All of lore.kernel.org
 help / color / mirror / Atom feed
* policy patches
@ 2004-09-29 13:54 Russell Coker
  2004-09-29 17:45 ` Thomas Bleher
  0 siblings, 1 reply; 47+ messages in thread
From: Russell Coker @ 2004-09-29 13:54 UTC (permalink / raw)
  To: SELinux

[-- Attachment #1: Type: text/plain, Size: 1923 bytes --]

I can't reproduce syslogd_t getting access to a kernel_t fd, so I removed the 
rules relating to that (I think it was a kernel bug that has since been 
fixed).

kudzu needs to execute /sbin/init to enable/disable serial console.

nash needs to read /dev/mapper/control (temporary thing, hopefully udev will 
take care of this soon).

Removed a redundant rule from postfix.te and some redundant rules from 
quota.te .

Added some extra rules to rpm.te for the most strict configuration and added 
sysadmfile to rpmbuild_exec_t.

Allow udev to execute more types to prepare for removing can_exec_any.

Added a new fc entry for cups so that hal can detect a new printer and add it.

kmodule is part of kudzu.

More name change stuff netsaint -> nagios.

Added start_udev to udev.fc.

Fixed home directory labelling for uml.

Added quagga entries to zebra.fc.  Maybe we should rename the policy from 
zebra to quagga too.

Added some ifdef(`targeted_policy' conditionals where needed.

Removed a reference to tmp_t:lnk_file, there should never be a tmp_t:lnk_file 
in the strict policy (and targetted has no mozilla policy).

Updated ssh_agent_macros.te with the latest stuff from Thomas Bleher.  Also 
gave him full credit (I don't recall doing anything significant with that 
file).

Allow ssh client to execute bash.  ssh client can use the shell to launch 
scripts and this can be defined in ~/.ssh/config .

Removed a reference to user_home_dir_t from xserver_macros.te.  Any time a 
policy has a reference to user_t, user_home_dir_t, etc it's a bug.

Removed a line giving xdm access to the NVIDIA device node.  xdm has no 
business with that, it's for the X server.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: diff --]
[-- Type: text/x-diff, Size: 12605 bytes --]

diff -ru /usr/src/se/policy/domains/program/initrc.te ./domains/program/initrc.te
--- /usr/src/se/policy/domains/program/initrc.te	2004-09-29 00:49:54.000000000 +1000
+++ ./domains/program/initrc.te	2004-09-26 02:48:05.000000000 +1000
@@ -219,7 +219,7 @@
 allow initrc_t var_lib_rpm_t:dir rw_dir_perms;
 allow initrc_t var_lib_rpm_t:file create_file_perms;
 ')
-')
+')dnl end distro_redhat
 
 allow initrc_t system_map_t:{ file lnk_file } r_file_perms;
 
diff -ru /usr/src/se/policy/domains/program/syslogd.te ./domains/program/syslogd.te
--- /usr/src/se/policy/domains/program/syslogd.te	2004-09-11 16:21:44.000000000 +1000
+++ ./domains/program/syslogd.te	2004-09-10 14:37:28.000000000 +1000
@@ -95,6 +95,3 @@
 #
 dontaudit syslogd_t file_t:dir search;
 allow syslogd_t devpts_t:dir { search };
-
-dontaudit syslogd_t kernel_t:fd use;
-dontaudit syslogd_t kernel_t:file read;
diff -ru /usr/src/se/policy/domains/program/unused/kudzu.te ./domains/program/unused/kudzu.te
--- /usr/src/se/policy/domains/program/unused/kudzu.te	2004-09-09 04:22:47.000000000 +1000
+++ ./domains/program/unused/kudzu.te	2004-09-21 17:22:19.000000000 +1000
@@ -50,7 +50,7 @@
 rw_dir_create_file(kudzu_t, etc_t)
 
 rw_dir_create_file(kudzu_t, mnt_t)
-can_exec(kudzu_t, { bin_t sbin_t })
+can_exec(kudzu_t, { bin_t sbin_t init_exec_t })
 # Read /usr/lib/gconv/gconv-modules.*
 allow kudzu_t lib_t:file { read getattr };
 # Read /usr/share/hwdata/.* and /usr/share/terminfo/l/linux
diff -ru /usr/src/se/policy/domains/program/unused/lvm.te ./domains/program/unused/lvm.te
--- /usr/src/se/policy/domains/program/unused/lvm.te	2004-09-23 22:31:17.000000000 +1000
+++ ./domains/program/unused/lvm.te	2004-09-24 20:36:26.000000000 +1000
@@ -110,7 +110,7 @@
 allow lvm_t sbin_t:dir search;
 dontaudit lvm_t sbin_t:file getattr;
 allow lvm_t lvm_control_t:chr_file rw_file_perms;
-allow initrc_t lvm_control_t:chr_file { getattr unlink };
+allow initrc_t lvm_control_t:chr_file { getattr read unlink };
 allow initrc_t device_t:chr_file create;
 dontaudit lvm_t var_run_t:dir getattr;
 
diff -ru /usr/src/se/policy/domains/program/unused/postfix.te ./domains/program/unused/postfix.te
--- /usr/src/se/policy/domains/program/unused/postfix.te	2004-09-23 22:31:17.000000000 +1000
+++ ./domains/program/unused/postfix.te	2004-09-23 23:18:20.000000000 +1000
@@ -100,7 +100,6 @@
 ')
 allow postfix_master_t sendmail_exec_t:file r_file_perms;
 allow postfix_master_t sbin_t:lnk_file { getattr read };
-domain_auto_trans(initrc_t, postfix_master_exec_t, postfix_master_t)
 ifdef(`pppd.te', `
 domain_auto_trans(pppd_t, postfix_master_exec_t, postfix_master_t)
 ')
diff -ru /usr/src/se/policy/domains/program/unused/quota.te ./domains/program/unused/quota.te
--- /usr/src/se/policy/domains/program/unused/quota.te	2004-09-23 22:31:17.000000000 +1000
+++ ./domains/program/unused/quota.te	2004-09-23 23:18:49.000000000 +1000
@@ -17,10 +17,6 @@
 role sysadm_r types quota_t;
 allow quota_t admin_tty_type:chr_file { read write };
 
-domain_auto_trans(sysadm_t, quota_exec_t, quota_t)
-role sysadm_r types quota_t;
-allow quota_t admin_tty_type:chr_file { read write };
-
 type quota_flag_t, file_type, sysadmfile;
 type quota_db_t, file_type, sysadmfile;
 
diff -ru /usr/src/se/policy/domains/program/unused/rpm.te ./domains/program/unused/rpm.te
--- /usr/src/se/policy/domains/program/unused/rpm.te	2004-09-21 14:39:14.000000000 +1000
+++ ./domains/program/unused/rpm.te	2004-09-29 01:05:44.000000000 +1000
@@ -16,9 +16,15 @@
 type rpm_exec_t, file_type, sysadmfile, exec_type;
 
 general_domain_access(rpm_t)
+can_ps(rpm_t, domain)
+allow rpm_t self:process setrlimit;
 system_crond_entry(rpm_exec_t, rpm_t)
 role sysadm_r types rpm_t;
 domain_auto_trans(sysadm_t, rpm_exec_t, rpm_t)
+ifdef(`unlimitedUsers', `
+role staff_r types rpm_t;
+domain_auto_trans(staff_t, rpm_exec_t, rpm_t)
+')
 
 type rpm_file_t, file_type, sysadmfile;
 
@@ -239,7 +245,7 @@
 allow rpm_t rpc_pipefs_t:dir search;
 allow rpm_script_t init_t:dir search;
 
-type rpmbuild_exec_t, file_type, exec_type;
+type rpmbuild_exec_t, file_type, sysadmfile, exec_type;
 type rpmbuild_t, domain;
 allow rpmbuild_t policy_config_t:dir { search };
 allow rpmbuild_t policy_src_t:dir { search };
diff -ru /usr/src/se/policy/domains/program/unused/udev.te ./domains/program/unused/udev.te
--- /usr/src/se/policy/domains/program/unused/udev.te	2004-09-29 00:50:00.000000000 +1000
+++ ./domains/program/unused/udev.te	2004-09-11 17:14:58.000000000 +1000
@@ -42,6 +42,8 @@
 allow udev_t { bin_t sbin_t }:dir r_dir_perms;
 allow udev_t { sbin_t bin_t }:lnk_file read;
 allow udev_t bin_t:lnk_file read;
+can_exec(udev_t, { shell_exec_t bin_t sbin_t etc_t } )
+can_exec(udev_t, udev_exec_t)
 r_dir_file(udev_t, sysfs_t)
 allow udev_t sysadm_tty_device_t:chr_file { read write };
 
diff -ru /usr/src/se/policy/file_contexts/program/cups.fc ./file_contexts/program/cups.fc
--- /usr/src/se/policy/file_contexts/program/cups.fc	2004-08-19 17:10:38.000000000 +1000
+++ ./file_contexts/program/cups.fc	2004-09-24 01:44:14.000000000 +1000
@@ -18,6 +18,7 @@
 /usr/lib(64)?/cups/backend/.* --	system_u:object_r:cupsd_exec_t
 /usr/lib(64)?/cups/daemon/.*	 --	system_u:object_r:cupsd_exec_t
 /usr/sbin/cupsd		--	system_u:object_r:cupsd_exec_t
+/usr/bin/cups-config-daemon --	system_u:object_r:cupsd_exec_t
 /usr/sbin/printconf-backend --	system_u:object_r:cupsd_exec_t
 /var/log/cups(/.*)?		system_u:object_r:cupsd_log_t
 /var/spool/cups(/.*)?		system_u:object_r:print_spool_t
diff -ru /usr/src/se/policy/file_contexts/program/kudzu.fc ./file_contexts/program/kudzu.fc
--- /usr/src/se/policy/file_contexts/program/kudzu.fc	2003-11-27 05:04:46.000000000 +1100
+++ ./file_contexts/program/kudzu.fc	2004-09-26 05:24:38.000000000 +1000
@@ -1,2 +1,3 @@
 # kudzu
 /usr/sbin/kudzu	--	system_u:object_r:kudzu_exec_t
+/sbin/kmodule	--	system_u:object_r:kudzu_exec_t
diff -ru /usr/src/se/policy/file_contexts/program/nagios.fc ./file_contexts/program/nagios.fc
--- /usr/src/se/policy/file_contexts/program/nagios.fc	2004-06-17 03:38:16.000000000 +1000
+++ ./file_contexts/program/nagios.fc	2004-09-24 20:44:24.000000000 +1000
@@ -1,7 +1,10 @@
-# netsaint - network monitoring server
-/usr/sbin/netsaint		--	system_u:object_r:nagios_exec_t
-#/var/run/netsaint(/.*)?		system_u:object_r:nagios_var_run_t
-/etc/netsaint(/.*)?			system_u:object_r:nagios_etc_t
+# nagios - network monitoring server
 /var/log/netsaint(/.*)?			system_u:object_r:nagios_log_t
 /usr/lib(64)?/netsaint/plugins(/.*)?		system_u:object_r:bin_t
 /usr/lib(64)?/cgi-bin/netsaint/.+	--	system_u:object_r:nagios_cgi_exec_t
+# nagios
+/usr/bin/nagios			--	system_u:object_r:nagios_exec_t
+/etc/nagios(/.*)?			system_u:object_r:nagios_etc_t
+/var/log/nagios(/.*)?			system_u:object_r:nagios_log_t
+/usr/lib(64)?/nagios/plugins(/.*)?	system_u:object_r:bin_t
+/usr/lib(64)?/nagios/cgi/.+	--	system_u:object_r:nagios_cgi_exec_t
diff -ru /usr/src/se/policy/file_contexts/program/udev.fc ./file_contexts/program/udev.fc
--- /usr/src/se/policy/file_contexts/program/udev.fc	2004-09-01 10:52:39.000000000 +1000
+++ ./file_contexts/program/udev.fc	2004-09-24 03:38:36.000000000 +1000
@@ -2,6 +2,7 @@
 /sbin/udevsend	--	system_u:object_r:udev_exec_t
 /sbin/udev	--	system_u:object_r:udev_exec_t
 /sbin/udevd	--	system_u:object_r:udev_exec_t
+/sbin/start_udev --	system_u:object_r:udev_exec_t
 /usr/bin/udevinfo --	system_u:object_r:udev_exec_t
 /etc/dev\.d/.+	--	system_u:object_r:udev_helper_exec_t
 /etc/udev/scripts/.+	-- system_u:object_r:udev_helper_exec_t
diff -ru /usr/src/se/policy/file_contexts/program/uml.fc ./file_contexts/program/uml.fc
--- /usr/src/se/policy/file_contexts/program/uml.fc	2004-03-04 07:53:52.000000000 +1100
+++ ./file_contexts/program/uml.fc	2004-09-24 20:43:58.000000000 +1000
@@ -1,4 +1,4 @@
 # User Mode Linux
 /usr/bin/uml_switch	--	system_u:object_r:uml_switch_exec_t
 /var/run/uml-utilities(/.*)?	system_u:object_r:uml_switch_var_run_t
-/home/[^/]+/.uml(/.*)?		system_u:object_r:user_uml_rw_t
+HOME_DIR/\.uml(/.*)?		system_u:object_r:ROLE_uml_rw_t
diff -ru /usr/src/se/policy/file_contexts/program/zebra.fc ./file_contexts/program/zebra.fc
--- /usr/src/se/policy/file_contexts/program/zebra.fc	2004-08-19 17:10:45.000000000 +1000
+++ ./file_contexts/program/zebra.fc	2004-09-24 20:43:58.000000000 +1000
@@ -5,3 +5,9 @@
 /etc/zebra(/.*)?		system_u:object_r:zebra_conf_t
 /var/run/.zserv		-s	system_u:object_r:zebra_var_run_t
 /var/run/.zebra		-s	system_u:object_r:zebra_var_run_t
+# Quagga
+/usr/sbin/rip.*  	--	system_u:object_r:zebra_exec_t
+/usr/sbin/ospf.*  	--	system_u:object_r:zebra_exec_t
+/etc/quagga(/.*)?		system_u:object_r:zebra_conf_t
+/var/log/quagga(/.*)?		system_u:object_r:zebra_log_t
+/var/run/quagga(/.*)?		system_u:object_r:zebra_var_run_t
diff -ru /usr/src/se/policy/macros/admin_macros.te ./macros/admin_macros.te
--- /usr/src/se/policy/macros/admin_macros.te	2004-09-24 06:31:34.000000000 +1000
+++ ./macros/admin_macros.te	2004-09-24 20:38:03.000000000 +1000
@@ -77,6 +77,10 @@
 allow $1_t sysadmfile:lnk_file create_lnk_perms;
 allow $1_t sysadmfile:dir create_dir_perms;
 
