rpms / fapolicyd

Clone
Source Code
GIT

Blame SOURCES/selinux-backport.patch

c8 c8-beta c8s c9 c9-beta
  1.   afdf3404fee24e1a99909291b8475c069711a334
  2.   SOURCES
  3.   selinux-backport.patch
Blob History Raw
afdf34 
diff -up ./fapolicyd-selinux-0.4/fapolicyd.if.backport ./fapolicyd-selinux-0.4/fapolicyd.if
afdf34 
--- ./fapolicyd-selinux-0.4/fapolicyd.if.backport	2021-03-23 10:21:31.000000000 +0100
afdf34 
+++ ./fapolicyd-selinux-0.4/fapolicyd.if	2021-07-20 17:38:51.266053356 +0200
afdf34 
@@ -2,6 +2,122 @@
afdf34
afdf34 
 ########################################
afdf34 
 ## <summary>
afdf34 
+##	Watch_mount directories in /boot.
afdf34 
+## </summary>
afdf34 
+## <param name="domain">
afdf34 
+##	<summary>
afdf34 
+##	Domain allowed access.
afdf34 
+##	</summary>
afdf34 
+## </param>
afdf34 
+#
afdf34 
+
afdf34 
+ifndef(`files_watch_mount_boot_dirs',`
afdf34 
+    interface(`files_watch_mount_boot_dirs',`
afdf34 
+        gen_require(`
afdf34 
+            type boot_t;
afdf34 
+	    ')
afdf34 
+
afdf34 
+	        allow $1 boot_t:dir watch_mount_dir_perms;
afdf34 
+    ')
afdf34 
+')
afdf34 
+
afdf34 
+
afdf34 
+########################################
afdf34 
+## <summary>
afdf34 
+##	Watch_mount home directories.
afdf34 
+## </summary>
afdf34 
+## <param name="domain">
afdf34 
+##	<summary>
afdf34 
+##	Domain allowed access.
afdf34 
+##	</summary>
afdf34 
+## </param>
afdf34 
+#
afdf34 
+
afdf34 
+ifndef(`files_watch_mount_home',`
afdf34 
+    interface(`files_watch_mount_home',`
afdf34 
+        gen_require(`
afdf34 
+            type home_root_t;
afdf34 
+	    ')
afdf34 
+
afdf34 
+	    allow $1 home_root_t:dir watch_mount_dir_perms;
afdf34 
+    ')
afdf34 
+')
afdf34 
+
afdf34 
+
afdf34 
+########################################
afdf34 
+## <summary>
afdf34 
+##	Watch_with_perm home directories.
afdf34 
+## </summary>
afdf34 
+## <param name="domain">
afdf34 
+##	<summary>
afdf34 
+##	Domain allowed access.
afdf34 
+##	</summary>
afdf34 
+## </param>
afdf34 
+#
afdf34 
+
afdf34 
+ifndef(`files_watch_with_perm_home',`
afdf34 
+interface(`files_watch_with_perm_home',`
afdf34 
+	gen_require(`
afdf34 
+		type home_root_t;
afdf34 
+	')
afdf34 
+
afdf34 
+	allow $1 home_root_t:dir watch_with_perm_dir_perms;
afdf34 
+')
afdf34 
+')
afdf34 
+
afdf34 
+
afdf34 
+########################################
afdf34 
+## <summary>
afdf34 
+##	Watch_mount dirs on a DOS filesystem.
afdf34 
+## </summary>
afdf34 
+## <param name="domain">
afdf34 
+##	<summary>
afdf34 
+##	Domain allowed access.
afdf34 
+##	</summary>
afdf34 
+## </param>
afdf34 
+#
afdf34 
+
afdf34 
+ifndef(`fs_watch_mount_dos_dirs',`
afdf34 
+interface(`fs_watch_mount_dos_dirs',`
afdf34 
+	gen_require(`
afdf34 
+		type dosfs_t;
afdf34 
+	')
afdf34 
+
afdf34 
+	watch_mount_dirs_pattern($1, dosfs_t, dosfs_t)
afdf34 
+')
afdf34 
+')
afdf34 
+
afdf34 
+
afdf34 
+
afdf34 
+########################################
afdf34 
+## <summary>
afdf34 
+##	Watch_with_perm dirs on a DOS filesystem.
afdf34 
+## </summary>
afdf34 
+## <param name="domain">
afdf34 
+##	<summary>
afdf34 
+##	Domain allowed access.
afdf34 
+##	</summary>
afdf34 
+## </param>
afdf34 
+#
afdf34 
+
afdf34 
+ifndef(`fs_watch_with_perm_dos_dirs',`
afdf34 
+interface(`fs_watch_with_perm_dos_dirs',`
afdf34 
+	gen_require(`
afdf34 
+		type dosfs_t;
afdf34 
+	')
afdf34 
+
afdf34 
+	watch_with_perm_dirs_pattern($1, dosfs_t, dosfs_t)
afdf34 
+')
afdf34 
+')
afdf34 
+
afdf34 
+
afdf34 
+###################################################################################################
afdf34 
+
afdf34 
+
afdf34 
+
afdf34 
+
afdf34 
+########################################
afdf34 
+## <summary>
afdf34 
 ##	Execute fapolicyd_exec_t in the fapolicyd domain.
afdf34 
 ## </summary>
afdf34 
 ## <param name="domain">
afdf34 
diff -up ./fapolicyd-selinux-0.4/fapolicyd.te.backport ./fapolicyd-selinux-0.4/fapolicyd.te
afdf34 
--- ./fapolicyd-selinux-0.4/fapolicyd.te.backport	2021-07-20 17:31:12.161166538 +0200
afdf34 
+++ ./fapolicyd-selinux-0.4/fapolicyd.te	2021-07-20 17:31:12.162166524 +0200
afdf34 
@@ -1,5 +1,6 @@
afdf34 
 policy_module(fapolicyd, 1.0.0)
afdf34
afdf34 
+
afdf34 
 ########################################
afdf34 
 #
afdf34 
 # Declarations

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation