[selinux-policy: 758/3172] fix requires
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:10:24 UTC 2010
commit 90c3ddefe312d7699297d6b61f31a4abb90909df
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Oct 19 13:11:49 2005 +0000
fix requires
refpolicy/policy/modules/system/userdomain.if | 84 +++++--------------------
1 files changed, 15 insertions(+), 69 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 013f085..7223e0a 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -993,7 +993,7 @@ template(`admin_user_template',`
#
template(`userdom_search_user_home',`
gen_require(`
- class dir { getattr search };
+ type $1_home_dir_t;
')
files_search_home($2)
@@ -1023,8 +1023,7 @@ template(`userdom_search_user_home',`
#
template(`userdom_read_user_home_files',`
gen_require(`
- class dir search;
- class file r_file_perms;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1056,7 +1055,7 @@ template(`userdom_read_user_home_files',`
#
template(`userdom_exec_user_home_files',`
gen_require(`
- class dir search;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1090,8 +1089,7 @@ template(`userdom_exec_user_home_files',`
#
template(`userdom_manage_user_home_subdir_files',`
gen_require(`
- class dir rw_dir_perms;
- class file create_file_perms;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1125,8 +1123,7 @@ template(`userdom_manage_user_home_subdir_files',`
#
template(`userdom_manage_user_home_subdir_symlinks',`
gen_require(`
- class dir rw_dir_perms;
- class lnk_file create_lnk_perms;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1160,8 +1157,7 @@ template(`userdom_manage_user_home_subdir_symlinks',`
#
template(`userdom_manage_user_home_subdir_pipes',`
gen_require(`
- class dir rw_dir_perms;
- class fifo_file create_file_perms;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1195,8 +1191,7 @@ template(`userdom_manage_user_home_subdir_pipes',`
#
template(`userdom_manage_user_home_subdir_sockets',`
gen_require(`
- class dir rw_dir_perms;
- class sock_file create_file_perms;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1233,7 +1228,7 @@ template(`userdom_manage_user_home_subdir_sockets',`
#
template(`userdom_create_user_home',`
gen_require(`
- class dir rw_dir_perms;
+ type $1_home_dir_t, $1_home_t;
')
files_search_home($2)
@@ -1272,7 +1267,7 @@ template(`userdom_create_user_home',`
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
- class dir create_dir_perms;
+ type $1_tmp_t;
')
files_search_tmp($2)
@@ -1304,8 +1299,7 @@ template(`userdom_manage_user_tmp_dirs',`
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
- class dir rw_dir_perms;
- class file create_file_perms;
+ type $1_tmp_t;
')
files_search_tmp($2)
@@ -1338,8 +1332,7 @@ template(`userdom_manage_user_tmp_files',`
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
- class dir rw_dir_perms;
- class lnk_file create_lnk_perms;
+ type $1_tmp_t;
')
files_search_tmp($2)
@@ -1372,8 +1365,7 @@ template(`userdom_manage_user_tmp_symlinks',`
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
- class dir rw_dir_perms;
- class fifo_file create_file_perms;
+ type $1_tmp_t;
')
files_search_tmp($2)
@@ -1406,8 +1398,7 @@ template(`userdom_manage_user_tmp_pipes',`
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
- class dir rw_dir_perms;
- class sock_file create_file_perms;
+ type $1_tmp_t;
')
files_search_tmp($2)
@@ -1438,7 +1429,7 @@ template(`userdom_manage_user_tmp_sockets',`
#
template(`userdom_use_user_terminals',`
gen_require(`
- class chr_file rw_term_perms;
+ type $1_tty_device_t, $1_devpts_t;
')
allow $2 $1_tty_device_t:chr_file rw_term_perms;
@@ -1497,9 +1488,6 @@ interface(`userdom_shell_domtrans_sysadm',`
',`
gen_require(`
type sysadm_t;
- class fd use;
- class fifo_file rw_file_perms;
- class process sigchld;
')