+# for lsof
+allow $1_t mtrr_device_t:file getattr;
+allow $1_t fs_type:dir getattr;
+
 # Set an exec context, e.g. for runcon.
 can_setexec($1_t)
 
diff -ru /usr/src/se/policy/macros/program/chkpwd_macros.te ./macros/program/chkpwd_macros.te
--- /usr/src/se/policy/macros/program/chkpwd_macros.te	2004-09-11 16:21:48.000000000 +1000
+++ ./macros/program/chkpwd_macros.te	2004-09-29 01:15:19.000000000 +1000
@@ -51,7 +51,9 @@
 allow $1_chkpwd_t etc_t:file { getattr read };
 allow $1_chkpwd_t self:unix_dgram_socket create_socket_perms;
 allow $1_chkpwd_t self:unix_stream_socket create_socket_perms;
+ifdef(`targeted_policy', `
 allow $1_chkpwd_t tty_device_t:chr_file { read write };
+')
 read_locale($1_chkpwd_t)
 
 # Use capabilities.
diff -ru /usr/src/se/policy/macros/program/mozilla_macros.te ./macros/program/mozilla_macros.te
--- /usr/src/se/policy/macros/program/mozilla_macros.te	2004-09-29 00:50:10.000000000 +1000
+++ ./macros/program/mozilla_macros.te	2004-09-16 21:47:34.000000000 +1000
@@ -71,8 +71,6 @@
 allow $1_lpr_t $1_mozilla_rw_t:file rw_file_perms;
 ')
 
-dontaudit $1_mozilla_t tmp_t:lnk_file read;
-
 #
 # This is another place where I sould like to allow system customization.
 # We need to allow the admin to select whether then want to allow mozilla
diff -ru /usr/src/se/policy/macros/program/ssh_agent_macros.te ./macros/program/ssh_agent_macros.te
--- /usr/src/se/policy/macros/program/ssh_agent_macros.te	2004-09-21 14:39:17.000000000 +1000
+++ ./macros/program/ssh_agent_macros.te	2004-09-12 14:50:44.000000000 +1000
@@ -3,8 +3,7 @@
 #
 
 #
-# Authors:  Russell Coker <russell@coker.com.au>,
-#           Thomas Bleher <ThomasBleher@gmx.de>
+# Author:  Thomas Bleher <ThomasBleher@gmx.de>
 #
 
 # 
@@ -70,7 +69,10 @@
 can_unix_connect($1_t, $1_ssh_agent_t)
 
 # transition back to normal privs upon exec
-domain_auto_trans($1_ssh_agent_t, { bin_t shell_exec_t $1_home_t ifdef(`nfs_home_dirs', `nfs_t')}, $1_t)
+domain_auto_trans($1_ssh_agent_t, { bin_t shell_exec_t $1_home_t }, $1_t)
+ifdef(`nfs_home_dirs', `
+domain_auto_trans($1_ssh_agent_t, nfs_t, $1_t)
+')
 allow $1_ssh_agent_t bin_t:dir search;
 
 # allow reading of /usr/bin/X11 (is a symlink)
diff -ru /usr/src/se/policy/macros/program/ssh_macros.te ./macros/program/ssh_macros.te
--- /usr/src/se/policy/macros/program/ssh_macros.te	2004-09-21 14:39:17.000000000 +1000
+++ ./macros/program/ssh_macros.te	2004-09-12 17:18:07.000000000 +1000
@@ -118,6 +118,7 @@
 # for /bin/sh used to execute xauth
 dontaudit $1_ssh_t proc_t:dir search;
 dontaudit $1_ssh_t proc_t:file { getattr read };
+can_exec($1_ssh_t, shell_exec_t)
 
 # Inherit and use descriptors from gnome-pty-helper.
 ifdef(`gnome-pty-helper.te', `allow $1_ssh_t $1_gph_t:fd use;')
diff -ru /usr/src/se/policy/macros/program/xserver_macros.te ./macros/program/xserver_macros.te
--- /usr/src/se/policy/macros/program/xserver_macros.te	2004-09-21 14:39:17.000000000 +1000
+++ ./macros/program/xserver_macros.te	2004-09-24 01:49:01.000000000 +1000
@@ -64,7 +64,6 @@
 
 allow xdm_xserver_t init_t:fd use;
 
-dontaudit xdm_xserver_t user_home_dir_t:dir { read search };
 dontaudit xdm_xserver_t sysadm_home_dir_t:dir { read search };
 ', `
 # The user role is authorized for this domain.
@@ -162,7 +161,6 @@
 ifdef(`xdm.te', `
 allow $1_t xdm_tmp_t:sock_file { unlink };
 allow $1_xserver_t xdm_var_run_t:dir { search };
-allow xdm_t xserver_misc_device_t:chr_file { getattr };
 # for /tmp/.ICE-unix
 file_type_auto_trans($1_t, xdm_xserver_tmp_t, $1_tmp_t, sock_file)
 ')

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2005-09-19  5:13 Russell Coker
  0 siblings, 0 replies; 47+ messages in thread
From: Russell Coker @ 2005-09-19  5:13 UTC (permalink / raw)
  To: SE-Linux

[-- Attachment #1: Type: text/plain, Size: 582 bytes --]

app.diff changes the application_domain() macro to work on the targeted 
policy.  This is needed for running the Postfix "postmap" program on the 
targeted policy among other things.

games.diff adds correct labelling for FreeCiv on Red Hat, adds an ifdef to 
reduce redundant rules, and removes an unnecessary lib64 reference.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: app.diff --]
[-- Type: text/x-diff, Size: 390 bytes --]

--- macros/global_macros.te.orig	2005-09-19 14:24:32.000000000 +1000
+++ macros/global_macros.te	2005-09-19 14:25:03.000000000 +1000
@@ -518,6 +518,9 @@
 type $1_t, domain, privlog $2;
 type $1_exec_t, file_type, sysadmfile, exec_type;
 role sysadm_r types $1_t;
+ifdef(`targeted_policy', `
+role system_r types $1_t;
+')
 domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
 uses_shlib($1_t)
 ')

[-- Attachment #3: games.diff --]
[-- Type: text/x-diff, Size: 1096 bytes --]

--- file_contexts/program/games.fc.orig	2005-09-17 01:59:39.000000000 +1000
+++ file_contexts/program/games.fc	2005-09-19 15:04:30.000000000 +1000
@@ -1,8 +1,10 @@
 #  games
-/usr/lib(64)?/games/.* 	--	system_u:object_r:games_exec_t:s0
-/var/games(/.*)?		system_u:object_r:games_data_t:s0
-/usr/games/.*		--	system_u:object_r:games_exec_t:s0
+/usr/lib/games/.* 	--	system_u:object_r:games_exec_t:s0
 /var/lib/games(/.*)? 		system_u:object_r:games_data_t:s0
+ifdef(`distro_debian', `
+/usr/games/.*		--	system_u:object_r:games_exec_t:s0
+/var/games(/.*)?		system_u:object_r:games_data_t:s0
+', `
 /usr/bin/micq		--	system_u:object_r:games_exec_t:s0
 /usr/bin/blackjack	--	system_u:object_r:games_exec_t:s0
 /usr/bin/gataxx		--	system_u:object_r:games_exec_t:s0
@@ -53,4 +55,6 @@
 /usr/bin/lskat		--	system_u:object_r:games_exec_t:s0
 /usr/bin/lskatproc	--	system_u:object_r:games_exec_t:s0
 /usr/bin/Maelstrom	--	system_u:object_r:games_exec_t:s0
-
+/usr/bin/civclient.*	--	system_u:object_r:games_exec_t:s0
+/usr/bin/civserver.*	--	system_u:object_r:games_exec_t:s0
+')dnl end non-Debian section

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2005-01-02 12:03 Russell Coker
  2005-01-04 19:33 ` James Carter
  2005-01-05 16:45 ` James Carter
  0 siblings, 2 replies; 47+ messages in thread
From: Russell Coker @ 2005-01-02 12:03 UTC (permalink / raw)
  To: SE-Linux

[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

network_macros.diff makes a cosmetic change to the network macros.

quota.diff enables converting quota files from old format to new format and 
adds access to raw disk devices which seems to be needed by the newer 
versions of the quota utilities.

screen.diff allows screen access to proc files so that it can display the 
uptime and other trivial stuff.  Screen can work without this, but it's handy 
to have it and proc_t is hardly restricted anyway.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: quota.diff --]
[-- Type: text/x-diff, Size: 1349 bytes --]

--- /usr/src/se/policy/file_contexts/program/quota.fc	2004-11-20 01:18:22.000000000 +1100
+++ file_contexts/program/quota.fc	2005-01-02 22:52:18.000000000 +1100
@@ -1,5 +1,10 @@
 # quota system
 /var/lib/quota(/.*)?		system_u:object_r:quota_flag_t
 /sbin/quota(check|on)	--	system_u:object_r:quota_exec_t
+ifdef(`distro_redhat', `
+/usr/sbin/convertquota	--	system_u:object_r:quota_exec_t
+', `
+/sbin/convertquota	--	system_u:object_r:quota_exec_t
+')
 HOME_ROOT/a?quota\.(user|group) -- system_u:object_r:quota_db_t
 /var/a?quota\.(user|group) -- system_u:object_r:quota_db_t
--- /usr/src/se/policy/domains/program/unused/quota.te	2004-11-13 03:56:03.000000000 +1100
+++ domains/program/unused/quota.te	2005-01-02 22:53:20.000000000 +1100
@@ -10,7 +10,7 @@
 #
 # needs auth attribute because it has read access to shadow_t because checkquota
 # is buggy
-daemon_base_domain(quota, `, auth')
+daemon_base_domain(quota, `, auth, fs_domain')
 
 # so the administrator can run quotacheck
 domain_auto_trans(sysadm_t, quota_exec_t, quota_t)
@@ -39,6 +39,8 @@
 allow quota_t file_type:lnk_file { read getattr };
 allow quota_t device_type:{ chr_file blk_file } getattr;
 
+allow quota_t fixed_disk_device_t:blk_file { getattr read };
+
 # for /quota.*
 allow quota_t quota_db_t:file { read write };
 dontaudit unpriv_userdomain quota_db_t:file getattr;

[-- Attachment #3: network_macros.diff --]
[-- Type: text/x-diff, Size: 542 bytes --]

--- /usr/src/se/policy/macros/network_macros.te	2004-11-25 06:44:37.000000000 +1100
+++ macros/network_macros.te	2004-12-25 12:26:30.000000000 +1100
@@ -79,11 +79,12 @@
 # Permissions for accessing the network.
 # See types/network.te for the network types.
 # See net_contexts for security contexts for network entities.
+# Combination of can_network_client_tcp() and can_network_server_tcp()
 #
 define(`can_network_tcp',`
 
 can_network_server_tcp($1, `$2')
-can_network_client_tcp($1, `$2')
+allow $1 self:tcp_socket { connect };
 
 ')
 

[-- Attachment #4: screen.diff --]
[-- Type: text/x-diff, Size: 430 bytes --]

--- /usr/src/se/policy/macros/program/screen_macros.te	2004-12-13 09:55:31.000000000 +1100
+++ macros/program/screen_macros.te	2004-12-31 10:34:39.000000000 +1100
@@ -87,6 +87,7 @@
 
 # get stats
 allow $1_screen_t proc_t:dir search;
+allow $1_screen_t proc_t:file { getattr read };
 allow $1_screen_t proc_t:lnk_file read;
 allow $1_screen_t etc_t:{ file lnk_file } { read getattr };
 allow $1_screen_t self:dir { search read };

^ permalink raw reply	[flat|nested] 47+ messages in thread
* hald fix
@ 2004-09-16 11:51 Russell Coker
  2004-09-16 14:52 ` James Carter
  0 siblings, 1 reply; 47+ messages in thread
From: Russell Coker @ 2004-09-16 11:51 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 358 bytes --]

The attached patch fixes a typo to make hald work with dbus and removes an 
unnecessary can_exec_any().

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: hald.diff --]
[-- Type: text/x-diff, Size: 610 bytes --]

--- /usr/src/se/policy/domains/program/unused/hald.te	2004-09-16 18:06:49.000000000 +1000
+++ domains/program/unused/hald.te	2004-09-16 21:50:28.000000000 +1000
@@ -12,13 +12,13 @@
 #
 daemon_domain(hald, `, fs_domain, nscd_client_domain')
 
-can_exec_any(hald_t)
+can_exec(hald_t, hald_exec_t)
 
 allow hald_t { etc_t etc_runtime_t }:file { getattr read };
 allow hald_t self:unix_stream_socket create_stream_socket_perms;
 allow hald_t self:unix_dgram_socket create_socket_perms;
 
-ifdef(`dbus.te', `
+ifdef(`dbusd.te', `
 allow hald_t system_dbusd_t:dbus { acquire_svc };
 dbusd_client(system, hald_t)
 ')

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2004-08-19 12:57 Russell Coker
  2004-08-20 19:07 ` Stephen Smalley
  0 siblings, 1 reply; 47+ messages in thread
From: Russell Coker @ 2004-08-19 12:57 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 1502 bytes --]

diff1 makes the Makefile use M4PARAM for the file_contexts.

It makes a trivial change to fsadm_t access which satisfies some of the 
assertions I test with (no difference in production).

Removes devpts access from getty_t (it has no business doing such things, any 
time it tries to do so is a bug somewhere).

Makes a change to initrc_t needed for cryptsetup on Debian (unsure whether 
cryptsetup on Fedora will work the same way, it's quite likely - I think it's 
best if we copy the Debian cryptsetup stuff into Fedora).

Also it removes boot_t:lnk_file access from klogd_t, on Fedora the only 
boot_t:lnk_file is the GRUB menu.lst file (which klogd does not need access 
to), on Debian there are also some sym-links for LILO (which are in the same 
category).


diff makes some minor changes to the passwd policy to work with different 
editors for vipw and different versions of chfn.

Allows acct_t to execute logrotate.

Works with the latest version of amavis. 

Fixes the apmd policy to work with the device_type changes and some 
functionality that is commonly called from apm scripts.

Changes the capabilities in bluetooth.te to be in the same order as the header 
file.

