getattr_tmp_dirs(nfsd_t)
# cjp: this should really have its own type
files_manage_mounttab(rpcd_t)
userdom_use_unpriv_users_fd(smbd_t)
ifdef(`targeted_policy', `
- files_dontaudit_read_root_file(smbd_t)
+ files_dontaudit_read_root_files(smbd_t)
term_dontaudit_use_generic_pty(smbd_t)
term_dontaudit_use_unallocated_tty(smbd_t)
')
userdom_use_unpriv_users_fd(nmbd_t)
ifdef(`targeted_policy', `
- files_dontaudit_read_root_file(nmbd_t)
+ files_dontaudit_read_root_files(nmbd_t)
term_dontaudit_use_generic_pty(nmbd_t)
term_dontaudit_use_unallocated_tty(nmbd_t)
')
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(winbind_t)
term_dontaudit_use_generic_pty(winbind_t)
- files_dontaudit_read_root_file(winbind_t)
+ files_dontaudit_read_root_files(winbind_t)
')
optional_policy(`kerberos',`
files_dontaudit_read_etc_runtime_files(saslauthd_t)
files_search_var_lib(saslauthd_t)
files_dontaudit_getattr_home_dir(saslauthd_t)
-files_dontaudit_getattr_tmp_dir(saslauthd_t)
+files_dontaudit_getattr_tmp_dirs(saslauthd_t)
init_use_fd(saslauthd_t)
init_use_script_pty(saslauthd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(saslauthd_t)
term_dontaudit_use_generic_pty(saslauthd_t)
- files_dontaudit_read_root_file(saslauthd_t)
+ files_dontaudit_read_root_files(saslauthd_t)
')
# cjp: typeattribute dont work in conditionals yet
unconfined_domain_template(sendmail_t)
term_dontaudit_use_unallocated_tty(sendmail_t)
term_dontaudit_use_generic_pty(sendmail_t)
- files_dontaudit_read_root_file(sendmail_t)
+ files_dontaudit_read_root_files(sendmail_t)
',`
allow sendmail_t sendmail_tmp_t:dir create_dir_perms;
allow sendmail_t sendmail_tmp_t:file create_file_perms;
userdom_dontaudit_search_sysadm_home_dir(slrnpull_t)
ifdef(`targeted_policy',`
- files_dontaudit_read_root_file(slrnpull_t)
+ files_dontaudit_read_root_files(slrnpull_t)
term_dontaudit_use_unallocated_tty(slrnpull_t)
term_dontaudit_use_generic_pty(slrnpull_t)
')
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(fsdaemon_t)
term_dontaudit_use_generic_pty(fsdaemon_t)
- files_dontaudit_read_root_file(fsdaemon_t)
+ files_dontaudit_read_root_files(fsdaemon_t)
')
optional_policy(`mta',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(snmpd_t)
term_dontaudit_use_generic_pty(snmpd_t)
- files_dontaudit_read_root_file(snmpd_t)
+ files_dontaudit_read_root_files(snmpd_t)
')
optional_policy(`amanda',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(spamd_t)
term_dontaudit_use_generic_pty(spamd_t)
- files_dontaudit_read_root_file(spamd_t)
+ files_dontaudit_read_root_files(spamd_t)
userdom_manage_generic_user_home_dirs(spamd_t)
userdom_manage_generic_user_home_files(spamd_t)
')
files_read_etc_runtime_files(squid_t)
files_read_usr_files(squid_t)
files_search_spool(squid_t)
-files_dontaudit_getattr_tmp_dir(squid_t)
+files_dontaudit_getattr_tmp_dirs(squid_t)
files_getattr_home_dir(squid_t)
init_use_fd(squid_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(squid_t)
term_dontaudit_use_generic_pty(squid_t)
- files_dontaudit_read_root_file(squid_t)
+ files_dontaudit_read_root_files(squid_t)
')
tunable_policy(`squid_connect_any',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ssh_keygen_t)
term_dontaudit_use_generic_pty(ssh_keygen_t)
- files_dontaudit_read_root_file(ssh_keygen_t)
+ files_dontaudit_read_root_files(ssh_keygen_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(stunnel_t)
term_dontaudit_use_generic_pty(stunnel_t)
- files_dontaudit_read_root_file(stunnel_t)
