Changeset View
Changeset View
Standalone View
Standalone View
autotests/input/test.te
Show All 23 Lines | 19 | require { | |||
---|---|---|---|---|---|
24 | class unix_stream_socket connectto; | 24 | class unix_stream_socket connectto; | ||
25 | } | 25 | } | ||
26 | 26 | | |||
27 | allow httpd_t httpd_sys_content_t:sock_file write; | 27 | allow httpd_t httpd_sys_content_t:sock_file write; | ||
28 | allow httpd_t initrc_t:unix_stream_socket connectto; | 28 | allow httpd_t initrc_t:unix_stream_socket connectto; | ||
29 | 29 | | |||
30 | # Refpolicy | 30 | # Refpolicy | ||
31 | tunable_policy(`allow_execmem',` | 31 | tunable_policy(`allow_execmem',` | ||
32 | /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df); | 32 | /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b); | ||
33 | ') | 33 | ') | ||
34 | # M4 Macros | 34 | # M4 Macros | ||
35 | regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***') | 35 | regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***') | ||
36 | ifdef(`distro_ubuntu',` | 36 | ifdef(`distro_ubuntu',` | ||
37 | unconfined_domain(chkpwd_t) | 37 | unconfined_domain(chkpwd_t) | ||
38 | ') | 38 | ') | ||
39 | 39 | | |||
40 | dominance { gen_dominance(0,decr($1)) }; | 40 | dominance { gen_dominance(0,decr($1)) }; | ||
41 | neverallow user=_isolated domain=((?!isolated_app).)* | 41 | neverallow user=_isolated domain=((?!isolated_app).)* | ||
42 | 42 | | |||
43 | allow consoletype_t self:capability { sys_admin sys_tty_config }; | 43 | allow consoletype_t self:capability { sys_admin sys_tty_config }; | ||
44 | allow consoletype_t self:msg { send receive }; | 44 | allow consoletype_t self:msg { send receive }; | ||
45 | 45 | | |||
46 | # sample for administrative user | 46 | # sample for administrative user | ||
47 | user jadmin roles { staff_r sysadm_r }; | 47 | user jadmin roles { staff_r sysadm_r }; | ||
48 | # sample for regular user | 48 | # sample for regular user | ||
49 | user jdoe roles { user_r }; | 49 | user jdoe roles { user_r }; | ||
50 | 50 | | |||
51 | default_user process source; | 51 | default_user process source; | ||
52 | default_range process source low; | 52 | default_range process source low; | ||
53 | default_range name GLBLUB; | ||||
53 | 54 | | |||
54 | sid devnull; | 55 | sid devnull; | ||
55 | sid sysctl; | 56 | sid sysctl; | ||
56 | 57 | | |||
57 | common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton }; | 58 | common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton }; | ||
58 | class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod }; | 59 | class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod }; | ||
59 | class class; | 60 | class class; | ||
60 | 61 | | |||
▲ Show 20 Lines • Show All 79 Lines • Show Last 20 Lines |