Updates the calamaris policy to work with the latest version.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: diff1 --]
[-- Type: text/x-diff, Size: 2806 bytes --]

diff -ru /usr/src/se/policy/Makefile ./Makefile
--- /usr/src/se/policy/Makefile	2004-08-02 16:59:45.000000000 +1000
+++ ./Makefile	2004-08-19 21:22:13.000000000 +1000
@@ -140,7 +140,7 @@
 
 $(FC): $(FCFILES) $(ALL_TUNABLES) domains/program domains/misc file_contexts/program file_contexts/misc users /etc/passwd
 	@echo "Building file_contexts ..."
-	@m4 $(ALL_TUNABLES) $(FCFILES) > $@.tmp
+	@m4 $(M4PARAM) $(ALL_TUNABLES) $(FCFILES) > $@.tmp
 	@grep -v "^/root" $@.tmp > $@.root
 	@/usr/sbin/genhomedircon . $@.root  > $@
 	@grep "^/root" $@.tmp >> $@
diff -ru /usr/src/se/policy/domains/program/fsadm.te ./domains/program/fsadm.te
--- /usr/src/se/policy/domains/program/fsadm.te	2004-06-17 15:10:38.000000000 +1000
+++ ./domains/program/fsadm.te	2004-07-04 18:18:07.000000000 +1000
@@ -84,7 +84,8 @@
 
 # Access lost+found.
 allow fsadm_t lost_found_t:dir create_dir_perms;
-allow fsadm_t lost_found_t:notdevfile_class_set create_file_perms;
+allow fsadm_t lost_found_t:{ file sock_file fifo_file } create_file_perms;
+allow fsadm_t lost_found_t:lnk_file create_lnk_perms;
 
 allow fsadm_t file_t:dir { search read getattr rmdir create };
 
diff -ru /usr/src/se/policy/domains/program/getty.te ./domains/program/getty.te
--- /usr/src/se/policy/domains/program/getty.te	2004-08-04 20:26:43.000000000 +1000
+++ ./domains/program/getty.te	2004-08-15 15:53:57.000000000 +1000
@@ -52,8 +52,6 @@
 # Chown, chmod, read and write ttys.
 allow getty_t tty_device_t:chr_file { setattr rw_file_perms };
 allow getty_t ttyfile:chr_file { setattr rw_file_perms };
-allow getty_t initrc_devpts_t:chr_file { setattr rw_file_perms };
-dontaudit getty_t { user_devpts_t sysadm_devpts_t }:chr_file { read write };
 
 # for error condition handling
 allow getty_t fs_t:filesystem getattr;
diff -ru /usr/src/se/policy/domains/program/initrc.te ./domains/program/initrc.te
--- /usr/src/se/policy/domains/program/initrc.te	2004-08-02 16:59:47.000000000 +1000
+++ ./domains/program/initrc.te	2004-08-11 16:58:56.000000000 +1000
@@ -164,7 +164,10 @@
 allow initrc_t pidfile:file { getattr read unlink };
 
 # Write to /dev/urandom.
-allow initrc_t urandom_device_t:chr_file rw_file_perms;
+allow initrc_t { random_device_t urandom_device_t }:chr_file rw_file_perms;
+
+# for cryptsetup
+allow initrc_t fixed_disk_device_t:blk_file getattr;
 
 # Set device ownerships/modes.
 allow initrc_t framebuf_device_t:lnk_file read;
diff -ru /usr/src/se/policy/domains/program/klogd.te ./domains/program/klogd.te
--- /usr/src/se/policy/domains/program/klogd.te	2004-07-08 13:09:33.000000000 +1000
+++ ./domains/program/klogd.te	2004-06-17 03:07:45.000000000 +1000
@@ -43,5 +43,3 @@
 # Read /boot/System.map*
 allow klogd_t system_map_t:file r_file_perms;
 allow klogd_t boot_t:dir r_dir_perms;
-allow klogd_t boot_t:lnk_file { read };
-

[-- Attachment #3: diff --]
[-- Type: text/x-diff, Size: 6297 bytes --]

diff -ru /usr/src/se/policy/domains/program/passwd.te ./domains/program/passwd.te
--- /usr/src/se/policy/domains/program/passwd.te	2004-06-17 15:10:38.000000000 +1000
+++ ./domains/program/passwd.te	2004-08-09 00:35:11.000000000 +1000
@@ -35,6 +35,9 @@
 
 allow $1_t etc_t:file create_file_perms;
 
+# read /etc/mtab
+allow $1_t etc_runtime_t:file { getattr read };
+
 # Allow etc_t symlinks for /etc/alternatives on Debian.
 allow $1_t etc_t:lnk_file read;
 
@@ -87,8 +90,8 @@
 dontaudit chfn_t shadow_t:file read;
 allow chfn_t etc_t:dir rw_dir_perms;
 allow chfn_t etc_t:file create_file_perms;
-allow chfn_t proc_t:file { read };
-allow chfn_t chfn_t:file { write };
+allow chfn_t proc_t:file { getattr read };
+allow chfn_t self:file { write };
 
 in_user_role(passwd_t)
 in_user_role(chfn_t)
@@ -118,9 +121,10 @@
 ')
 
 # allow vipw to exec the editor
-allow sysadm_passwd_t { root_t usr_t bin_t }:dir search;
+allow sysadm_passwd_t { root_t bin_t sbin_t }:dir search;
 allow sysadm_passwd_t { bin_t }:lnk_file read;
 can_exec(sysadm_passwd_t, { shell_exec_t bin_t })
+r_dir_file(sysadm_passwd_t, usr_t)
 
 # allow vipw to create temporary files under /var/tmp/vi.recover
 allow sysadm_passwd_t var_t:dir search;
@@ -133,6 +137,12 @@
 # for nscd lookups
 dontaudit sysadm_passwd_t var_run_t:dir search;
 
+# for /proc/meminfo
+allow sysadm_passwd_t proc_t:file { getattr read };
+
+dontaudit sysadm_passwd_t selinux_config_t:dir search;
+dontaudit sysadm_passwd_t devpts_t:dir search;
+
 # make sure that getcon succeeds
 allow passwd_t userdomain:dir search;
 allow passwd_t userdomain:file read;
diff -ru /usr/src/se/policy/domains/program/unused/acct.te ./domains/program/unused/acct.te
--- /usr/src/se/policy/domains/program/unused/acct.te	2004-06-17 15:10:39.000000000 +1000
+++ ./domains/program/unused/acct.te	2004-07-23 16:15:35.000000000 +1000
@@ -22,7 +22,7 @@
 allow acct_t urandom_device_t:chr_file read;
 
 ifdef(`logrotate.te', `
-allow acct_t logrotate_exec_t:file getattr;
+can_exec(acct_t, logrotate_exec_t)
 r_dir_file(logrotate_t, acct_data_t)
 ')
 
diff -ru /usr/src/se/policy/domains/program/unused/amavis.te ./domains/program/unused/amavis.te
--- /usr/src/se/policy/domains/program/unused/amavis.te	2004-08-04 20:26:43.000000000 +1000
+++ ./domains/program/unused/amavis.te	2004-08-16 20:24:12.000000000 +1000
@@ -20,8 +20,10 @@
 allow initrc_t amavisd_lib_t:file unlink;
 allow initrc_t amavisd_var_run_t:dir setattr;
 allow amavisd_t self:capability { chown dac_override setgid setuid };
+dontaudit amavisd_t self:capability sys_tty_config;
 
 allow amavisd_t usr_t:{ file lnk_file } { getattr read };
+dontaudit amavisd_t usr_t:file ioctl;
 
 # networking
 can_network(amavisd_t)
diff -ru /usr/src/se/policy/domains/program/unused/apmd.te ./domains/program/unused/apmd.te
--- /usr/src/se/policy/domains/program/unused/apmd.te	2004-08-02 16:59:47.000000000 +1000
+++ ./domains/program/unused/apmd.te	2004-08-03 15:08:13.000000000 +1000
@@ -72,12 +72,13 @@
 # setuid for fuser, dac* for ps
 dontaudit apmd_t self:capability { setuid dac_override dac_read_search };
 dontaudit apmd_t domain:{ socket_class_set } getattr;
-dontaudit apmd_t { file_type fs_type }:dir_file_class_set getattr;
+dontaudit apmd_t { file_type fs_type }:notdevfile_class_set getattr;
+dontaudit apmd_t device_type:devfile_class_set getattr;
 dontaudit apmd_t home_type:dir { search getattr };
 dontaudit apmd_t domain:key_socket getattr;
 dontaudit apmd_t domain:dir search;
 
-ifdef(`redhat', `
+ifdef(`redhat', `
 can_exec(apmd_t, apmd_var_run_t)
 # for /var/lock/subsys/network
 rw_dir_create_file(apmd_t, var_lock_t)
@@ -108,7 +109,16 @@
 
 # Same for apm/acpid scripts
 domain_auto_trans(apmd_t, initrc_exec_t, initrc_t)
+ifdef(`consoletype.te', `
+allow consoletype_t apmd_t:fd use;
+allow consoletype_t apmd_t:fifo_file write;
+')
+ifdef(`mount.te', `allow mount_t apmd_t:fd use;')
+ifdef(`crond.te', `domain_auto_trans(apmd_t, anacron_exec_t, system_crond_t)')
 
 ifdef(`mta.te', `
 domain_auto_trans(apmd_t, sendmail_exec_t, system_mail_t) 
 ')
+
+# for a find /dev operation that gets /dev/shm
+dontaudit apmd_t tmpfs_t:dir r_dir_perms;
diff -ru /usr/src/se/policy/domains/program/unused/backup.te ./domains/program/unused/backup.te
--- /usr/src/se/policy/domains/program/unused/backup.te	2004-07-13 09:07:59.000000000 +1000
+++ ./domains/program/unused/backup.te	2004-07-19 09:53:38.000000000 +1000
@@ -23,6 +23,9 @@
 rw_dir_create_file(system_crond_t, backup_store_t)
 ')
 
+# for SSP
+allow backup_t urandom_device_t:chr_file read;
+
 can_network(backup_t)
 uses_shlib(backup_t)
 
diff -ru /usr/src/se/policy/domains/program/unused/bluetooth.te ./domains/program/unused/bluetooth.te
--- /usr/src/se/policy/domains/program/unused/bluetooth.te	2004-05-30 16:26:57.000000000 +1000
+++ ./domains/program/unused/bluetooth.te	2004-07-05 00:03:10.000000000 +1000
@@ -15,7 +15,7 @@
 tmp_domain(bluetooth)
 
 # Use capabilities.
-allow bluetooth_t self:capability { net_raw sys_tty_config net_admin };
+allow bluetooth_t self:capability { net_admin net_raw sys_tty_config };
 
 rw_dir_create_file(bluetooth_t, var_lock_t)
 
diff -ru /usr/src/se/policy/domains/program/unused/calamaris.te ./domains/program/unused/calamaris.te
--- /usr/src/se/policy/domains/program/unused/calamaris.te	2004-03-27 00:46:44.000000000 +1100
+++ ./domains/program/unused/calamaris.te	2004-08-12 17:11:00.000000000 +1000
@@ -21,6 +21,8 @@
 allow calamaris_t var_log_squid_t:dir search;
 allow calamaris_t var_log_squid_t:file { getattr read };
 allow calamaris_t { usr_t lib_t }:file { getattr read };
+allow calamaris_t usr_t:lnk_file { getattr read };
+dontaudit calamaris_t usr_t:file ioctl;
 
 type calamaris_www_t, file_type, sysadmfile;
 ifdef(`apache.te', `
@@ -36,10 +38,13 @@
 allow calamaris_t device_t:dir search;
 allow calamaris_t devtty_t:chr_file { read write };
 
+allow calamaris_t urandom_device_t:chr_file { getattr read };
+
 allow calamaris_t self:process { fork signal_perms setsched };
 allow calamaris_t { proc_t sysctl_kernel_t }:dir search;
 allow calamaris_t { proc_t sysctl_kernel_t }:file { getattr read };
 allow calamaris_t { proc_t self }:lnk_file read;
+allow calamaris_t self:dir search;
 
 allow calamaris_t { bin_t sbin_t }:dir search;
 allow calamaris_t bin_t:lnk_file read;

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2003-04-26  7:30 Russell Coker
  0 siblings, 0 replies; 47+ messages in thread
From: Russell Coker @ 2003-04-26  7:30 UTC (permalink / raw)
  To: Howard Holm; +Cc: SE Linux

[-- Attachment #1: Type: text/plain, Size: 1286 bytes --]

makefile.diff is a Makefile patch for jfs and jffs2.  jffs2 is probably 
redundant, but does no harm (and it's good to demonstrate that a large number 
of file systems are supported).

global.diff is a patch to global_macros.te.  This contains some things that 
are relied on by later patches.  It allows can_exec_any() to read symlinks in 
/etc because in Debian /usr/bin has many symlinks to symlinks in /etc for the 
case where several packages can provide the same program.  Also it removes 
every_domain(), which will break some other policy.  I've got patches for all 
the other domains, I'll post them here shortly.

passwd.diff makes two separate domains for changing password, one for the user 
that's just for "spasswd", and the other for the administrator that allows 
everything that's needed for svipw etc.  Also it merges useradd.te and 
groupadd.te into the same file with macros and removes every_domain() from 
chkpwd_macros.te .

simple.diff contains a bunch of small changes that aren't particularly 
noteworthy.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: makefile.diff --]
[-- Type: text/x-makefile, Size: 662 bytes --]

diff -ru /tmp/policy/Makefile ./Makefile
--- /tmp/policy/Makefile	2003-04-26 16:11:43.000000000 +1000
+++ ./Makefile	2003-03-28 12:39:33.000000000 +1100
@@ -103,10 +104,10 @@
 	cat domains/*.te domains/misc/*.te domains/program/*.te > $@
 
 relabel:  $(FC) $(SETFILES)
-	$(SETFILES) $(FC) `mount | awk '/(ext[23]|reiserfs)/{print $$3}'`
+	$(SETFILES) $(FC) `mount | awk '/(ext[23]|reiserfs|jfs|jffs2)/{print $$3}'`
 
 reset:  $(FC) $(SETFILES)
-	$(SETFILES) -R $(FC) `mount | awk '/(ext[23]|reiserfs)/{print $$3}'`
+	$(SETFILES) -R $(FC) `mount | awk '/(ext[23]|reiserfs|jfs|jffs2)/{print $$3}'`
 