+ files_dontaudit_read_root_files(stunnel_t)
')
optional_policy(`daemontools',`
files_read_etc_files(tftpd_t);
files_read_var_files(tftpd_t)
-files_read_var_symlink(tftpd_t)
+files_read_var_symlinks(tftpd_t)
files_search_var(tftpd_t)
init_use_fd(tftpd_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(tftpd_t)
term_dontaudit_use_generic_pty(tftpd_t)
- files_dontaudit_read_root_file(tftpd_t)
+ files_dontaudit_read_root_files(tftpd_t)
')
optional_policy(`mount',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(timidity_t)
term_dontaudit_use_generic_pty(timidity_t)
- files_dontaudit_read_root_file(timidity_t)
+ files_dontaudit_read_root_files(timidity_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(xfs_t)
term_dontaudit_use_generic_pty(xfs_t)
- files_dontaudit_read_root_file(xfs_t)
+ files_dontaudit_read_root_files(xfs_t)
')
optional_policy(`nis',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(zebra_t)
term_dontaudit_use_generic_pty(zebra_t)
- files_dontaudit_read_root_file(zebra_t)
+ files_dontaudit_read_root_files(zebra_t)
unconfined_sigchld(zebra_t)
')
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(pam_console_t)
term_dontaudit_use_generic_pty(pam_console_t)
- files_dontaudit_read_root_file(pam_console_t)
+ files_dontaudit_read_root_files(pam_console_t)
')
optional_policy(`gpm',`
files_read_etc_files(hwclock_t)
# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dir(hwclock_t)
+files_dontaudit_search_isid_type_dirs(hwclock_t)
libs_use_ld_so(hwclock_t)
libs_use_shared_libs(hwclock_t)
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(hwclock_t)
term_dontaudit_use_generic_pty(hwclock_t)
- files_dontaudit_read_root_file(hwclock_t)
+ files_dontaudit_read_root_files(hwclock_t)
')
optional_policy(`apm',`
files_read_usr_files(fsadm_t)
files_read_etc_files(fsadm_t)
files_manage_lost_found(fsadm_t)
-files_manage_isid_type_dir(fsadm_t)
+files_manage_isid_type_dirs(fsadm_t)
# Write to /etc/mtab.
files_manage_etc_runtime_files(fsadm_t)
# Access to /initrd devices
-files_rw_isid_type_dir(fsadm_t)
-files_rw_isid_type_blk_node(fsadm_t)
+files_rw_isid_type_dirs(fsadm_t)
+files_rw_isid_type_blk_files(fsadm_t)
# Recreate /mnt/cdrom.
files_manage_mnt_dirs(fsadm_t)
# for tune2fs
files_read_etc_files(hostname_t)
files_dontaudit_search_var(hostname_t)
# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dir(hostname_t)
+files_dontaudit_search_isid_type_dirs(hostname_t)
libs_use_ld_so(hostname_t)
libs_use_shared_libs(hostname_t)
files_manage_etc_runtime_files(hotplug_t)
files_exec_etc_files(hotplug_t)
# for when filesystems are not mounted early in the boot:
-files_dontaudit_search_isid_type_dir(hotplug_t)
+files_dontaudit_search_isid_type_dirs(hotplug_t)
init_use_fd(hotplug_t)
init_use_script_pty(hotplug_t)
files_read_etc_files(init_t)
files_rw_generic_pids(init_t)
-files_dontaudit_search_isid_type_dir(init_t)
+files_dontaudit_search_isid_type_dirs(init_t)
files_manage_etc_runtime_files(init_t)
# Run /etc/X11/prefdm:
files_exec_etc_files(init_t)
# file descriptors inherited from the rootfs:
-files_dontaudit_rw_root_file(init_t)
-files_dontaudit_rw_root_chr_dev(init_t)
+files_dontaudit_rw_root_files(init_t)
+files_dontaudit_rw_root_chr_files(init_t)
libs_use_ld_so(init_t)
libs_use_shared_libs(init_t)
files_exec_etc_files(initrc_t)
files_read_usr_files(initrc_t)
files_manage_urandom_seed(initrc_t)
-files_manage_generic_spools(initrc_t)
+files_manage_generic_spool(initrc_t)
