-policy_module(alsa, 1.7.0)
+policy_module(alsa, 1.7.1)
########################################
#
dev_read_sound(alsa_t)
dev_write_sound(alsa_t)
+dev_read_sysfs(alsa_t)
corecmd_exec_bin(alsa_t)
-policy_module(consoletype, 1.7.0)
+policy_module(consoletype, 1.7.1)
########################################
#
# Local declarations
#
-allow consoletype_t self:capability sys_admin;
+allow consoletype_t self:capability { sys_admin sys_tty_config };
allow consoletype_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow consoletype_t self:fd use;
allow consoletype_t self:fifo_file rw_fifo_file_perms;
fs_getattr_all_fs(consoletype_t)
fs_search_auto_mountpoints(consoletype_t)
fs_write_nfs_files(consoletype_t)
+fs_list_inotifyfs(consoletype_t)
mls_file_read_all_levels(consoletype_t)
mls_file_write_all_levels(consoletype_t)
-policy_module(netutils, 1.8.2)
+policy_module(netutils, 1.8.3)
########################################
#
files_read_etc_files(ping_t)
files_dontaudit_search_var(ping_t)
+kernel_read_system_state(ping_t)
+
auth_use_nsswitch(ping_t)
logging_send_syslog_msg(ping_t)
term_use_all_user_ptys(ping_t)
')
+optional_policy(`
+ munin_append_log(ping_t)
+')
+
optional_policy(`
pcmcia_use_cardmgr_fds(ping_t)
')
corecmd_search_bin($1)
domtrans_pattern($1, vbetool_exec_t, vbetool_t)
')
+
+########################################
+## <summary>
+## Execute vbetool in the vbetool domain, and
+## allow the specified role the vbetool domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to be allowed the vbetool domain.
+## </summary>
+## </param>
+#
+interface(`vbetool_run',`
+ gen_require(`
+ type vbetool_t;
+ ')
+
+ vbetool_domtrans($1)
+ role $2 types vbetool_t;
+')
-policy_module(vbetool, 1.3.0)
+policy_module(vbetool, 1.3.1)
########################################
#
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
+domain_mmap_low(vbetool_t)
+
term_use_unallocated_ttys(vbetool_t)
miscfiles_read_localization(vbetool_t)
sysnet_run_ifconfig(vpnc_t, $2)
')
+########################################
+## <summary>
+## Send VPN clients the kill signal.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`vpn_kill',`
+ gen_require(`
+ type vpnc_t;
+ ')
+
+ allow $1 vpnc_t:process sigkill;
+')
+
########################################
## <summary>
## Send generic signals to VPN clients.
allow $1 vpnc_t:process signal;
')
+########################################
+## <summary>
+## Send signull to VPN clients.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`vpn_signull',`
+ gen_require(`
+ type vpnc_t;
+ ')
+
+ allow $1 vpnc_t:process signull;
+')
+
########################################
## <summary>
## Send and receive messages from
-policy_module(vpn, 1.10.2)
+policy_module(vpn, 1.10.3)
########################################
#
files_search_etc($1)
')
+#######################################
+## <summary>
+## Append to the munin log.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`munin_append_log',`
+ gen_require(`
+ type munin_log_t;
+ ')
+
+ allow $1 munin_log_t:file append_file_perms;
+ logging_search_logs($1)
+')
+
#######################################
## <summary>
## Search munin library directories.
-policy_module(munin, 1.6.1)
+policy_module(munin, 1.6.2)
########################################
#