 $(FC): $(FCFILES) file_contexts/program 
 	cat $(FCFILES) > $@

[-- Attachment #3: global.diff --]
[-- Type: text/x-diff, Size: 6415 bytes --]

diff -ru /tmp/policy/macros/global_macros.te ./macros/global_macros.te
--- /tmp/policy/macros/global_macros.te	2003-04-26 16:11:45.000000000 +1000
+++ ./macros/global_macros.te	2003-04-25 13:28:16.000000000 +1000
@@ -319,7 +321,7 @@
 #
 define(`can_exec_any',`
 allow $1 { bin_t sbin_t lib_t etc_t }:dir r_dir_perms;
-allow $1 { bin_t sbin_t }:lnk_file read;
+allow $1 { bin_t sbin_t etc_t }:lnk_file { getattr read };
 uses_shlib($1)
 can_exec($1, etc_t)
 can_exec($1, lib_t)
@@ -350,8 +352,12 @@
 allow $1 $3:notdevfile_class_set create_file_perms;
 allow $1 $3:dir create_dir_perms;
 ', `
+ifelse(`$4', `dir', `
+allow $1 $3:$4 create_dir_perms;
+', `
 allow $1 $3:$4 create_file_perms;
-')
+')dnl end if dir
+')dnl end if param 4 specified
 
 ')
 
@@ -525,30 +531,41 @@
 
 ##################################
 #
+# base_pty_perms(domain_prefix)
+#
+# Base permissions used for can_create_pty() and can_create_other_pty()
+#
+define(`base_pty_perms', `
+# Access the pty master multiplexer.
+allow $1_t ptmx_t:chr_file rw_file_perms;
+
+ifdef(`devfsd.te', `
+allow $1_t device_t:filesystem getattr;
+')
+allow $1_t devpts_t:filesystem getattr;
+
+# allow searching /dev/pts
+allow $1_t devpts_t:dir { getattr search };
+')
+
+##################################
+#
 # can_create_pty(domain_prefix, attributes)
 #
 # Permissions for creating ptys.
 #
 define(`can_create_pty',`
-
+base_pty_perms($1)
 type $1_devpts_t, file_type, sysadmfile, ptyfile $2;
 
 # Allow the pty to be associated with the file system.
 allow $1_devpts_t devpts_t:filesystem associate;
 
-# Access the pty master multiplexer.
-allow $1_t ptmx_t:chr_file rw_file_perms;
-
 # Label pty files with a derived type.
 type_transition $1_t devpts_t:chr_file $1_devpts_t;
 
 # Read and write my pty files.
 allow $1_t $1_devpts_t:chr_file { setattr rw_file_perms };
-
-ifdef(`devfsd.te', `
-allow $1_t device_t:filesystem getattr;
-')
-
 ')
 
 
@@ -559,20 +576,12 @@
 # Permissions for creating ptys for another domain.
 #
 define(`can_create_other_pty',`
-
-# Access the pty master multiplexer.
-allow $1_t ptmx_t:chr_file rw_file_perms;
-
+base_pty_perms($1)
 # Label pty files with a derived type.
 type_transition $1_t devpts_t:chr_file $2_devpts_t;
 
 # Read and write pty files.
 allow $1_t $2_devpts_t:chr_file { setattr rw_file_perms };
-
-ifdef(`devfsd.te', `
-allow $1_t device_t:filesystem getattr;
-')
-
 ')
 
 
@@ -590,7 +599,9 @@
 # Grant permissions within the domain.
 # This includes permissions to processes, /proc/PID files,
 # file descriptors, pipes, Unix sockets, and System V IPC objects
-# labeled with the domain.
+# labeled with the domain.  It also includes permissions to
+# send SIGCHLD to init and to use descriptors created by certain
+# domains.
 #
 define(`general_domain_access',`
 # Access other processes in the same domain.
@@ -617,6 +628,11 @@
 allow $1 self:msgq rw_msgq_perms;
 allow $1 self:shm  rw_shm_perms;
 
+# Use descriptors created by login, sshd, or newrole.
+allow $1 privfd:fd use;
+
+# Use descriptors created by mount (e.g. NFS).
+allow $1 mount_t:fd use;
 ')
 
 #
@@ -815,27 +829,10 @@
 allow $1 usbdevfs_t:dir r_dir_perms;
 allow $1 usbdevfs_t:{ file lnk_file } r_file_perms;
 allow $1 usbdevfs_device_t:file getattr;
-')
 
-#
-# general_file_write_access(domain)
-#
-# Grant write permissions to a small set of system file types, e.g. 
-# /dev/tty, /dev/null, etc.
-#
-# For shared directories like /tmp, each domain should have its own derived
-# type (with a file_type_auto_trans rule) for files created in the shared
-# directory.
-#
-define(`general_file_write_access',`
-errprint(`m4: '__file__:__line__: `Warning:  general_file_write_access is deprecated.
-')
-# Read and write /dev/tty and /dev/null.
-allow $1 devtty_t:chr_file rw_file_perms;
-allow $1 { null_device_t zero_device_t }:chr_file rw_file_perms;
-
-# Do not audit write denials to /etc/ld.so.cache.
-dontaudit $1 ld_so_cache_t:file write;
+# Read PID files in /var/run.  pidfile is a type attribute for 
+# all types used for such files.
+allow $1 pidfile:file r_file_perms;
 ')
 
 #
@@ -875,33 +872,6 @@
 
 ')
 
-################################
-#
-# every_domain(domain)
-#
-# Grant permissions common to most domains.
-#
-# This macro replaces the rules formerly located in domains/every.te.
-# An every_domain macro has been inserted into each domain .te file
-# for each domain defined within that file.  If you want a new domain
-# to inherit these rules, then you can likewise use this macro in
-# your new domain .te file.  However, for least privilege purposes, you 
-# may want to consider using macros or individual rules that only include 
-# a subset of these permissions for your new domain.  This macro has already 
-# been partitioned into a few subsets, with corresponding macros defined 
-# above and used in defining this macro.  
-#
-define(`every_domain',`
-errprint(`m4: '__file__:__line__: `Warning:  every_domain is deprecated.
-')
-# Grant the permissions common to the test domains.
-every_test_domain($1)
-
-# Grant permissions needed to create TCP and UDP sockets and 
-# to access the network.
-can_network($1)
-')
-
 #######################
 # daemon_base_domain(domain_prefix, attribs)
 #
@@ -937,12 +907,16 @@
 allow $1_t initrc_devpts_t:chr_file rw_file_perms;
 ')dnl
 
+define(`var_run_domain', `
+type $1_var_run_t alias var_run_$1_t, file_type, sysadmfile, pidfile;
+file_type_auto_trans($1_t, var_run_t, $1_var_run_t, file)
+')
+
 define(`daemon_domain', `
 daemon_base_domain($1, `$2')
 # Create pid file.
 allow $1_t var_t:dir { getattr search };
-type var_run_$1_t, file_type, sysadmfile, pidfile;
-file_type_auto_trans($1_t, var_run_t, var_run_$1_t)
+var_run_domain($1)
 
 allow $1_t devtty_t:chr_file rw_file_perms;
 
@@ -951,6 +925,8 @@
 
 # for df
 allow $1_t fs_type:filesystem getattr;
+
+r_dir_file($1_t, locale_t)
 ')dnl
 
 define(`uses_authbind',
@@ -984,8 +960,7 @@
 allow $2_t { self proc_t }:dir r_dir_perms;
 allow $2_t { self proc_t }:lnk_file read;
 
-allow $2_t device_t:dir { getattr search };
-allow $2_t null_device_t:chr_file rw_file_perms;
+allow $2_t device_t:dir getattr;
 ')
 
 
@@ -995,8 +970,8 @@
 ')
 
 define(`var_lib_domain', `
-type var_lib_$1_t, file_type, sysadmfile;
-file_type_auto_trans($1_t, var_lib_t, var_lib_$1_t)
+type $1_var_lib_t, file_type, sysadmfile;
+file_type_auto_trans($1_t, var_lib_t, $1_var_lib_t)
 ')
 
 define(`log_domain', `

[-- Attachment #4: passwd.diff --]
[-- Type: text/x-diff, Size: 11105 bytes --]

diff -ru /tmp/policy/assert.te ./assert.te
--- /tmp/policy/assert.te	2003-03-29 08:38:54.000000000 +1100
+++ ./assert.te	2003-04-23 19:52:12.000000000 +1000
@@ -111,9 +111,11 @@
 # entrypoint type and can only execute the dynamic loader
 # and the ordinary passwd program without a transition to another domain.
 #
-ifdef(`passwd.te',
-`neverallow passwd_t ~{ admin_passwd_exec_t passwd_exec_t }:file entrypoint;
-neverallow passwd_t ~{ bin_t sbin_t shell_exec_t ld_so_t passwd_real_exec_t }:file execute_no_trans;')
+ifdef(`passwd.te', `
+neverallow passwd_t ~{ passwd_exec_t }:file entrypoint;
+neverallow sysadm_passwd_t ~{ admin_passwd_exec_t }:file entrypoint;
+neverallow { passwd_t sysadm_passwd_t } ~{ bin_t sbin_t shell_exec_t ld_so_t passwd_real_exec_t }:file execute_no_trans;
+')
 
 #
 # Verify that only the admin domains and initrc_t have avc_toggle.
diff -ru /tmp/policy/domains/program/groupadd.te ./domains/program/groupadd.te
--- /tmp/policy/domains/program/groupadd.te	2003-04-08 06:25:34.000000000 +1000
+++ ./domains/program/groupadd.te	2003-04-22 19:42:08.000000000 +1000
@@ -1,60 +0,0 @@
-#DESC Groupadd - Manage system groups
-#
-# Authors:  David Caplan, dac@tresys.com
-#	    (Based on useradd.te by Chris Vance <cvance@tislabs.com>)
-#
-
-#################################
-#
-# Rules for the groupadd_t domain.
-#
-# groupadd_t is the domain of the groupadd/mod/del programs when
-# executed through the sgroupadd/mod/del wrapper.
-type groupadd_t, domain, privlog, auth, privowner;
-role sysadm_r types groupadd_t;
-
-general_domain_access(groupadd_t)
-uses_shlib(groupadd_t)
-
-type groupadd_exec_t, file_type, sysadmfile, exec_type;
-domain_auto_trans(sysadm_t, groupadd_exec_t, groupadd_t )
-
-# Use capabilities.
-# need more if users can run gpasswd
-allow groupadd_t groupadd_t:capability { dac_override };
-
-# Allow access to context for shadow file
-allow groupadd_t security_t:security { context_to_sid };
-
-# Inherit and use descriptors from login.
-allow groupadd_t privfd:fd use;
-
-# Execute /usr/sbin/{groupadd,groupdel,groupmod}, /usr/bin/gpasswd.
-allow groupadd_t { bin_t sbin_t }:dir r_dir_perms;
-can_exec(groupadd_t, { sbin_t bin_t })
-
-# Update /etc/shadow and /etc/passwd
-file_type_auto_trans(groupadd_t, etc_t, shadow_t)
-allow groupadd_t etc_t:file create_file_perms;
-
-allow groupadd_t { etc_t shadow_t }:file { relabelfrom relabelto };
-
-# some apps ask for these accesses, but seems to work regardless
-dontaudit groupadd_t initrc_var_run_t:file { write };
-dontaudit groupadd_t { var_run_t device_t var_t }:dir { search };
-
-# Access terminals.
-allow groupadd_t ttyfile:chr_file rw_file_perms;
-allow groupadd_t ptyfile:chr_file rw_file_perms;
-ifdef(`gnome-pty-helper.te', `allow groupadd_t gphdomain:fd use;')
-
-
-
-
-
-
-
-
-
-
-
diff -ru /tmp/policy/domains/program/passwd.te ./domains/program/passwd.te
--- /tmp/policy/domains/program/passwd.te	2003-03-27 23:57:57.000000000 +1100
+++ ./domains/program/passwd.te	2003-04-23 19:50:59.000000000 +1000
@@ -13,68 +13,85 @@
 # This domain and type is also used for wrappers for
 # chfn and chsh.
 #
-type passwd_t, domain, privlog, auth, privowner;
-in_user_role(passwd_t)
-role sysadm_r types passwd_t;
-
-type passwd_exec_t, file_type, sysadmfile, exec_type;
-type passwd_real_exec_t, file_type, sysadmfile;
-type admin_passwd_exec_t, file_type, sysadmfile;
-
-general_domain_access(passwd_t);
-
-uses_shlib(passwd_t);
-
-domain_auto_trans(userdomain, passwd_exec_t, passwd_t)
-domain_auto_trans(sysadm_t, admin_passwd_exec_t, passwd_t)
+define(`passwd_domain', `
+type $1_t, domain, privlog, auth, privowner;
 
-# for vipw - vi looks in the root home directory for config
-dontaudit passwd_t sysadm_home_dir_t:dir { getattr search };
-
-# Use capabilities.
-allow passwd_t passwd_t:capability { chown dac_override fsetid setuid sys_resource };
+general_domain_access($1_t);
+uses_shlib($1_t);
 
 # Inherit and use descriptors from login.
-allow passwd_t privfd:fd use;
+allow $1_t privfd:fd use;
+ifdef(`gnome-pty-helper.te', `allow $1_t gphdomain:fd use;')
 
 # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
-allow passwd_t { bin_t sbin_t }:dir r_dir_perms;
-can_exec(passwd_t, { bin_t sbin_t shell_exec_t passwd_real_exec_t })
+allow $1_t { bin_t sbin_t }:dir r_dir_perms;
+can_exec($1_t, { bin_t sbin_t shell_exec_t passwd_real_exec_t })
+allow $1_t bin_t:lnk_file read;
+r_dir_file($1_t, locale_t)
+
+allow $1_t fs_t:filesystem getattr;
 
 # allow checking if a shell is executable
-allow passwd_t shell_exec_t:file execute;
+allow $1_t shell_exec_t:file execute;
 
 # Obtain contexts
-allow passwd_t security_t:security { sid_to_context context_to_sid };
+allow $1_t security_t:security { sid_to_context context_to_sid };
 
 # Update /etc/shadow and /etc/passwd
-file_type_auto_trans(passwd_t, etc_t, shadow_t)
-allow passwd_t etc_t:file create_file_perms;
-allow passwd_t { etc_t shadow_t }:file { relabelfrom relabelto };
+file_type_auto_trans($1_t, etc_t, shadow_t)
+allow $1_t etc_t:file create_file_perms;
+allow $1_t { etc_t shadow_t }:file { relabelfrom relabelto };
 
-# allow vipw to create temporary files under /var/tmp/vi.recover
-tmp_domain(passwd)
+# Use capabilities.
+allow $1_t self:capability { chown dac_override fsetid setuid sys_resource };
 