corecmd_shell_domtrans($1,sysadm_t)
@@ -1522,7 +1510,6 @@ interface(`userdom_shell_domtrans_sysadm',`
interface(`userdom_search_staff_home_dir',`
gen_require(`
type staff_home_dir_t;
- class dir search;
')
files_search_home($1)
@@ -1541,7 +1528,6 @@ interface(`userdom_search_staff_home_dir',`
interface(`userdom_dontaudit_search_staff_home_dir',`
gen_require(`
type staff_home_dir_t;
- class dir search;
')
dontaudit $1 staff_home_dir_t:dir search;
@@ -1558,9 +1544,6 @@ interface(`userdom_dontaudit_search_staff_home_dir',`
interface(`userdom_read_staff_home_files',`
gen_require(`
type staff_home_dir_t, staff_home_t;
- class dir r_dir_perms;
- class file r_file_perms;
- class lnk_file r_file_perms;
')
files_search_home($1)
@@ -1598,7 +1581,6 @@ interface(`userdom_use_sysadm_tty',`
',`
gen_require(`
type sysadm_tty_device_t;
- class chr_file rw_term_perms;
')
dev_list_all_dev_nodes($1)
@@ -1621,7 +1603,6 @@ interface(`userdom_dontaudit_use_sysadm_tty',`
',`
gen_require(`
type sysadm_tty_device_t;
- class chr_file { read write };
')
dontaudit $1 sysadm_tty_device_t:chr_file { read write };
@@ -1642,7 +1623,6 @@ interface(`userdom_use_sysadm_pty',`
',`
gen_require(`
type sysadm_devpts_t;
- class chr_file rw_term_perms;
')
dev_list_all_dev_nodes($1)
@@ -1698,7 +1678,6 @@ interface(`userdom_dontaudit_use_sysadm_terms',`
',`
gen_require(`
attribute admin_terminal;
- class chr_file { read write };
')
dontaudit $1 admin_terminal:chr_file { read write };
@@ -1720,7 +1699,6 @@ interface(`userdom_use_sysadm_fd',`
',`
gen_require(`
type sysadm_t;
- class fd use;
')
allow $1 sysadm_t:fd use;
@@ -1742,7 +1720,6 @@ interface(`userdom_rw_sysadm_pipe',`
',`
gen_require(`
type sysadm_t;
- class fifo_file rw_file_perms;
')
allow $1 sysadm_t:fifo_file rw_file_perms;
@@ -1794,7 +1771,6 @@ interface(`userdom_search_sysadm_home_dir',`
interface(`userdom_dontaudit_search_sysadm_home_dir',`
gen_require(`
type sysadm_home_dir_t;
- class dir search;
')
dontaudit $1 sysadm_home_dir_t:dir search;
@@ -1812,7 +1788,6 @@ interface(`userdom_dontaudit_search_sysadm_home_dir',`
interface(`userdom_dontaudit_list_sysadm_home_dir',`
gen_require(`
type sysadm_home_dir_t;
- class dir r_dir_perms;
')
dontaudit $1 sysadm_home_dir_t:dir r_dir_perms;
@@ -1829,9 +1804,6 @@ interface(`userdom_dontaudit_list_sysadm_home_dir',`
interface(`userdom_read_sysadm_home_files',`
gen_require(`
type sysadm_home_dir_t, sysadm_home_t;
- class dir r_dir_perms;
- class file r_file_perms;
- class lnk_file r_file_perms;
')
files_search_home($1)
@@ -1850,7 +1822,6 @@ interface(`userdom_read_sysadm_home_files',`
interface(`userdom_search_all_users_home',`
gen_require(`
attribute home_dir_type, home_type;
- class dir search;
')
files_list_home($1)
@@ -1868,7 +1839,6 @@ interface(`userdom_search_all_users_home',`
interface(`userdom_dontaudit_search_all_users_home',`
gen_require(`
attribute home_dir_type, home_type;
- class dir search;
')
dontaudit $1 { home_dir_type home_type }:dir search;
@@ -1885,8 +1855,6 @@ interface(`userdom_dontaudit_search_all_users_home',`
interface(`userdom_read_all_user_files',`
gen_require(`
attribute home_type;
- class dir r_dir_perms;
- class file r_file_perms;
')
files_list_home($1)
@@ -1961,7 +1929,6 @@ interface(`userdom_manage_all_user_symlinks',`
interface(`userdom_signal_unpriv_users',`
gen_require(`
attribute unpriv_userdomain;
- class process signal;
')
allow $1 unpriv_userdomain:process signal;
@@ -1978,7 +1945,6 @@ interface(`userdom_signal_unpriv_users',`
interface(`userdom_use_unpriv_users_fd',`
gen_require(`
attribute unpriv_userdomain;
- class fd use;
')
allow $1 unpriv_userdomain:fd use;
@@ -1996,7 +1962,6 @@ interface(`userdom_use_unpriv_users_fd',`
interface(`userdom_dontaudit_use_unpriv_user_fd',`
gen_require(`
attribute unpriv_userdomain;
