diff options
author | Nathan Straz <nstraz@redhat.com> | 2009-11-30 17:34:36 -0500 |
---|---|---|
committer | Nathan Straz <nstraz@redhat.com> | 2009-11-30 17:34:36 -0500 |
commit | 9c3e3fc8d6027b6337d452e30348c68ca600acb9 (patch) | |
tree | a8180846766084066f5cd0cd5cd174d3e571e61c | |
parent | 13b7feb30ad7ca52fe5af08881278844904489b6 (diff) | |
download | qarsh-9c3e3fc8d6027b6337d452e30348c68ca600acb9.tar.gz qarsh-9c3e3fc8d6027b6337d452e30348c68ca600acb9.tar.xz qarsh-9c3e3fc8d6027b6337d452e30348c68ca600acb9.zip |
Add system interfaces to qarshd policy
This allows qarshd to make any system interface transition.
Tested against selinux-policy-3.6.32-41.fc12.noarch.
-rw-r--r-- | SELinux/Makefile | 2 | ||||
-rw-r--r-- | SELinux/qarshd.bad-interfaces | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/SELinux/Makefile b/SELinux/Makefile index c810efb..8b978d7 100644 --- a/SELinux/Makefile +++ b/SELinux/Makefile @@ -10,7 +10,7 @@ qarshd.te: qarshd.te.in qarshd.te.trans # Pull all interfaces listed in policy.xml from the services or apps layer # which have one parameter named domains and whose name contains domtrans -allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml) +allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps" or @name = "system"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml) badinterfaces := $(shell cat qarshd.bad-interfaces) # Filter out interfaces which break policy building or loading. diff --git a/SELinux/qarshd.bad-interfaces b/SELinux/qarshd.bad-interfaces index 72c5736..3139085 100644 --- a/SELinux/qarshd.bad-interfaces +++ b/SELinux/qarshd.bad-interfaces @@ -7,6 +7,10 @@ bluetooth_domtrans_helper clockspeed_domtrans_cli ddclient_domtrans ifplugd_domtrans +locallogin_domtrans +locallogin_domtrans_sulogin +modutils_domtrans_insmod +mount_domtrans oav_domtrans_update openca_domtrans pki_ca_script_domtrans @@ -20,6 +24,9 @@ qemu_domtrans rgmanager_domtrans samba_domtrans_net sendmail_domtrans +seutil_domtrans_restorecon +seutil_domtrans_setfiles_mac +seutil_init_script_domtrans_runinit thunderbird_domtrans uwimap_domtrans wireshark_domtrans |