 # Access terminals.
-allow passwd_t ttyfile:chr_file rw_file_perms;
-allow passwd_t ptyfile:chr_file rw_file_perms;
-ifdef(`gnome-pty-helper.te', `allow passwd_t gphdomain:fd use;')
+allow $1_t { ttyfile ptyfile }:chr_file rw_file_perms;
+allow $1_t devtty_t:chr_file rw_file_perms;
 
-# for vipw - vi looks in the root home directory for config
-dontaudit passwd_t sysadm_home_dir_t:dir { getattr search };
+dontaudit $1_t devpts_t:dir getattr;
 
 # /usr/bin/passwd asks for w access to utmp, but it will operate
 # correctly without it.  Do not audit write denials to utmp.
-dontaudit passwd_t initrc_var_run_t:file { read write };
+dontaudit $1_t initrc_var_run_t:file { read write };
 
 # user generally runs this from their home directory, so do not audit a search
 # on user home dir
-dontaudit passwd_t { user_home_dir_type user_home_type }:dir search;
+dontaudit $1_t { user_home_dir_type user_home_type }:dir search;
 
 # When the wrong current passwd is entered, passwd, for some reason, 
-# attempts to access /proc and /dev, but fails appropriately. So don't
+# attempts to access /proc and /dev, but fails appropriately. So dont
 # audit those denials.
-# Access denials to /var aren't audited either.
-dontaudit passwd_t { proc_t device_t var_t }:dir { search read };
+dontaudit $1_t { proc_t device_t }:dir { search read };
+
+allow $1_t device_t:dir getattr;
+')
+
+passwd_domain(passwd)
+passwd_domain(sysadm_passwd)
+
+in_user_role(passwd_t)
+role sysadm_r types sysadm_passwd_t;
+
+type admin_passwd_exec_t, file_type, sysadmfile, exec_type;
+type passwd_exec_t, file_type, sysadmfile, exec_type;
+type passwd_real_exec_t, file_type, sysadmfile;
+
+domain_auto_trans(userdomain, passwd_exec_t, passwd_t)
+domain_auto_trans(sysadm_t, admin_passwd_exec_t, sysadm_passwd_t)
+
+# for vipw - vi looks in the root home directory for config
+dontaudit sysadm_passwd_t sysadm_home_dir_t:dir { getattr search };
+
+dontaudit passwd_t var_t:dir search;
+
+# allow vipw to create temporary files under /var/tmp/vi.recover
+allow sysadm_passwd_t var_t:dir search;
+tmp_domain(sysadm_passwd)
+
+# for vipw - vi looks in the root home directory for config
+dontaudit sysadm_passwd_t sysadm_home_dir_t:dir { getattr search };
+
+# for /etc/alternatives/vi
+allow sysadm_passwd_t etc_t:lnk_file read;
 
-allow passwd_t device_t:dir getattr;
diff -ru /tmp/policy/file_contexts/program/groupadd.fc ./file_contexts/program/groupadd.fc
--- /tmp/policy/file_contexts/program/groupadd.fc	2003-04-08 06:25:35.000000000 +1000
+++ ./file_contexts/program/groupadd.fc	2003-04-22 19:42:25.000000000 +1000
@@ -1,10 +0,0 @@
-# groupadd
-/usr/local/selinux/bin/sgroupadd	system_u:object_r:groupadd_exec_t
-/usr/local/selinux/bin/sgroupdel	system_u:object_r:groupadd_exec_t
-/usr/local/selinux/bin/sgroupmod	system_u:object_r:groupadd_exec_t
-/usr/local/selinux/bin/sgpasswd		system_u:object_r:groupadd_exec_t
-/usr/bin/sgroupmod		system_u:object_r:groupadd_exec_t
-/usr/bin/sgroupadd               system_u:object_r:groupadd_exec_t
-/usr/bin/sgroupdel               system_u:object_r:groupadd_exec_t
-/usr/bin/sgpasswd               system_u:object_r:groupadd_exec_t
-
diff -ru /tmp/policy/file_contexts/program/passwd.fc ./file_contexts/program/passwd.fc
--- /tmp/policy/file_contexts/program/passwd.fc	2003-03-27 23:58:03.000000000 +1100
+++ ./file_contexts/program/passwd.fc	2003-04-02 18:08:36.000000000 +1000
@@ -3,10 +3,12 @@
 /usr/local/selinux/bin/schsh	system_u:object_r:passwd_exec_t
 /usr/local/selinux/bin/schfn	system_u:object_r:passwd_exec_t
 /usr/local/selinux/bin/svipw    system_u:object_r:admin_passwd_exec_t
+/usr/local/selinux/bin/svigr	system_u:object_r:admin_passwd_exec_t
 /usr/local/selinux/bin/sadminpasswd system_u:object_r:admin_passwd_exec_t
 /usr/bin/spasswd		system_u:object_r:passwd_exec_t
 /usr/bin/passwd			system_u:object_r:passwd_real_exec_t
 /usr/bin/schsh			system_u:object_r:passwd_exec_t
 /usr/bin/schfn			system_u:object_r:passwd_exec_t
 /usr/bin/svipw                 system_u:object_r:admin_passwd_exec_t
+/usr/bin/svigr			system_u:object_r:admin_passwd_exec_t
 /usr/bin/sadminpasswd          system_u:object_r:admin_passwd_exec_t
diff -ru /tmp/policy/file_contexts/program/useradd.fc ./file_contexts/program/useradd.fc
--- /tmp/policy/file_contexts/program/useradd.fc	2003-04-11 19:46:03.000000000 +1000
+++ ./file_contexts/program/useradd.fc	2003-03-30 17:07:35.000000000 +1000
@@ -5,3 +5,13 @@
 /usr/bin/susermod		system_u:object_r:useradd_exec_t
 /usr/bin/suseradd               system_u:object_r:useradd_exec_t
 /usr/bin/suserdel               system_u:object_r:useradd_exec_t
+# groupadd
+/usr/local/selinux/bin/sgroupadd	system_u:object_r:groupadd_exec_t
+/usr/local/selinux/bin/sgroupdel	system_u:object_r:groupadd_exec_t
+/usr/local/selinux/bin/sgroupmod	system_u:object_r:groupadd_exec_t
+/usr/local/selinux/bin/sgpasswd		system_u:object_r:groupadd_exec_t
+/usr/bin/sgroupmod		system_u:object_r:groupadd_exec_t
+/usr/bin/sgroupadd               system_u:object_r:groupadd_exec_t
+/usr/bin/sgroupdel               system_u:object_r:groupadd_exec_t
+/usr/bin/sgpasswd               system_u:object_r:groupadd_exec_t
+
diff -ru /tmp/policy/macros/program/chkpwd_macros.te ./macros/program/chkpwd_macros.te
--- /tmp/policy/macros/program/chkpwd_macros.te	2002-10-02 03:28:52.000000000 +1000
+++ ./macros/program/chkpwd_macros.te	2003-04-21 17:47:26.000000000 +1000
@@ -23,8 +23,9 @@
 # The user role is authorized for this domain.
 role $1_r types $1_chkpwd_t;
 
-# This domain is granted permissions common to most domains (includes can_net)
-every_domain($1_chkpwd_t)
+uses_shlib($1_chkpwd_t)
+allow $1_chkpwd_t self:unix_dgram_socket create_socket_perms;
+r_dir_file($1_chkpwd_t, locale_t)
 
 # Use capabilities.
 allow $1_chkpwd_t self:capability setuid;

[-- Attachment #5: simple.diff --]
[-- Type: text/x-diff, Size: 12856 bytes --]

diff -ru /tmp/policy/domains/program/klogd.te ./domains/program/klogd.te
--- /tmp/policy/domains/program/klogd.te	2003-04-02 18:06:26.000000000 +1000
+++ ./domains/program/klogd.te	2003-04-25 03:52:17.000000000 +1000
@@ -7,47 +7,35 @@
 #
 # Rules for the klogd_t domain.
 #
-type klogd_t, domain, privlog, privmem;
-role system_r types klogd_t;
-uses_shlib(klogd_t)
-type klogd_exec_t, file_type, sysadmfile, exec_type;
-domain_auto_trans(initrc_t, klogd_exec_t, klogd_t)
-allow klogd_t self:process { fork signal };
-
-type klogd_tmp_t, file_type, sysadmfile, tmpfile;
-file_type_auto_trans(klogd_t, tmp_t, klogd_tmp_t)
-allow klogd_t var_t:dir r_dir_perms;
-type klogd_var_run_t, file_type, sysadmfile, pidfile;
-file_type_auto_trans(klogd_t, var_run_t, klogd_var_run_t)
+daemon_domain(klogd, `, privmem')
+
+tmp_domain(klogd)
 allow klogd_t proc_t:dir r_dir_perms;
 allow klogd_t proc_t:lnk_file r_file_perms;
+allow klogd_t proc_t:file { getattr read };
 allow klogd_t self:dir r_dir_perms;
 allow klogd_t self:lnk_file r_file_perms;
 
 # read /etc/nsswitch.conf
+allow klogd_t etc_t:lnk_file read;
 allow klogd_t etc_t:file r_file_perms;
 
 # read localization information
 allow klogd_t locale_t:dir r_dir_perms;
 allow klogd_t locale_t:{file lnk_file} r_file_perms;
 
+allow klogd_t etc_runtime_t:file { getattr read };
+
 # Create unix sockets
 allow klogd_t self:unix_dgram_socket create_socket_perms;
 
 # Use the sys_admin and sys_rawio capabilities.
 allow klogd_t klogd_t:capability { sys_admin sys_rawio };
 
-# Inherit and use descriptors from init.
-allow klogd_t init_t:fd use;
-
 # Read /proc/kmsg and /dev/mem.
-allow klogd_t device_t:dir r_dir_perms;
 allow klogd_t proc_kmsg_t:file r_file_perms;
 allow klogd_t memory_device_t:chr_file r_file_perms;
 
-# Write to the console.
-allow klogd_t { initrc_devpts_t console_device_t }:chr_file rw_file_perms;
-
 # Control syslog and console logging
 allow klogd_t kernel_t:system { syslog_mod syslog_console };
 
diff -ru /tmp/policy/domains/program/syslogd.te ./domains/program/syslogd.te
--- /tmp/policy/domains/program/syslogd.te	2003-04-02 18:06:29.000000000 +1000
+++ ./domains/program/syslogd.te	2003-04-25 03:54:06.000000000 +1000
@@ -12,31 +12,22 @@
 # devlog_t is the type of the Unix domain socket created 
 # by syslogd.
 #
-type syslogd_t, domain;
-role system_r types syslogd_t;
-uses_shlib(syslogd_t)
-type syslogd_exec_t, file_type, sysadmfile, exec_type;
-domain_auto_trans(initrc_t, syslogd_exec_t, syslogd_t)
+daemon_domain(syslogd)
+
+# can_network is for the UDP socket
+can_network(syslogd_t)
+
 type devlog_t, file_type, sysadmfile;
-allow syslogd_t self:process { fork signal };
 
 # if something can log to syslog they should be able to log to the console
 allow privlog console_device_t:chr_file { ioctl read write getattr };
 
-type syslogd_tmp_t, file_type, sysadmfile, tmpfile;
-file_type_auto_trans(syslogd_t, tmp_t, syslogd_tmp_t)
-type syslogd_var_run_t, file_type, sysadmfile, pidfile;
-file_type_auto_trans(syslogd_t, var_run_t, syslogd_var_run_t, file)
-allow syslogd_t var_t:dir r_dir_perms;
+tmp_domain(syslogd)
 
 # read files in /etc
 allow syslogd_t etc_t:file r_file_perms;
 allow syslogd_t resolv_conf_t:{ file lnk_file } r_file_perms;
 
-# read localization information
-allow syslogd_t locale_t:dir r_dir_perms;
-allow syslogd_t locale_t:{file lnk_file} r_file_perms;
-
 # Use capabilities.
 allow syslogd_t syslogd_t:capability { net_bind_service dac_override };
 
@@ -65,3 +56,7 @@
 
 # Write to the cron log.
 allow syslogd_t cron_log_t:file rw_file_perms;
+
+ifdef(`logrotate.te', `
+allow logrotate_t syslogd_exec_t:file r_file_perms;
+')
diff -ru /tmp/policy/file_contexts/program/fsadm.fc ./file_contexts/program/fsadm.fc
--- /tmp/policy/file_contexts/program/fsadm.fc	2003-02-12 23:36:12.000000000 +1100
+++ ./file_contexts/program/fsadm.fc	2003-04-08 09:06:20.000000000 +1000
@@ -6,6 +6,7 @@
 /sbin/mkreiserfs		system_u:object_r:fsadm_exec_t
 /sbin/resize.*fs		system_u:object_r:fsadm_exec_t
 /sbin/e2label			system_u:object_r:fsadm_exec_t
+/sbin/findfs			system_u:object_r:fsadm_exec_t
 /sbin/mkfs			system_u:object_r:fsadm_exec_t
 /sbin/mke2fs			system_u:object_r:fsadm_exec_t
 /sbin/mkswap			system_u:object_r:fsadm_exec_t
@@ -22,6 +23,7 @@
 /sbin/mkraid			system_u:object_r:fsadm_exec_t
 /sbin/blockdev			system_u:object_r:fsadm_exec_t
 /sbin/losetup			system_u:object_r:fsadm_exec_t
+/sbin/jfs_.*			system_u:object_r:fsadm_exec_t
 /usr/sbin/updfstab		system_u:object_r:fsadm_exec_t
 /usr/sbin/smart(d|ctl)		system_u:object_r:fsadm_exec_t
 /sbin/lvmiopversion		system_u:object_r:fsadm_exec_t
diff -ru /tmp/policy/file_contexts/program/postfix.fc ./file_contexts/program/postfix.fc
--- /tmp/policy/file_contexts/program/postfix.fc	2003-03-27 23:58:04.000000000 +1100
+++ ./file_contexts/program/postfix.fc	2003-04-24 12:51:18.000000000 +1000
@@ -24,7 +24,7 @@
 /usr/sbin/postmap		system_u:object_r:postfix_master_exec_t
 /usr/sbin/postqueue		system_u:object_r:postfix_postqueue_exec_t
 /usr/sbin/postsuper		system_u:object_r:postfix_master_exec_t
-/usr/sbin/rmail			system_u:object_r:postfix_master_exec_t
+/usr/sbin/rmail			system_u:object_r:sendmail_exec_t
 /var/spool/postfix(/[^/]+)?	system_u:object_r:postfix_spool_t
 /var/spool/postfix/active(/.*)?	system_u:object_r:postfix_spool_t
 /var/spool/postfix/hold(/.*)?	system_u:object_r:postfix_spool_t
diff -ru /tmp/policy/file_contexts/program/syslogd.fc ./file_contexts/program/syslogd.fc
--- /tmp/policy/file_contexts/program/syslogd.fc	2003-03-16 22:33:46.000000000 +1100
+++ ./file_contexts/program/syslogd.fc	2003-04-25 03:54:53.000000000 +1000
@@ -5,5 +5,4 @@
 /sbin/syslog-ng			system_u:object_r:syslogd_exec_t
 /dev/log			system_u:object_r:devlog_t
 /var/run/log			system_u:object_r:devlog_t
-/var/run/klogd\.pid		system_u:object_r:klogd_var_run_t
 /var/run/syslogd\.pid		system_u:object_r:syslogd_var_run_t
diff -ru /tmp/policy/macros/program/crontab_macros.te ./macros/program/crontab_macros.te
--- /tmp/policy/macros/program/crontab_macros.te	2003-03-14 02:14:55.000000000 +1100
+++ ./macros/program/crontab_macros.te	2003-04-20 18:20:48.000000000 +1000
@@ -27,8 +27,11 @@
 # The user role is authorized for this domain.
 role $1_r types $1_crontab_t;
 