- class fd use;
')
dontaudit $1 unpriv_userdomain:fd use;
@@ -2031,7 +1996,6 @@ interface(`userdom_create_user_home_dir',`
interface(`userdom_manage_user_home_dir',`
gen_require(`
type user_home_dir_t;
- class dir create_dir_perms;
')
allow $1 user_home_dir_t:dir create_dir_perms;
@@ -2053,7 +2017,6 @@ interface(`userdom_manage_user_home_dir',`
interface(`userdom_create_user_home',`
gen_require(`
type user_home_dir_t, user_home_t;
- class dir rw_dir_perms;
')
allow $1 user_home_dir_t:dir rw_dir_perms;
@@ -2075,7 +2038,6 @@ interface(`userdom_create_user_home',`
interface(`userdom_dontaudit_search_user_home_dirs',`
gen_require(`
type user_home_t;
- class dir search;
')
dontaudit $1 user_home_t:dir search;
@@ -2094,7 +2056,6 @@ interface(`userdom_dontaudit_search_user_home_dirs',`
interface(`userdom_manage_user_home_dirs',`
gen_require(`
type user_home_t;
- class dir create_dir_perms;
')
allow $1 user_home_t:dir create_dir_perms;
@@ -2112,8 +2073,6 @@ interface(`userdom_manage_user_home_dirs',`
interface(`userdom_manage_user_home_files',`
gen_require(`
type user_home_t;
- class dir rw_dir_perms;
- class file create_file_perms;
')
allow $1 user_home_t:dir rw_dir_perms;
@@ -2132,8 +2091,6 @@ interface(`userdom_manage_user_home_files',`
interface(`userdom_manage_user_home_symlinks',`
gen_require(`
type user_home_t;
- class dir rw_dir_perms;
- class lnk_file create_lnk_perms;
')
allow $1 user_home_t:dir rw_dir_perms;
@@ -2152,8 +2109,6 @@ interface(`userdom_manage_user_home_symlinks',`
interface(`userdom_manage_user_home_pipes',`
gen_require(`
type user_home_t;
- class dir rw_dir_perms;
- class fifo_file create_file_perms;
')
allow $1 user_home_t:dir rw_dir_perms;
@@ -2172,8 +2127,6 @@ interface(`userdom_manage_user_home_pipes',`
interface(`userdom_manage_user_home_sockets',`
gen_require(`
type user_home_t;
- class dir rw_dir_perms;
- class sock_file create_file_perms;
')
allow $1 user_home_t:dir rw_dir_perms;
@@ -2207,7 +2160,7 @@ interface(`userdom_search_unpriv_user_home_dirs',`
#
interface(`userdom_read_unpriv_user_home_files',`
gen_require(`
- type user_home_dir_type, user_home_type;
+ attribute user_home_dir_type, user_home_type;
')
allow $1 user_home_dir_type:dir search;
@@ -2225,7 +2178,6 @@ interface(`userdom_read_unpriv_user_home_files',`
interface(`userdom_write_unpriv_user_tmp',`
gen_require(`
attribute user_tmpfile;
- class file { getattr write append };
')
allow $1 user_tmpfile:file { getattr write append };
@@ -2243,7 +2195,6 @@ interface(`userdom_write_unpriv_user_tmp',`
interface(`userdom_dontaudit_use_unpriv_user_tty',`
gen_require(`
attribute user_ttynode;
- class chr_file rw_file_perms;
')
dontaudit $1 user_ttynode:chr_file rw_file_perms;
@@ -2260,7 +2211,6 @@ interface(`userdom_dontaudit_use_unpriv_user_tty',`
interface(`userdom_use_all_user_fd',`
gen_require(`
attribute userdomain;
- class fd use;
')
allow $1 userdomain:fd use;
@@ -2278,7 +2228,6 @@ interface(`userdom_use_all_user_fd',`
interface(`userdom_dontaudit_use_all_user_fd',`
gen_require(`
attribute userdomain;
- class fd use;
')
dontaudit $1 userdomain:fd use;
@@ -2295,7 +2244,6 @@ interface(`userdom_dontaudit_use_all_user_fd',`
interface(`userdom_signal_all_users',`
gen_require(`
attribute userdomain;
- class process signal;
')
allow $1 userdomain:process signal;
@@ -2312,7 +2260,6 @@ interface(`userdom_signal_all_users',`
interface(`userdom_sigcld_all_users',`
gen_require(`
attribute userdomain;
- class process sigchld;
')
allow $1 userdomain:process sigchld;
@@ -2329,7 +2276,6 @@ interface(`userdom_sigcld_all_users',`
interface(`userdom_unconfined',`
gen_require(`
type user_home_dir_t;
- class dir create_dir_perms;
')
allow $1 user_home_dir_t:dir create_dir_perms;
More information about the scm-commits
mailing list