diff options
author | Nathan Straz <nstraz@redhat.com> | 2009-12-01 16:40:12 -0500 |
---|---|---|
committer | Nathan Straz <nstraz@redhat.com> | 2009-12-01 16:40:12 -0500 |
commit | 8b217f49b7f1bd44be2b01f736a798552d752855 (patch) | |
tree | 913133e72d6d61dbab259e06527f0ec7c6be7304 | |
parent | 14144516bb141a4b5d088fd109c209904d27fda7 (diff) | |
download | qarsh-8b217f49b7f1bd44be2b01f736a798552d752855.tar.gz qarsh-8b217f49b7f1bd44be2b01f736a798552d752855.tar.xz qarsh-8b217f49b7f1bd44be2b01f736a798552d752855.zip |
Add system interfaces to qarshd policy
This allows qarshd to make any system interface transition.
Tested against selinux-policy-devel-2.4.6-264.el5.
-rw-r--r-- | SELinux/Makefile | 2 | ||||
-rw-r--r-- | SELinux/qarshd.bad-interfaces | 9 |
2 files changed, 10 insertions, 1 deletions
diff --git a/SELinux/Makefile b/SELinux/Makefile index c810efb..8b978d7 100644 --- a/SELinux/Makefile +++ b/SELinux/Makefile @@ -10,7 +10,7 @@ qarshd.te: qarshd.te.in qarshd.te.trans # Pull all interfaces listed in policy.xml from the services or apps layer # which have one parameter named domains and whose name contains domtrans -allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml) +allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps" or @name = "system"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml) badinterfaces := $(shell cat qarshd.bad-interfaces) # Filter out interfaces which break policy building or loading. diff --git a/SELinux/qarshd.bad-interfaces b/SELinux/qarshd.bad-interfaces index 62a06c5..f6c8136 100644 --- a/SELinux/qarshd.bad-interfaces +++ b/SELinux/qarshd.bad-interfaces @@ -1,7 +1,11 @@ apache_script_domtrans authbind_domtrans +auth_domtrans_upd_passwd_chk avahi_initrc_domtrans clockspeed_domtrans_cli +daemontools_domtrans_multilog +daemontools_domtrans_run +daemontools_domtrans_start ddclient_domtrans dnsmasq_initrc_domtrans domain_entry_file_spec_domtrans @@ -9,6 +13,10 @@ exim_domtrans fail2ban_domtrans init_script_domtrans_spec loadkeys_domtrans +locallogin_domtrans +modutils_domtrans_insmod +mount_domtrans +netlabel_domtrans_mgmt nx_spec_domtrans_server oav_domtrans_update openca_domtrans @@ -25,6 +33,7 @@ qemu_domtrans qmail_domtrans_inject qmail_domtrans_queue rssh_spec_domtrans_all_users +seutil_init_script_domtrans_runinit spamassassin_spamd_initrc_domtrans tor_domtrans usernetctl_domtrans |