# Local policy
#
-kernel_read_ring_buffer(staff_usertype)
-kernel_getattr_core_if(staff_usertype)
-kernel_getattr_message_if(staff_usertype)
-kernel_read_software_raid_state(staff_usertype)
-kernel_read_fs_sysctls(staff_usertype)
+kernel_read_ring_buffer(staff_t)
+kernel_getattr_core_if(staff_t)
+kernel_getattr_message_if(staff_t)
+kernel_read_software_raid_state(staff_t)
+kernel_read_fs_sysctls(staff_t)
-fs_read_hugetlbfs_files(staff_usertype)
+fs_read_hugetlbfs_files(staff_t)
-dev_read_cpuid(staff_usertype)
+dev_read_cpuid(staff_t)
-domain_read_all_domains_state(staff_usertype)
-domain_getattr_all_domains(staff_usertype)
+domain_read_all_domains_state(staff_t)
+domain_getattr_all_domains(staff_t)
domain_obj_id_change_exemption(staff_t)
-files_read_kernel_modules(staff_usertype)
+files_read_kernel_modules(staff_t)
seutil_read_module_store(staff_t)
seutil_run_newrole(staff_t, staff_r)
storage_read_scsi_generic(staff_t)
storage_write_scsi_generic(staff_t)
-term_use_unallocated_ttys(staff_usertype)
+term_use_unallocated_ttys(staff_t)
auth_domtrans_pam_console(staff_t)
init_dbus_chat(staff_t)
init_dbus_chat_script(staff_t)
-miscfiles_read_hwdata(staff_usertype)
+miscfiles_read_hwdata(staff_t)
ifndef(`enable_mls',`
selinux_read_policy(staff_t)
')
optional_policy(`
- chrome_role(staff_r, staff_usertype)
+ chrome_role(staff_r, staff_t)
')
optional_policy(`
')
optional_policy(`
- mozilla_run_plugin(staff_usertype, staff_r)
+ mozilla_run_plugin(staff_t, staff_r)
')
optional_policy(`
- modutils_read_module_config(staff_usertype)
- modutils_read_module_deps(staff_usertype)
+ modutils_read_module_config(staff_t)
+ modutils_read_module_deps(staff_t)
')
optional_policy(`
')
optional_policy(`
- rpm_dbus_chat(staff_usertype)
+ rpm_dbus_chat(staff_t)
')
optional_policy(`
#')
optional_policy(`
- userhelper_console_role_template(staff, staff_r, staff_usertype)
+ userhelper_console_role_template(staff, staff_r, staff_t)
')
optional_policy(`
')
tunable_policy(`allow_execmod',`
- userdom_execmod_user_home_files(staff_usertype)
+ userdom_execmod_user_home_files(staff_t)
')
userdom_manage_home_role(unconfined_r, unconfined_t)
userdom_manage_tmp_role(unconfined_r, unconfined_t)
userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
-userdom_unpriv_usertype(unconfined, unconfined_t)
+userdom_unpriv_t(unconfined, unconfined_t)
type unconfined_exec_t;
init_system_domain(unconfined_t, unconfined_exec_t)
')
tunable_policy(`allow_execmod',`
- userdom_execmod_user_home_files(unconfined_usertype)
+ userdom_execmod_user_home_files(unconfined_t)
')
tunable_policy(`unconfined_login',`
optional_policy(`
gen_require(`
- attribute unconfined_usertype;
+ attribute unconfined_t;
')
optional_policy(`
- abrt_dbus_chat(unconfined_usertype)
- abrt_run_helper(unconfined_usertype, unconfined_r)
+ abrt_dbus_chat(unconfined_t)
+ abrt_run_helper(unconfined_t, unconfined_r)
')
optional_policy(`
- avahi_dbus_chat(unconfined_usertype)
+ avahi_dbus_chat(unconfined_t)
')
optional_policy(`
- blueman_dbus_chat(unconfined_usertype)
+ blueman_dbus_chat(unconfined_t)
')
optional_policy(`
- certmonger_dbus_chat(unconfined_usertype)
+ certmonger_dbus_chat(unconfined_t)
')
optional_policy(`
- devicekit_dbus_chat(unconfined_usertype)
- devicekit_dbus_chat_disk(unconfined_usertype)
- devicekit_dbus_chat_power(unconfined_usertype)
+ devicekit_dbus_chat(unconfined_t)
+ devicekit_dbus_chat_disk(unconfined_t)
+ devicekit_dbus_chat_power(unconfined_t)
')
optional_policy(`
- hal_dbus_chat(unconfined_usertype)
+ hal_dbus_chat(unconfined_t)
')
optional_policy(`
