File suse_minimal_cc.patch of Package selinux-policy

Overview Repositories Revisions Requests Users Attributes Meta

File suse_minimal_cc.patch of Package selinux-policy

Index: serefpolicy-contrib-20140730/suse.te
===================================================================
--- /dev/null
+++ serefpolicy-contrib-20140730/suse.te
@@ -0,0 +1,88 @@
+policy_module(suse, 1.1.2)
+
+require {
+        type bin_t;
+        type chkpwd_t;
+        type getty_t;
+        type groupadd_t;
+        type init_exec_t;
+        type init_t;
+        type policykit_t;
+        type postfix_master_t;
+        type restorecond_t;
+        type rtkit_daemon_t;
+        type sshd_t;
+        type syslogd_t;
+        type system_dbusd_t;
+        type systemd_localed_t;
+        type systemd_logind_t;
+        type systemd_systemctl_exec_t;
+        type unconfined_service_t;
+        type unconfined_t;
+        type useradd_t;
+        type var_run_t;
+
+        class file { read open getattr entrypoint };
+        class netlink_selinux_socket { create bind };
+        class sock_file write;
+}
+
+#============= chkpwd_t ==============
+allow chkpwd_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(chkpwd_t)
+
+#============= getty_t ==============
+allow getty_t var_run_t:sock_file write;
+plymouthd_exec_plymouth(getty_t)
+kernel_stream_connect(getty_t)
+
+#============= policykit_t ==============
+allow policykit_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(policykit_t)
+
+#============= postfix_master_t ==============
+allow postfix_master_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(postfix_master_t)
+
+#============= rtkit_daemon_t ==============
+allow rtkit_daemon_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(rtkit_daemon_t)
+
+#============= sshd_t ==============
+allow sshd_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(sshd_t)
+
+#============= restorecond_t ==============
+allow restorecond_t var_run_t:sock_file write;
+
+#============= syslogd_t ==============
+allow syslogd_t var_run_t:file { read getattr open };
+allow syslogd_t var_run_t:sock_file write;
+
+#============= systemd_localed_t ==============
+systemd_dbus_chat_localed(unconfined_service_t)
+
+#============= systemd_logind_t ==============
+allow systemd_logind_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(systemd_logind_t)
+systemd_dbus_chat_logind(unconfined_service_t)
+
+#============= unconfined_service_t ==============
+unconfined_shell_domtrans(unconfined_service_t)
+
+#============= unconfined_t ==============
+allow unconfined_t systemd_systemctl_exec_t:file entrypoint;
+allow init_t unconfined_t:process transition;
+allow unconfined_t init_exec_t:file entrypoint;
+
+#============= groupadd_t ==============
+allow groupadd_t self:netlink_selinux_socket { create bind };
+allow groupadd_t var_run_t:sock_file write;
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t var_run_t:sock_file write;
+
+#============= useradd_t ==============
+allow useradd_t var_run_t:sock_file write;
+selinux_compute_access_vector(useradd_t)
+
Index: serefpolicy-contrib-20140730/suse.fc
===================================================================
--- /dev/null
+++ serefpolicy-contrib-20140730/suse.fc
@@ -0,0 +1 @@
+/usr/lib/gdm/.* -- gen_context(system_u:object_r:bin_t,s0)
Index: serefpolicy-contrib-20140730/suse.if
===================================================================
--- /dev/null
+++ serefpolicy-contrib-20140730/suse.if
@@ -0,0 +1,24 @@
+## <summary>asdfsdfABRT - automated bug-reporting tool</summary>
+
+######################################
+## <summary>
+##  Creates types and rules for a basic
+##  ABRT daemon domainadsasdf
+## </summary>
+## <param name="prefix">
+##  <summary>
+##  Prefix for the domain.
+##  </summary>
+## </param>
+#
+template(`abrt_asdfasfasfbasic_types_template',`
+    gen_require(`
+        attribute abrt_domain;
+    ')
+
+    type $1_t, abrt_domain;
+    type $1_exec_t;
+
+	kernel_read_system_state($1_t)
+')
+

Places

File suse_minimal_cc.patch of Package selinux-policy

Places