# Mount and unmount file systems.
# cjp: not sure why these are here; should use mount policy
-files_list_isid_type_dir(initrc_t)
-files_mounton_isid_type_dir(initrc_t)
+files_list_isid_type_dirs(initrc_t)
+files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
fs_setattr_tmpfs_dir(initrc_t)
storage_create_fixed_disk_tmpfs(initrc_t)
- files_setattr_etc_dir(initrc_t)
+ files_setattr_etc_dirs(initrc_t)
')
ifdef(`distro_gentoo',`
# Red Hat systems seem to have a stray
# fd open from the initrd
kernel_dontaudit_use_fd(initrc_t)
- files_dontaudit_read_root_file(initrc_t)
+ files_dontaudit_read_root_files(initrc_t)
selinux_set_enforce_mode(initrc_t)
storage_getattr_removable_device(initrc_t)
files_create_boot_flag(initrc_t)
- files_getattr_all_file_type_sockets(initrc_t)
# wants to read /.fonts directory
files_read_default_files(initrc_t)
files_mountpoint(initrc_tmp_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(ipsec_t)
term_dontaudit_use_generic_pty(ipsec_t)
- files_dontaudit_read_root_file(ipsec_t)
+ files_dontaudit_read_root_files(ipsec_t)
')
optional_policy(`nis',`
files_read_etc_files(ipsec_mgmt_t)
files_exec_etc_files(ipsec_mgmt_t)
files_read_etc_runtime_files(ipsec_mgmt_t)
-files_dontaudit_getattr_default_dir(ipsec_mgmt_t)
+files_dontaudit_getattr_default_dirs(ipsec_mgmt_t)
files_dontaudit_getattr_default_files(ipsec_mgmt_t)
init_use_script_pty(ipsec_mgmt_t)
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(iptables_t)
term_dontaudit_use_generic_pty(iptables_t)
- files_dontaudit_read_root_file(iptables_t)
+ files_dontaudit_read_root_files(iptables_t)
')
optional_policy(`firstboot',`
files_read_world_readable_pipes(local_login_t)
files_read_world_readable_sockets(local_login_t)
# for when /var/mail is a symlink
-files_read_var_symlink(local_login_t)
+files_read_var_symlinks(local_login_t)
init_rw_utmp(local_login_t)
init_dontaudit_use_fd(local_login_t)
files_read_etc_files(sulogin_t)
# because file systems are not mounted:
-files_dontaudit_search_isid_type_dir(sulogin_t)
+files_dontaudit_search_isid_type_dirs(sulogin_t)
init_get_script_process_group(sulogin_t)
files_read_etc_files(syslogd_t)
files_read_etc_runtime_files(syslogd_t)
# /initrd is not umounted before minilog starts
-files_dontaudit_search_isid_type_dir(syslogd_t)
+files_dontaudit_search_isid_type_dirs(syslogd_t)
libs_use_ld_so(syslogd_t)
libs_use_shared_libs(syslogd_t)
allow syslogd_t var_run_t:fifo_file { ioctl read write };
term_dontaudit_use_unallocated_tty(syslogd_t)
term_dontaudit_use_generic_pty(syslogd_t)
- files_dontaudit_read_root_file(syslogd_t)
+ files_dontaudit_read_root_files(syslogd_t)
')
optional_policy(`inn',`
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(clvmd_t)
term_dontaudit_use_generic_pty(clvmd_t)
- files_dontaudit_read_root_file(clvmd_t)
+ files_dontaudit_read_root_files(clvmd_t)
')
optional_policy(`mount',`
files_read_etc_files(lvm_t)
files_read_etc_runtime_files(lvm_t)
# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dir(lvm_t)
+files_dontaudit_search_isid_type_dirs(lvm_t)
init_use_fd(lvm_t)
init_dontaudit_getattr_initctl(lvm_t)
ifdef(`distro_redhat',`
# this is from the initrd:
- files_rw_isid_type_dir(lvm_t)
+ files_rw_isid_type_dirs(lvm_t)
')