-# This domain is granted permissions common to most domains (including can_net)
-every_domain($1_crontab_t)
+uses_shlib($1_crontab_t)
+allow $1_crontab_t etc_t:file { getattr read };
+allow $1_crontab_t self:unix_stream_socket create_socket_perms;
+allow $1_crontab_t self:unix_dgram_socket create_socket_perms;
+r_dir_file($1_crontab_t, locale_t)
 
 # Use capabilities
 allow $1_crontab_t $1_crontab_t:capability { setuid setgid chown };
@@ -40,7 +43,9 @@
 type $1_cron_spool_t, file_type, sysadmfile;
 # Use the type when creating files in /var/spool/cron.
 allow sysadm_crontab_t $1_cron_spool_t:file { getattr read };
+allow $1_crontab_t var_spool_t:dir search;
 file_type_auto_trans($1_crontab_t, cron_spool_t, $1_cron_spool_t)
+allow $1_crontab_t self:process { fork signal_perms };
 ifdef(`fcron.te', `
 allow crond_t $1_cron_spool_t:file create_file_perms;
 # fcron wants an instant update of a crontab change for the administrator
@@ -57,7 +62,9 @@
 allow crond_t $1_cron_spool_t:file r_file_perms;
 
 # Run helper programs as $1_t
-domain_auto_trans($1_crontab_t, { bin_t sbin_t exec_type }, $1_t)
+allow $1_crontab_t { bin_t sbin_t }:dir search;
+allow $1_crontab_t bin_t:lnk_file read;
+domain_auto_trans_read($1_crontab_t, { bin_t sbin_t shell_exec_t }, $1_t)
 
 # Read user crontabs 
 allow $1_crontab_t { $1_home_t $1_home_dir_t }:dir r_dir_perms;  
@@ -69,10 +76,11 @@
 allow $1_crontab_t cron_log_t:file { append };
 
 # Access terminals.
+allow $1_crontab_t device_t:dir search;
 allow $1_crontab_t $1_tty_device_t:chr_file rw_file_perms;
 allow $1_crontab_t $1_devpts_t:chr_file rw_file_perms;
 
 # Inherit and use descriptors from gnome-pty-helper.
 ifdef(`gnome-pty-helper.te', `allow $1_crontab_t $1_gph_t:fd use;')
-
+allow $1_crontab_t privfd:fd use;
 ')
diff -ru /tmp/policy/macros/program/gpg_macros.te ./macros/program/gpg_macros.te
--- /tmp/policy/macros/program/gpg_macros.te	2003-03-27 23:58:06.000000000 +1100
+++ ./macros/program/gpg_macros.te	2003-04-05 14:18:06.000000000 +1000
@@ -80,6 +80,6 @@
 allow $1_gpg_t { etc_t usr_t }:dir r_dir_perms;
 allow $1_gpg_t fs_t:filesystem getattr;
 allow $1_gpg_t usr_t:file r_file_perms;
-allow $1_gpg_t etc_t:lnk_file r_file_perms;
+r_dir_file($1_gpg_t, locale_t)
 allow $1_t $1_gpg_secret_t:dir rw_dir_perms;
 ')
diff -ru /tmp/policy/macros/program/gph_macros.te ./macros/program/gph_macros.te
--- /tmp/policy/macros/program/gph_macros.te	2003-01-20 11:04:03.000000000 +1100
+++ ./macros/program/gph_macros.te	2003-04-17 08:43:31.000000000 +1000
@@ -34,7 +34,7 @@
 role $1_r types $1_gph_t;
 
 # This domain is granted permissions common to most domains.
-every_domain($1_gph_t)
+uses_shlib($1_gph_t)
 
 # Use capabilities.
 allow $1_gph_t $1_gph_t:capability { setuid setgid fsetid };
diff -ru /tmp/policy/macros/program/irc_macros.te ./macros/program/irc_macros.te
--- /tmp/policy/macros/program/irc_macros.te	2003-03-14 02:14:55.000000000 +1100
+++ ./macros/program/irc_macros.te	2003-04-12 10:02:10.000000000 +1000
@@ -36,9 +36,7 @@
 role $1_r types $1_irc_t;
 
 # Inherit and use descriptors from gnome-pty-helper.
-ifdef(`gnome-pty-helper.te',
-`allow $1_irc_t $1_gph_t:fd use;
-allow $1_t $1_gph_t:fd use;')
+ifdef(`gnome-pty-helper.te', `allow $1_irc_t $1_gph_t:fd use;')
 
 # Inherit and use descriptors from newrole.
 ifdef(`newrole.te', `allow $1_irc_t newrole_t:fd use;')
@@ -53,7 +51,7 @@
 
 uses_shlib($1_irc_t)
 allow $1_irc_t { etc_t resolv_conf_t }:file { read getattr };
-allow $1_irc_t etc_t:lnk_file read;
+r_dir_file($1_irc_t, locale_t)
 allow $1_irc_t fs_t:filesystem getattr;
 allow $1_irc_t var_t:dir search;
 allow $1_irc_t devpts_t:dir { getattr read search };
diff -ru /tmp/policy/macros/program/run_program_macros.te ./macros/program/run_program_macros.te
--- /tmp/policy/macros/program/run_program_macros.te	2002-11-04 23:28:01.000000000 +1100
+++ ./macros/program/run_program_macros.te	2003-04-20 22:13:21.000000000 +1000
@@ -29,6 +29,9 @@
 allow run_$3_t initrc_var_run_t:file rw_file_perms;
 allow run_$3_t admin_tty_type:chr_file rw_file_perms;
 
+dontaudit run_$3_t devpts_t:dir { getattr read };
+dontaudit run_$3_t device_t:dir read;
+
 # often the administrator runs such programs from a directory that is owned
 # by a different user or has restrictive SE permissions, do not want to audit
 # the failed access to the current directory
@@ -39,6 +42,14 @@
 
 domain_trans(run_$3_t, $4, $5)
 
-# hmm, do we REALLY need this?
-every_domain(run_$3_t)
+allow run_$3_t privfd:fd use;
+uses_shlib(run_$3_t)
+allow run_$3_t security_t:security { sid_to_context context_to_sid };
+allow run_$3_t self:unix_stream_socket create_socket_perms;
+allow run_$3_t self:unix_dgram_socket create_socket_perms;
+allow run_$3_t etc_t:file { getattr read };
+r_dir_file(run_$3_t, locale_t)
+allow run_$3_t fs_t:filesystem getattr;
+allow run_$3_t { bin_t sbin_t }:dir search;
+dontaudit run_$3_t { proc_t device_t }:dir { getattr search };
 ')
diff -ru /tmp/policy/macros/program/sendmail_macros.te ./macros/program/sendmail_macros.te
--- /tmp/policy/macros/program/sendmail_macros.te	2003-01-20 11:04:03.000000000 +1100
+++ ./macros/program/sendmail_macros.te	2003-03-23 10:08:30.000000000 +1100
@@ -25,9 +25,6 @@
 # Use this type when creating files in /tmp.
 file_type_auto_trans($1_mail_t, tmp_t, $1_mail_tmp_t)
 
-# Update /etc/mail/statistics.
-allow $1_mail_t etc_mail_t:file rw_file_perms;
-
 # Write to /var/spool/mail and /var/spool/mqueue.
 allow $1_mail_t mail_spool_t:dir rw_dir_perms;
 allow $1_mail_t mail_spool_t:file create_file_perms;
diff -ru /tmp/policy/macros/program/ssh_macros.te ./macros/program/ssh_macros.te
--- /tmp/policy/macros/program/ssh_macros.te	2003-04-02 18:06:41.000000000 +1000
+++ ./macros/program/ssh_macros.te	2003-04-08 09:07:20.000000000 +1000
@@ -111,6 +111,9 @@
 r_dir_file(sshd_t, $1_home_ssh_t)
 rw_dir_create_file($1_t, $1_home_ssh_t)
 
+# for /bin/sh used to execute xauth
+dontaudit $1_ssh_t proc_t:dir search;
+
 # Inherit and use descriptors from gnome-pty-helper.
 ifdef(`gnome-pty-helper.te', `allow $1_ssh_t $1_gph_t:fd use;')
 
diff -ru /tmp/policy/macros/program/xserver_macros.te ./macros/program/xserver_macros.te
--- /tmp/policy/macros/program/xserver_macros.te	2003-03-28 06:10:03.000000000 +1100
+++ ./macros/program/xserver_macros.te	2003-04-05 14:18:23.000000000 +1000
@@ -128,6 +128,8 @@
 allow $1_t $1_xserver_tmpfs_t:file rw_file_perms;
 ')
 
+r_dir_file($1_xserver_t, locale_t)
+
 # David Wheeler says he needs the following permission
 # for his X server.  Something is wrong here - the shared
 # memory pseudo file should be labeled $1_tmpfs_t and handled

^ permalink raw reply	[flat|nested] 47+ messages in thread
* RE: policy patches
@ 2003-03-27 18:25 Kelly_Djahandari
  0 siblings, 0 replies; 47+ messages in thread
From: Kelly_Djahandari @ 2003-03-27 18:25 UTC (permalink / raw)
  To: russell, selinux

I've updated the policy files on sourceforge with the "file_type" patch and most of the "general" patch. We are still looking at the "readable" patch. Thanks Russell for the patches.

Kelly Djahandari
Network Associates Laboratories

> -----Original Message-----
> From: Russell Coker [mailto:russell@coker.com.au]
> Sent: Saturday, March 22, 2003 5:53 PM
> To: SE Linux
> Subject: policy patches
> 
> 
> I've attached a patch to use readable_t for the timezone 
> files.  It's a bit of 
> an experimental patch, perhaps we should have a timezone_t instead.
> 
> I've attached a patch to make some file_type_auto_trans rules 
> specific to the 
> classes that they need to create.  This removes some access 
> that isn't 
> needed.  I think that this should be included in the CVS.
> 
> The file "general" contains a patch for the global macros, 
> and a patch for the 
> X server policy to tighten it down a lot.  This is also good 
> for the CVS 
> IMHO.
> 
> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced 
> Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page
> 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 47+ messages in thread
* RE: policy patches
@ 2003-03-26 17:47 Kelly_Djahandari
  0 siblings, 0 replies; 47+ messages in thread
From: Kelly_Djahandari @ 2003-03-26 17:47 UTC (permalink / raw)
  To: russell, selinux

Russell's policy patches have been applied and the modified files are available on sourceforge. Thanks Russell.

Kelly Djahandari
Network Associates Laboratories

> -----Original Message-----
> From: Russell Coker [mailto:russell@coker.com.au]
> Sent: Saturday, March 22, 2003 5:14 PM
> To: SE Linux
> Subject: policy patches
> 
> 
> I've attached a patch for the passwd_t policy as previously described.
> 
> I've also attached a patch containing some trivial changes, 
> none of which 
> should require much consideration before being included.
> 
> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced 
> Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page
> 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2003-03-22 22:53 Russell Coker
  0 siblings, 0 replies; 47+ messages in thread
From: Russell Coker @ 2003-03-22 22:53 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 773 bytes --]

I've attached a patch to use readable_t for the timezone files.  It's a bit of 
an experimental patch, perhaps we should have a timezone_t instead.

I've attached a patch to make some file_type_auto_trans rules specific to the 
classes that they need to create.  This removes some access that isn't 
needed.  I think that this should be included in the CVS.

