1 |
commit: f6dd933120853968d7def610958d9e25e229cdf3 |
2 |
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com> |
3 |
AuthorDate: Wed Oct 31 15:49:23 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Wed Oct 31 18:01:22 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f6dd9331 |
7 |
|
8 |
Rearrange files interfaces. |
9 |
|
10 |
--- |
11 |
policy/modules/kernel/files.if | 80 ++++++++++++++++++++-------------------- |
12 |
1 files changed, 40 insertions(+), 40 deletions(-) |
13 |
|
14 |
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if |
15 |
index b1c7e5d..552459b 100644 |
16 |
--- a/policy/modules/kernel/files.if |
17 |
+++ b/policy/modules/kernel/files.if |
18 |
@@ -6251,27 +6251,6 @@ interface(`files_dontaudit_getattr_all_pids',` |
19 |
|
20 |
######################################## |
21 |
## <summary> |
22 |
-## Create, read, write and delete all |
23 |
-## var_run (pid) content |
24 |
-## </summary> |
25 |
-## <param name="domain"> |
26 |
-## <summary> |
27 |
-## Domain alloed access. |
28 |
-## </summary> |
29 |
-## </param> |
30 |
-# |
31 |
-interface(`files_manage_all_pids',` |
32 |
- gen_require(` |
33 |
- attribute pidfile; |
34 |
- ') |
35 |
- |
36 |
- manage_dirs_pattern($1, pidfile, pidfile) |
37 |
- manage_files_pattern($1, pidfile, pidfile) |
38 |
- manage_lnk_files_pattern($1, pidfile, pidfile) |
39 |
-') |
40 |
- |
41 |
-######################################## |
42 |
-## <summary> |
43 |
## Do not audit attempts to write to daemon runtime data files. |
44 |
## </summary> |
45 |
## <param name="domain"> |
46 |
@@ -6333,25 +6312,6 @@ interface(`files_read_all_pids',` |
47 |
|
48 |
######################################## |
49 |
## <summary> |
50 |
-## Mount filesystems on all polyinstantiation |
51 |
-## member directories. |
52 |
-## </summary> |
53 |
-## <param name="domain"> |
54 |
-## <summary> |
55 |
-## Domain allowed access. |
56 |
-## </summary> |
57 |
-## </param> |
58 |
-# |
59 |
-interface(`files_mounton_all_poly_members',` |
60 |
- gen_require(` |
61 |
- attribute polymember; |
62 |
- ') |
63 |
- |
64 |
- allow $1 polymember:dir mounton; |
65 |
-') |
66 |
- |
67 |
-######################################## |
68 |
-## <summary> |
69 |
## Create PID directories. |
70 |
## </summary> |
71 |
## <param name="domain"> |
72 |
@@ -6419,6 +6379,46 @@ interface(`files_delete_all_pid_dirs',` |
73 |
|
74 |
######################################## |
75 |
## <summary> |
76 |
+## Create, read, write and delete all |
77 |
+## var_run (pid) content |
78 |
+## </summary> |
79 |
+## <param name="domain"> |
80 |
+## <summary> |
81 |
+## Domain alloed access. |
82 |
+## </summary> |
83 |
+## </param> |
84 |
+# |
85 |
+interface(`files_manage_all_pids',` |
86 |
+ gen_require(` |
87 |
+ attribute pidfile; |
88 |
+ ') |
89 |
+ |
90 |
+ manage_dirs_pattern($1, pidfile, pidfile) |
91 |
+ manage_files_pattern($1, pidfile, pidfile) |
92 |
+ manage_lnk_files_pattern($1, pidfile, pidfile) |
93 |
+') |
94 |
+ |
95 |
+######################################## |
96 |
+## <summary> |
97 |
+## Mount filesystems on all polyinstantiation |
98 |
+## member directories. |
99 |
+## </summary> |
100 |
+## <param name="domain"> |
101 |
+## <summary> |
102 |
+## Domain allowed access. |
103 |
+## </summary> |
104 |
+## </param> |
105 |
+# |
106 |
+interface(`files_mounton_all_poly_members',` |
107 |
+ gen_require(` |
108 |
+ attribute polymember; |
109 |
+ ') |
110 |
+ |
111 |
+ allow $1 polymember:dir mounton; |
112 |
+') |
113 |
+ |
114 |
+######################################## |
115 |
+## <summary> |
116 |
## Search the contents of generic spool |
117 |
## directories (/var/spool). |
118 |
## </summary> |