- networkmanager_dbus_chat(unconfined_usertype)
+ networkmanager_dbus_chat(unconfined_t)
')
optional_policy(`
- policykit_role(unconfined_r, unconfined_usertype)
+ policykit_role(unconfined_r, unconfined_t)
')
optional_policy(`
- rtkit_scheduled(unconfined_usertype)
+ rtkit_scheduled(unconfined_t)
')
optional_policy(`
- setroubleshoot_dbus_chat(unconfined_usertype)
+ setroubleshoot_dbus_chat(unconfined_t)
setroubleshoot_dbus_chat_fixit(unconfined_t)
')
optional_policy(`
- sandbox_transition(unconfined_usertype, unconfined_r)
+ sandbox_transition(unconfined_t, unconfined_r)
')
optional_policy(`
type user_tmpfs_t;
')
- xserver_rw_session(unconfined_usertype, user_tmpfs_t)
- xserver_run_xauth(unconfined_usertype, unconfined_r)
- xserver_dbus_chat_xdm(unconfined_usertype)
+ xserver_rw_session(unconfined_t, user_tmpfs_t)
+ xserver_run_xauth(unconfined_t, unconfined_r)
+ xserver_dbus_chat_xdm(unconfined_t)
')
')
')
optional_policy(`
- chrome_role_notrans(unconfined_r, unconfined_usertype)
+ chrome_role_notrans(unconfined_r, unconfined_t)
tunable_policy(`unconfined_chrome_sandbox_transition',`
- chrome_domtrans_sandbox(unconfined_usertype)
+ chrome_domtrans_sandbox(unconfined_t)
')
')
')
')
- init_dbus_chat(unconfined_usertype)
- init_dbus_chat_script(unconfined_usertype)
+ init_dbus_chat(unconfined_t)
+ init_dbus_chat_script(unconfined_t)
dbus_stub(unconfined_t)
optional_policy(`
- bluetooth_dbus_chat(unconfined_usertype)
+ bluetooth_dbus_chat(unconfined_t)
')
optional_policy(`
- consolekit_dbus_chat(unconfined_usertype)
+ consolekit_dbus_chat(unconfined_t)
')
optional_policy(`
- cups_dbus_chat_config(unconfined_usertype)
+ cups_dbus_chat_config(unconfined_t)
')
optional_policy(`
- fprintd_dbus_chat(unconfined_usertype)
+ fprintd_dbus_chat(unconfined_t)
')
optional_policy(`
- gnomeclock_dbus_chat(unconfined_usertype)
- gnome_dbus_chat_gconfdefault(unconfined_usertype)
+ gnomeclock_dbus_chat(unconfined_t)
+ gnome_dbus_chat_gconfdefault(unconfined_t)
gnome_command_domtrans_gkeyringd(unconfined_dbusd_t,unconfined_t)
')
optional_policy(`
- ipsec_mgmt_dbus_chat(unconfined_usertype)
+ ipsec_mgmt_dbus_chat(unconfined_t)
')
optional_policy(`
- kerneloops_dbus_chat(unconfined_usertype)
+ kerneloops_dbus_chat(unconfined_t)
')
optional_policy(`
')
optional_policy(`
- oddjob_dbus_chat(unconfined_usertype)
+ oddjob_dbus_chat(unconfined_t)
')
optional_policy(`
- vpn_dbus_chat(unconfined_usertype)
+ vpn_dbus_chat(unconfined_t)
')
')
optional_policy(`
- firewallgui_dbus_chat(unconfined_usertype)
+ firewallgui_dbus_chat(unconfined_t)
')
optional_policy(`
mozilla_role_plugin(unconfined_r)
tunable_policy(`unconfined_mozilla_plugin_transition', `
- mozilla_domtrans_plugin(unconfined_usertype)
+ mozilla_domtrans_plugin(unconfined_t)
')
')
userdom_unpriv_user_template(user)
fs_exec_noxattr(user_t)
-fs_read_hugetlbfs_files(user_usertype)
+fs_read_hugetlbfs_files(user_t)
storage_read_scsi_generic(user_t)
storage_write_scsi_generic(user_t)
tunable_policy(`allow_execmod',`
- userdom_execmod_user_home_files(user_usertype)
+ userdom_execmod_user_home_files(user_t)
')
optional_policy(`
')
optional_policy(`
- chrome_role(user_r, user_usertype)
+ chrome_role(user_r, user_t)
')
optional_policy(`
')
optional_policy(`
- mozilla_run_plugin(user_usertype, user_r)
+ mozilla_run_plugin(user_t, user_r)
')
optional_policy(`
optional_policy(`
- chrome_role(xguest_r, xguest_usertype)
+ chrome_role(xguest_r, xguest_t)
')
optional_policy(`
')
optional_policy(`
- mozilla_run_plugin(xguest_usertype, xguest_r)
+ mozilla_run_plugin(xguest_t, xguest_r)
')
optional_policy(`