The file "general" contains a patch for the global macros, and a patch for the 
X server policy to tighten it down a lot.  This is also good for the CVS 
IMHO.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: readable --]
[-- Type: text/x-diff, Size: 1285 bytes --]

diff -ru /tmp/policy/domains/program/init.te policy/domains/program/init.te
--- /tmp/policy/domains/program/init.te	2003-03-22 21:52:23.000000000 +0100
+++ policy/domains/program/init.te	2003-03-22 22:07:25.000000000 +0100
@@ -119,3 +119,8 @@
 
 # for initrd pivot_root seems to access this
 dontaudit init_t file_labels_t:dir { search };
+
+# Read directories and files with the readable_t type.
+# This type is a general type for "world"-readable files.
+allow domain readable_t:dir r_dir_perms;
+allow domain readable_t:notdevfile_class_set r_file_perms;
diff -ru /tmp/policy/file_contexts/types.fc policy/file_contexts/types.fc
--- /tmp/policy/file_contexts/types.fc	2003-03-16 12:33:43.000000000 +0100
+++ policy/file_contexts/types.fc	2003-03-22 21:28:34.000000000 +0100
@@ -170,6 +171,7 @@
 /etc/security/selinux/src(/.*)?	system_u:object_r:policy_src_t
 /etc/security/default_context.*	system_u:object_r:default_context_t
 /etc/services			system_u:object_r:etc_t
+/etc/localtime			system_u:object_r:readable_t
 
 #
 # /lib
@@ -197,6 +200,7 @@
 # /usr
 #
 /usr(/.*)?			system_u:object_r:usr_t
+/usr/share/zoneinfo(/.*)?	system_u:object_r:readable_t
 /usr/etc(/.*)?			system_u:object_r:etc_t
 /usr/libexec(/.*)?		system_u:object_r:lib_t
 /usr/src(/.*)?			system_u:object_r:src_t

[-- Attachment #3: file_type --]
[-- Type: text/x-diff, Size: 2961 bytes --]

diff -ru /tmp/policy/domains/program/fsadm.te policy/domains/program/fsadm.te
--- /tmp/policy/domains/program/fsadm.te	2003-02-12 13:36:05.000000000 +0100
+++ policy/domains/program/fsadm.te	2003-03-18 11:57:43.000000000 +0100
@@ -26,11 +26,11 @@
 # remount file system to apply changes
 allow fsadm_t fs_t:filesystem remount;
 
-# Use capabilities.
-allow fsadm_t fsadm_t:capability { sys_admin sys_rawio };
+# Use capabilities.  ipc_lock is for losetup
+allow fsadm_t self:capability { ipc_lock sys_rawio sys_admin };
 
 # Write to /etc/mtab.
-file_type_auto_trans(fsadm_t, etc_t, etc_runtime_t)
+file_type_auto_trans(fsadm_t, etc_t, etc_runtime_t, file)
 
 # Inherit and use descriptors from init.
 allow fsadm_t init_t:fd use;
diff -ru /tmp/policy/domains/program/init.te policy/domains/program/init.te
--- /tmp/policy/domains/program/init.te	2003-03-22 21:52:23.000000000 +0100
+++ policy/domains/program/init.te	2003-03-22 22:07:25.000000000 +0100
@@ -43,10 +43,10 @@
 ')
 
 # Create /dev/initctl.
-file_type_auto_trans(init_t, device_t, initctl_t)
+file_type_auto_trans(init_t, device_t, initctl_t, fifo_file)
 
 # Create ioctl.save.
-file_type_auto_trans(init_t, etc_t, etc_runtime_t)
+file_type_auto_trans(init_t, etc_t, etc_runtime_t, file)
 
 # Update /etc/ld.so.cache
 allow init_t ld_so_cache_t:file rw_file_perms;
diff -ru /tmp/policy/domains/program/initrc.te policy/domains/program/initrc.te
--- /tmp/policy/domains/program/initrc.te	2003-03-22 21:52:23.000000000 +0100
+++ policy/domains/program/initrc.te	2003-03-22 22:12:15.000000000 +0100
@@ -102,7 +102,7 @@
 allow initrc_t file_t:dir { read search getattr mounton };
 
 # Create runtime files in /etc, e.g. /etc/mtab, /etc/HOSTNAME.
-file_type_auto_trans(initrc_t, etc_t, etc_runtime_t)
+file_type_auto_trans(initrc_t, etc_t, etc_runtime_t, file)
 
 # Update /etc/ld.so.cache.
 allow initrc_t ld_so_cache_t:file rw_file_perms;
diff -ru /tmp/policy/domains/program/mount.te policy/domains/program/mount.te
--- /tmp/policy/domains/program/mount.te	2003-01-20 01:04:01.000000000 +0100
+++ policy/domains/program/mount.te	2003-03-18 11:57:37.000000000 +0100
@@ -20,7 +20,7 @@
 allow mount_t self:capability { ipc_lock dac_override };
 
 # Create and modify /etc/mtab.
-file_type_auto_trans(mount_t, etc_t, etc_runtime_t)
+file_type_auto_trans(mount_t, etc_t, etc_runtime_t, file)
 
 allow mount_t file_type:dir search;
 
diff -ru /tmp/policy/macros/program/mount_macros.te policy/macros/program/mount_macros.te
--- /tmp/policy/macros/program/mount_macros.te	2002-09-21 05:01:30.000000000 +0200
+++ policy/macros/program/mount_macros.te	2003-03-18 11:58:42.000000000 +0100
@@ -33,7 +33,7 @@
 allow $2_t self:capability { net_bind_service sys_rawio sys_admin };
 
 # Create and modify /etc/mtab.
-file_type_auto_trans($2_t, etc_t, etc_runtime_t)
+file_type_auto_trans($2_t, etc_t, etc_runtime_t, file)
 
 # Access the terminal.
 allow $2_t $1_tty_device_t:chr_file { getattr read write ioctl };

[-- Attachment #4: general --]
[-- Type: text/x-diff, Size: 2095 bytes --]

diff -ru /tmp/policy/macros/global_macros.te policy/macros/global_macros.te
--- /tmp/policy/macros/global_macros.te	2003-03-22 21:52:43.000000000 +0100
+++ policy/macros/global_macros.te	2003-03-22 22:38:33.000000000 +0100
@@ -605,6 +620,11 @@
 allow $1 self:msgq rw_msgq_perms;
 allow $1 self:shm  rw_shm_perms;
 
+# Use descriptors created by login, sshd, or newrole.
+allow $1 privfd:fd use;
+
+# Use descriptors created by mount (e.g. NFS).
+allow $1 mount_t:fd use;
 ')
 
 #
diff -ru /tmp/policy/macros/program/xserver_macros.te policy/macros/program/xserver_macros.te
--- /tmp/policy/macros/program/xserver_macros.te	2003-03-17 23:08:46.000000000 +0100
+++ policy/macros/program/xserver_macros.te	2003-03-07 17:53:53.000000000 +0100
@@ -48,10 +48,24 @@
 
 allow $1_xserver_t proc_t:dir search;
 
-# Use capabilities.  Access /dev/mem.  
-allow $1_xserver_t self:capability { setuid setgid sys_rawio sys_nice };
+# Use capabilities.
+# allow setuid/setgid for the wrapper program to change UID
+# sys_rawio is for iopl access - should not be needed for frame-buffer
+# sys_admin, locking shared mem?  chowning IPC message queues or semaphores?
+# admin of APM bios?
+# sys_nice is so that the X server can set a negative nice value
+allow $1_xserver_t self:capability { setuid setgid sys_rawio sys_admin sys_nice };
 dontaudit $1_xserver_t self:capability { dac_override dac_read_search };
+
+# memory_device_t access is needed if not using the frame buffer
+dontaudit $1_xserver_t memory_device_t:chr_file read;
 #allow $1_xserver_t memory_device_t:chr_file { rw_file_perms execute };
+# net_bind_service is needed if you want your X server to allow TCP connections
+# from other hosts, EG an XDM serving a network of X terms
+# if you want good security you do not want this
+# not sure why some people want chown, fsetid, and sys_tty_config.
+#allow $1_xserver_t self:capability { net_bind_service chown fsetid sys_tty_config };
+dontaudit $1_xserver_t self:capability chown;
 
 allow $1_xserver_t mtrr_device_t:file rw_file_perms;
 allow $1_xserver_t apm_bios_t:chr_file rw_file_perms;

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2003-03-22 22:14 Russell Coker
  2003-03-24 17:13 ` Wayne Salamon
  0 siblings, 1 reply; 47+ messages in thread
From: Russell Coker @ 2003-03-22 22:14 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 458 bytes --]

I've attached a patch for the passwd_t policy as previously described.

I've also attached a patch containing some trivial changes, none of which 
should require much consideration before being included.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: passwd --]
[-- Type: text/x-diff, Size: 2633 bytes --]

diff -ru /tmp/policy/assert.te policy/assert.te
--- /tmp/policy/assert.te	2003-01-20 01:03:58.000000000 +0100
+++ policy/assert.te	2003-03-07 10:11:56.000000000 +0100
@@ -113,7 +113,7 @@
 #
 ifdef(`passwd.te',
 `neverallow passwd_t ~{ admin_passwd_exec_t passwd_exec_t }:file entrypoint;
-neverallow passwd_t ~{ bin_t sbin_t shell_exec_t ld_so_t }:file execute_no_trans;')
+neverallow passwd_t ~{ bin_t sbin_t shell_exec_t ld_so_t passwd_real_exec_t }:file execute_no_trans;')
 
 #
 # Verify that only the admin domains and initrc_t have avc_toggle.
diff -ru /tmp/policy/domains/program/passwd.te policy/domains/program/passwd.te
--- /tmp/policy/domains/program/passwd.te	2003-03-13 16:14:38.000000000 +0100
+++ policy/domains/program/passwd.te	2003-03-22 22:23:00.000000000 +0100
@@ -18,6 +18,7 @@
 role sysadm_r types passwd_t;
 
 type passwd_exec_t, file_type, sysadmfile, exec_type;
+type passwd_real_exec_t, file_type, sysadmfile;
 type admin_passwd_exec_t, file_type, sysadmfile;
 
 general_domain_access(passwd_t);
@@ -27,6 +28,9 @@
 domain_auto_trans(userdomain, passwd_exec_t, passwd_t)
 domain_auto_trans(sysadm_t, admin_passwd_exec_t, passwd_t)
 
+# for vipw - vi looks in the root home directory for config
+dontaudit passwd_t sysadm_home_dir_t:dir { getattr search };
+
 # Use capabilities.
 allow passwd_t passwd_t:capability { chown dac_override fsetid setuid sys_resource };
 
@@ -35,7 +39,7 @@
 
 # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
 allow passwd_t { bin_t sbin_t }:dir r_dir_perms;
-can_exec(passwd_t, { bin_t sbin_t shell_exec_t })
+can_exec(passwd_t, { bin_t sbin_t shell_exec_t passwd_real_exec_t })
 
 # allow checking if a shell is executable
 allow passwd_t shell_exec_t:file execute;
@@ -72,3 +76,5 @@
 # audit those denials.
 # Access denials to /var aren't audited either.
 dontaudit passwd_t { proc_t device_t var_t }:dir { search read };
+
+allow passwd_t device_t:dir getattr;
diff -ru /tmp/policy/file_contexts/program/passwd.fc policy/file_contexts/program/passwd.fc
--- /tmp/policy/file_contexts/program/passwd.fc	2002-09-27 22:27:40.000000000 +0200
+++ policy/file_contexts/program/passwd.fc	2003-03-07 10:15:28.000000000 +0100
@@ -5,6 +5,7 @@
 /usr/local/selinux/bin/svipw    system_u:object_r:admin_passwd_exec_t
 /usr/local/selinux/bin/sadminpasswd system_u:object_r:admin_passwd_exec_t
 /usr/bin/spasswd		system_u:object_r:passwd_exec_t
+/usr/bin/passwd			system_u:object_r:passwd_real_exec_t
 /usr/bin/schsh			system_u:object_r:passwd_exec_t
 /usr/bin/schfn			system_u:object_r:passwd_exec_t
 /usr/bin/svipw                 system_u:object_r:admin_passwd_exec_t

[-- Attachment #3: trivial --]
[-- Type: text/x-diff, Size: 15631 bytes --]

diff -ru /tmp/policy/domains/program/crond.te policy/domains/program/crond.te
--- /tmp/policy/domains/program/crond.te	2003-01-20 01:04:00.000000000 +0100
+++ policy/domains/program/crond.te	2003-02-24 08:12:09.000000000 +0100
@@ -10,7 +10,7 @@
 #	    Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
 #
 
-# Domain for crond.  Does it really need auth?
+# Domain for crond.  It needs auth to check for locked accounts.
 daemon_domain(crond, `, privrole, privmail, auth, privfd')
 
 # This domain is granted permissions common to most domains (including can_net)
@@ -157,6 +157,9 @@
 system_crond_entry(insmod_exec_t, insmod_t)
 ')
 
+# for if /var/mail is a symlink
+allow crond_t mail_spool_t:lnk_file read;
+
 # Run logrotate in the logrotate_t domain.
 ifdef(`logrotate.te', `
 system_crond_entry(logrotate_exec_t, logrotate_t)
diff -ru /tmp/policy/domains/program/init.te policy/domains/program/init.te
--- /tmp/policy/domains/program/init.te	2003-03-22 21:52:23.000000000 +0100
+++ policy/domains/program/init.te	2003-03-22 22:07:25.000000000 +0100
@@ -100,7 +100,7 @@
 # get stuck if you don't allow unlabeled policies to signal init
 # If you load an incompatible policy, you should probably reboot,
 # since you may have compromised system security.
-# allow unlabeled_t init_t:process sigchld;
+allow unlabeled_t init_t:process sigchld;
 
 # Read and write the console and ttys.
 allow init_t console_device_t:chr_file rw_file_perms;
diff -ru /tmp/policy/domains/program/initrc.te policy/domains/program/initrc.te
--- /tmp/policy/domains/program/initrc.te	2003-03-22 21:52:23.000000000 +0100
+++ policy/domains/program/initrc.te	2003-03-22 22:12:15.000000000 +0100
@@ -173,10 +173,12 @@
 allow initrc_t ttyfile:chr_file relabelfrom;
 allow initrc_t tty_device_t:chr_file relabelto;
 
+ifdef(`rpm.te', `
 # Create and read /boot/kernel.h.
 # Redhat systems typically create this file at boot time.
 allow initrc_t boot_t:lnk_file r_file_perms;
 file_type_auto_trans(initrc_t, boot_t, boot_runtime_t)
+')
 
 # Delete and re-create /boot/System.map.
 allow initrc_t boot_t:dir { read getattr write remove_name add_name };
diff -ru /tmp/policy/domains/program/modutil.te policy/domains/program/modutil.te
--- /tmp/policy/domains/program/modutil.te	2003-03-22 21:52:25.000000000 +0100
+++ policy/domains/program/modutil.te	2003-03-22 22:14:03.000000000 +0100
@@ -115,7 +115,7 @@
 allow update_modules_t privfd:fd use;
 allow update_modules_t init_t:fd use;
 
-allow update_modules_t device_t:dir search;
+allow update_modules_t device_t:dir { getattr search };
 allow update_modules_t { console_device_t devtty_t }:chr_file rw_file_perms;
 allow update_modules_t { initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 
@@ -127,7 +127,7 @@
 allow update_modules_t modules_dep_t:file rw_file_perms;
 file_type_auto_trans(update_modules_t, modules_object_t, modules_conf_t)
 domain_auto_trans_read(update_modules_t, depmod_exec_t, depmod_t)
-can_exec(update_modules_t, { shell_exec_t bin_t update_modules_exec_t })
+can_exec(update_modules_t, { shell_exec_t bin_t sbin_t update_modules_exec_t etc_t })
 allow update_modules_t bin_t:lnk_file read;
 allow update_modules_t { sbin_t bin_t }:dir search;
 allow update_modules_t { etc_t etc_runtime_t }:file r_file_perms;
diff -ru /tmp/policy/domains/program/newrole.te policy/domains/program/newrole.te
--- /tmp/policy/domains/program/newrole.te	2003-03-22 21:52:25.000000000 +0100
+++ policy/domains/program/newrole.te	2003-03-22 22:21:36.000000000 +0100
@@ -78,8 +78,10 @@
 #
 allow newrole_t security_t:security { sid_to_context context_to_sid change_sid };
 
-# for some PAM modules
-dontaudit newrole_t { home_type }:dir search;
+allow newrole_t fs_t:filesystem getattr;
+
+# for some PAM modules and for cwd
+dontaudit newrole_t { home_root_t home_type }:dir search;
 