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(lvm_t)
term_dontaudit_use_generic_pty(lvm_t)
- files_dontaudit_read_root_file(lvm_t)
+ files_dontaudit_read_root_files(lvm_t)
')
optional_policy(`bootloader',`
# for nscd:
files_dontaudit_search_pids(insmod_t)
# for when /var is not mounted early in the boot:
-files_dontaudit_search_isid_type_dir(insmod_t)
+files_dontaudit_search_isid_type_dirs(insmod_t)
init_use_initctl(insmod_t)
init_use_fd(insmod_t)
domain_use_wide_inherit_fd(mount_t)
-files_search_all_dirs(mount_t)
+files_search_all(mount_t)
files_read_etc_files(mount_t)
files_manage_etc_runtime_files(mount_t)
files_mounton_all_mountpoints(mount_t)
files_unmount_all_file_type_fs(mount_t)
# for when /etc/mtab loses its type
# cjp: this seems wrong, the type should probably be etc
-files_read_isid_type_file(mount_t)
+files_read_isid_type_files(mount_t)
init_use_fd(mount_t)
init_use_script_pty(mount_t)
term_use_generic_pty(cardmgr_t)
term_dontaudit_use_unallocated_tty(cardmgr_t)
term_dontaudit_use_generic_pty(cardmgr_t)
- files_dontaudit_read_root_file(cardmgr_t)
+ files_dontaudit_read_root_files(cardmgr_t)
')
optional_policy(`selinuxutil',`
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(mdadm_t)
term_dontaudit_use_generic_pty(mdadm_t)
- files_dontaudit_read_root_file(mdadm_t)
+ files_dontaudit_read_root_files(mdadm_t)
')
optional_policy(`selinux',`
files_read_etc_files(newrole_t)
files_read_var_files(newrole_t)
-files_read_var_symlink(newrole_t)
+files_read_var_symlinks(newrole_t)
libs_use_ld_so(newrole_t)
libs_use_shared_libs(newrole_t)
dev_relabel_all_dev_nodes(restorecon_t)
files_relabel_all_files(restorecon_t)
-files_list_all_dirs(restorecon_t)
+files_list_all(restorecon_t)
# this is to satisfy the assertion:
auth_relabelto_shadow(restorecon_t)
# relabeling rules
kernel_relabel_unlabeled(setfiles_t)
dev_relabel_all_dev_nodes(setfiles_t)
-files_list_all_dirs(setfiles_t)
+files_list_all(setfiles_t)
files_relabel_all_files(setfiles_t)
# this is to satisfy the assertion:
auth_relabelto_shadow(setfiles_t)
term_dontaudit_use_unallocated_tty(dhcpc_t)
term_dontaudit_use_generic_pty(dhcpc_t)
- files_dontaudit_read_root_file(dhcpc_t)
+ files_dontaudit_read_root_files(dhcpc_t)
')
optional_policy(`consoletype',`
domain_use_wide_inherit_fd(ifconfig_t)
-files_dontaudit_read_root_file(ifconfig_t)
+files_dontaudit_read_root_files(ifconfig_t)
init_use_fd(ifconfig_t)
init_use_script_pty(ifconfig_t)
files_read_etc_runtime_files(udev_t)
files_read_etc_files(udev_t)
files_exec_etc_files(udev_t)
-files_dontaudit_search_isid_type_dir(udev_t)
+files_dontaudit_search_isid_type_dirs(udev_t)
files_getattr_generic_locks(udev_t)
files_search_mnt(udev_t)
files_dontaudit_getattr_non_security_symlinks($1_t)
files_dontaudit_getattr_non_security_pipes($1_t)
files_dontaudit_getattr_non_security_sockets($1_t)
- files_dontaudit_getattr_non_security_blk_dev($1_t)
- files_dontaudit_getattr_non_security_chr_dev($1_t)
+ files_dontaudit_getattr_non_security_blk_files($1_t)
+ files_dontaudit_getattr_non_security_chr_files($1_t)
# Caused by su - init scripts
init_dontaudit_use_script_pty($1_t)
')
optional_policy(`rpm',`
- files_getattr_var_lib_dir($1_t)
+ files_getattr_var_lib_dirs($1_t)
files_search_var_lib($1_t)
')