- pcscd_read_pub_files(xguest_usertype)
- pcscd_stream_connect(xguest_usertype)
+ pcscd_read_pub_files(xguest_t)
+ pcscd_stream_connect(xguest_t)
')
optional_policy(`
optional_policy(`
tunable_policy(`xguest_connect_network',`
- kernel_read_network_state(xguest_usertype)
+ kernel_read_network_state(xguest_t)
networkmanager_dbus_chat(xguest_t)
networkmanager_read_lib_files(xguest_t)
- corenet_tcp_connect_pulseaudio_port(xguest_usertype)
- corenet_all_recvfrom_unlabeled(xguest_usertype)
- corenet_all_recvfrom_netlabel(xguest_usertype)
- corenet_tcp_sendrecv_generic_if(xguest_usertype)
- corenet_raw_sendrecv_generic_if(xguest_usertype)
- corenet_tcp_sendrecv_generic_node(xguest_usertype)
- corenet_raw_sendrecv_generic_node(xguest_usertype)
- corenet_tcp_sendrecv_http_port(xguest_usertype)
- corenet_tcp_sendrecv_http_cache_port(xguest_usertype)
- corenet_tcp_sendrecv_squid_port(xguest_usertype)
- corenet_tcp_sendrecv_ftp_port(xguest_usertype)
- corenet_tcp_sendrecv_ipp_port(xguest_usertype)
- corenet_tcp_connect_http_port(xguest_usertype)
- corenet_tcp_connect_http_cache_port(xguest_usertype)
- corenet_tcp_connect_squid_port(xguest_usertype)
- corenet_tcp_connect_flash_port(xguest_usertype)
- corenet_tcp_connect_ftp_port(xguest_usertype)
- corenet_tcp_connect_ipp_port(xguest_usertype)
- corenet_tcp_connect_generic_port(xguest_usertype)
- corenet_tcp_connect_soundd_port(xguest_usertype)
- corenet_sendrecv_http_client_packets(xguest_usertype)
- corenet_sendrecv_http_cache_client_packets(xguest_usertype)
- corenet_sendrecv_squid_client_packets(xguest_usertype)
- corenet_sendrecv_ftp_client_packets(xguest_usertype)
- corenet_sendrecv_ipp_client_packets(xguest_usertype)
- corenet_sendrecv_generic_client_packets(xguest_usertype)
+ corenet_tcp_connect_pulseaudio_port(xguest_t)
+ corenet_all_recvfrom_unlabeled(xguest_t)
+ corenet_all_recvfrom_netlabel(xguest_t)
+ corenet_tcp_sendrecv_generic_if(xguest_t)
+ corenet_raw_sendrecv_generic_if(xguest_t)
+ corenet_tcp_sendrecv_generic_node(xguest_t)
+ corenet_raw_sendrecv_generic_node(xguest_t)
+ corenet_tcp_sendrecv_http_port(xguest_t)
+ corenet_tcp_sendrecv_http_cache_port(xguest_t)
+ corenet_tcp_sendrecv_squid_port(xguest_t)
+ corenet_tcp_sendrecv_ftp_port(xguest_t)
+ corenet_tcp_sendrecv_ipp_port(xguest_t)
+ corenet_tcp_connect_http_port(xguest_t)
+ corenet_tcp_connect_http_cache_port(xguest_t)
+ corenet_tcp_connect_squid_port(xguest_t)
+ corenet_tcp_connect_flash_port(xguest_t)
+ corenet_tcp_connect_ftp_port(xguest_t)
+ corenet_tcp_connect_ipp_port(xguest_t)
+ corenet_tcp_connect_generic_port(xguest_t)
+ corenet_tcp_connect_soundd_port(xguest_t)
+ corenet_sendrecv_http_client_packets(xguest_t)
+ corenet_sendrecv_http_cache_client_packets(xguest_t)
+ corenet_sendrecv_squid_client_packets(xguest_t)
+ corenet_sendrecv_ftp_client_packets(xguest_t)
+ corenet_sendrecv_ipp_client_packets(xguest_t)
+ corenet_sendrecv_generic_client_packets(xguest_t)
# Should not need other ports
- corenet_dontaudit_tcp_sendrecv_generic_port(xguest_usertype)
- corenet_dontaudit_tcp_bind_generic_port(xguest_usertype)
- corenet_tcp_connect_speech_port(xguest_usertype)
- corenet_tcp_sendrecv_transproxy_port(xguest_usertype)
- corenet_tcp_connect_transproxy_port(xguest_usertype)
+ corenet_dontaudit_tcp_sendrecv_generic_port(xguest_t)
+ corenet_dontaudit_tcp_bind_generic_port(xguest_t)
+ corenet_tcp_connect_speech_port(xguest_t)
+ corenet_tcp_sendrecv_transproxy_port(xguest_t)
+ corenet_tcp_connect_transproxy_port(xguest_t)
')
#optional_policy(`
projects / people / stevee / selinux-policy.git / commitdiff