 # Failed reads to /proc cause no harm, so don't audit them
 dontaudit newrole_t proc_t:dir search;
diff -ru /tmp/policy/domains/program/setfiles.te policy/domains/program/setfiles.te
--- /tmp/policy/domains/program/setfiles.te	2003-01-20 01:04:01.000000000 +0100
+++ policy/domains/program/setfiles.te	2003-03-18 12:09:56.000000000 +0100
@@ -23,7 +23,7 @@
 allow setfiles_t privfd:fd use;
 
 uses_shlib(setfiles_t)
-allow setfiles_t self:capability dac_override;
+allow setfiles_t self:capability { dac_override dac_read_search };
 
 # for upgrading glibc - without this the glibc upgrade scripts will put things
 # in a state such that setfiles can not be run!
@@ -44,5 +44,9 @@
 allow setfiles_t fs_t:filesystem getattr;
 allow setfiles_t fs_type:dir r_dir_perms;
 
+allow setfiles_t etc_runtime_t:file read;
+allow setfiles_t etc_t:file read;
+allow setfiles_t proc_t:file { getattr read };
+
 # for config files in a home directory
 allow setfiles_t home_type:file r_file_perms;
diff -ru /tmp/policy/file_contexts/program/crond.fc policy/file_contexts/program/crond.fc
--- /tmp/policy/file_contexts/program/crond.fc	2003-03-16 12:33:44.000000000 +0100
+++ policy/file_contexts/program/crond.fc	2003-03-17 00:02:51.000000000 +0100
@@ -1,6 +1,6 @@
 # crond
 /etc/crontab			system_u:object_r:system_crond_script_t
-/etc/cron.d(/.*)?		system_u:object_r:system_crond_script_t
+/etc/cron\.d(/.*)?		system_u:object_r:system_crond_script_t
 /usr/sbin/cron(d)?		system_u:object_r:crond_exec_t
 /usr/sbin/anacron		system_u:object_r:anacron_exec_t
 /var/spool/cron			system_u:object_r:cron_spool_t
@@ -9,7 +9,7 @@
 /var/spool/cron/crontabs/root	system_u:object_r:sysadm_cron_spool_t
 /var/log/cron			system_u:object_r:cron_log_t
 /var/log/mrtg(/.*)?		system_u:object_r:cron_log_t
-/var/run/crond.reboot		system_u:object_r:var_run_crond_t
+/var/run/crond\.reboot		system_u:object_r:var_run_crond_t
 /var/run/crond\.pid		system_u:object_r:var_run_crond_t
 # fcron
 /usr/sbin/fcron			system_u:object_r:crond_exec_t
diff -ru /tmp/policy/file_contexts/program/dhcpc.fc policy/file_contexts/program/dhcpc.fc
--- /tmp/policy/file_contexts/program/dhcpc.fc	2003-03-16 12:33:44.000000000 +0100
+++ policy/file_contexts/program/dhcpc.fc	2003-03-16 23:57:14.000000000 +0100
@@ -6,3 +6,4 @@
 /sbin/dhclient.*		system_u:object_r:dhcpc_exec_t
 /var/lib/dhcp(3)?		system_u:object_r:dhcp_state_t
 /var/lib/dhcp(3)?/dhclient.*	system_u:object_r:dhcpc_state_t
+/var/run/dhclient\.pid		system_u:object_r:var_run_dhcpc_t
diff -ru /tmp/policy/file_contexts/program/dpkg.fc policy/file_contexts/program/dpkg.fc
--- /tmp/policy/file_contexts/program/dpkg.fc	2003-03-13 16:14:48.000000000 +0100
+++ policy/file_contexts/program/dpkg.fc	2003-03-18 12:16:55.000000000 +0100
@@ -32,3 +32,5 @@
 /usr/share/console/getkmapchoice\.pl system_u:object_r:bin_t
 /var/run/update-menus\.pid	system_u:object_r:install_menu_var_run_t
 /usr/share/openoffice\.org-debian-files/install-hook system_u:object_r:bin_t
+/usr/share/dlint/digparse	system_u:object_r:bin_t
+/usr/share/gimp/1.2/user_install system_u:object_r:bin_t
diff -ru /tmp/policy/file_contexts/program/gpg.fc policy/file_contexts/program/gpg.fc
--- /tmp/policy/file_contexts/program/gpg.fc	2003-02-13 17:16:50.000000000 +0100
+++ policy/file_contexts/program/gpg.fc	2003-03-12 23:13:38.000000000 +0100
@@ -1,4 +1,4 @@
 # gpg
-/home/[^/]+/\.gnupg(/.+)?		system_u:object_r:user_gpg_secret_t
-/root/[^/]+/\.gnupg(/.+)?		system_u:object_r:sysadm_gpg_secret_t
+/home/[^/]+/\.gnupg(/.+)?	system_u:object_r:user_gpg_secret_t
+/root/\.gnupg(/.+)?		system_u:object_r:sysadm_gpg_secret_t
 /usr/bin/gpg			system_u:object_r:gpg_exec_t
diff -ru /tmp/policy/file_contexts/program/modutil.fc policy/file_contexts/program/modutil.fc
--- /tmp/policy/file_contexts/program/modutil.fc	2003-03-16 12:33:44.000000000 +0100
+++ policy/file_contexts/program/modutil.fc	2003-03-17 00:30:21.000000000 +0100
@@ -2,7 +2,7 @@
 /etc/modules\.conf(.old)?	system_u:object_r:modules_conf_t
 /lib/modules(/.*)?		system_u:object_r:modules_object_t
 /lib/modules/[^/]+/modules\..+ system_u:object_r:modules_dep_t
-/lib/modules/modprobe\.conf	system_u:object_r:modules_conf_t
+/lib/modules/modprobe\.conf.*	system_u:object_r:modules_conf_t
 /sbin/depmod.*			system_u:object_r:depmod_exec_t
 /sbin/modprobe.*		system_u:object_r:insmod_exec_t
 /sbin/insmod.*			system_u:object_r:insmod_exec_t
diff -ru /tmp/policy/file_contexts/program/netutils.fc policy/file_contexts/program/netutils.fc
--- /tmp/policy/file_contexts/program/netutils.fc	2002-07-03 22:26:22.000000000 +0200
+++ policy/file_contexts/program/netutils.fc	2003-02-06 08:58:52.000000000 +0100
@@ -1,5 +1,5 @@
 # network utilities
-/sbin/ip			system_u:object_r:netutils_exec_t
+/(s)?bin/ip			system_u:object_r:netutils_exec_t
 /sbin/arping			system_u:object_r:netutils_exec_t
 /usr/sbin/tcpdump		system_u:object_r:netutils_exec_t
 /etc/network/ifstate		system_u:object_r:etc_runtime_t
diff -ru /tmp/policy/file_contexts/program/ping.fc policy/file_contexts/program/ping.fc
--- /tmp/policy/file_contexts/program/ping.fc	2002-05-03 14:26:41.000000000 +0200
+++ policy/file_contexts/program/ping.fc	2003-03-22 21:02:01.000000000 +0100
@@ -1,2 +1,2 @@
 # ping
-/bin/ping 			system_u:object_r:ping_exec_t
+/bin/ping.* 			system_u:object_r:ping_exec_t
diff -ru /tmp/policy/file_contexts/program/postfix.fc policy/file_contexts/program/postfix.fc
--- /tmp/policy/file_contexts/program/postfix.fc	2003-03-13 16:14:49.000000000 +0100
+++ policy/file_contexts/program/postfix.fc	2003-02-15 19:44:20.000000000 +0100
@@ -12,6 +12,7 @@
 /usr/lib/postfix/smtp		system_u:object_r:postfix_smtp_exec_t
 /usr/lib/postfix/smtpd		system_u:object_r:postfix_smtpd_exec_t
 /usr/lib/postfix/bounce		system_u:object_r:postfix_bounce_exec_t
+/usr/lib/postfix/pipe		system_u:object_r:postfix_pipe_exec_t
 /usr/sbin/postalias		system_u:object_r:postfix_master_exec_t
 /usr/sbin/postcat		system_u:object_r:postfix_master_exec_t
 /usr/sbin/postconf		system_u:object_r:postfix_master_exec_t
diff -ru /tmp/policy/file_contexts/program/traceroute.fc policy/file_contexts/program/traceroute.fc
--- /tmp/policy/file_contexts/program/traceroute.fc	2003-03-13 16:14:51.000000000 +0100
+++ policy/file_contexts/program/traceroute.fc	2003-03-05 15:20:15.000000000 +0100
@@ -1,3 +1,3 @@
 # traceroute
-/usr/bin/traceroute.*		system_u:object_r:traceroute_exec_t
-/usr/sbin/traceroute		system_u:object_r:traceroute_exec_t
+/usr/(s)?bin/traceroute.*	system_u:object_r:traceroute_exec_t
+/usr/bin/lft			system_u:object_r:traceroute_exec_t
diff -ru /tmp/policy/file_contexts/types.fc policy/file_contexts/types.fc
--- /tmp/policy/file_contexts/types.fc	2003-03-16 12:33:43.000000000 +0100
+++ policy/file_contexts/types.fc	2003-03-22 21:28:34.000000000 +0100
@@ -216,6 +220,7 @@
 /usr/lib/lib.*\.so.*		system_u:object_r:shlib_t
 /usr/lib/python.*\.so		system_u:object_r:shlib_t
 /usr/lib/.*/lib[^/]*\.so.*	system_u:object_r:shlib_t
+/usr/lib/.*/.*\.so		system_u:object_r:shlib_t
 /usr/lib/autofs/.*\.so		system_u:object_r:shlib_t
 /usr/lib/perl5/man(/.*)?	system_u:object_r:man_t
 /usr/lib/perl.*\.so		system_u:object_r:shlib_t
diff -ru /tmp/policy/fs_use policy/fs_use
--- /tmp/policy/fs_use	2002-07-03 22:26:19.000000000 +0200
+++ policy/fs_use	2003-03-01 18:54:03.000000000 +0100
@@ -9,6 +9,7 @@
 fs_use_psid ext2;
 fs_use_psid ext3;
 fs_use_psid reiserfs;
+fs_use_psid jfs;
 
 # Use the allocating task SID to label inodes in the following filesystem
 # types, and label the filesystem itself with the specified context.
diff -ru /tmp/policy/macros/admin_macros.te policy/macros/admin_macros.te
--- /tmp/policy/macros/admin_macros.te	2003-02-12 13:36:15.000000000 +0100
+++ policy/macros/admin_macros.te	2003-03-07 10:15:59.000000000 +0100
@@ -54,7 +54,7 @@
 allow $1_t domain:notdevfile_class_set r_file_perms;
 
 # Send signals to all processes.
-allow $1_t domain:process signal_perms;
+allow $1_t { domain unlabeled_t }:process signal_perms;
 
 # Access all user terminals.
 allow $1_t tty_device_t:chr_file rw_file_perms;
diff -ru /tmp/policy/macros/global_macros.te policy/macros/global_macros.te
--- /tmp/policy/macros/global_macros.te	2003-03-22 21:52:43.000000000 +0100
+++ policy/macros/global_macros.te	2003-03-22 22:38:33.000000000 +0100
@@ -109,7 +109,7 @@
 # 
 # Permissions for reading and adding names to directories.
 #
-define(`ra_dir_perms', `{ read getattr lock search add_name write }')
+define(`ra_dir_perms', `{ read getattr lock search ioctl add_name write }')
 
 
 #
@@ -183,6 +183,11 @@
 allow $1 $2:{ file lnk_file } rw_file_perms;
 ')
 
+define(`ra_dir_file', `
+allow $1 $2:dir ra_dir_perms;
+allow $1 $2:{ file lnk_file } ra_file_perms;
+')
+
 define(`rw_dir_create_file', `
 allow $1 $2:dir rw_dir_perms;
 allow $1 $2:{ file lnk_file } create_file_perms;
@@ -287,6 +292,16 @@
 
 #################################
 #
+# can_ptrace(domain, domain)
+#
+# Permissions for running ptrace (strace or gdb) on another domain
+#
+define(`can_ptrace',`
+allow $1 $2:process ptrace;
+')
+
+#################################
+#
 # can_exec(domain, type)
 #
 # Permissions for executing programs with
@@ -987,12 +1007,11 @@
 
 allow $2_t device_t:dir { getattr search };
 allow $2_t null_device_t:chr_file rw_file_perms;
-allow $2_t console_device_t:chr_file rw_file_perms;
 ')
 
 
 define(`tmp_domain', `
-type $1_tmp_t, file_type, sysadmfile, tmpfile;
+type $1_tmp_t, file_type, sysadmfile, tmpfile $2;
 file_type_auto_trans($1_t, tmp_t, $1_tmp_t)
 ')
 
@@ -1006,6 +1025,11 @@
 file_type_auto_trans($1_t, var_log_t, $1_log_t)
 ')
 
+define(`lock_domain', `
+type $1_lock_t, file_type, sysadmfile, lockfile;
+file_type_auto_trans($1_t, var_lock_t, $1_lock_t)
+')
+
 #######################
 # application_domain(domain_prefix)
 #
diff -ru /tmp/policy/macros/program/gpg_macros.te policy/macros/program/gpg_macros.te
--- /tmp/policy/macros/program/gpg_macros.te	2003-01-20 01:04:03.000000000 +0100
+++ policy/macros/program/gpg_macros.te	2003-03-05 21:03:46.000000000 +0100
@@ -65,9 +65,11 @@
 # so ~/.gnupg will be of $1_gpg_secret_t, then files created under it such as
 # secring.gpg will be of $1_gpg_secret_t too.  But when you use gpg to decrypt
 # a file and write output to your home directory it will use user_home_t.
-file_type_trans($1_gpg_t, $1_home_dir_t, $1_gpg_secret_t)
-type_transition $1_gpg_t $1_home_dir_t:dir $1_gpg_secret_t;
-rw_dir_create_file($1_gpg_t, $1_home_t)
+file_type_auto_trans($1_gpg_t, $1_home_dir_t, $1_gpg_secret_t, dir)
+rw_dir_create_file($1_gpg_t, $1_gpg_secret_t)
+
+file_type_auto_trans($1_gpg_t, $1_home_dir_t, $1_home_t, file)
+create_dir_file($1_gpg_t, $1_home_t)
 
 # allow the usual access to /tmp
 file_type_auto_trans($1_gpg_t, tmp_t, $1_tmp_t)
diff -ru /tmp/policy/macros/program/su_macros.te policy/macros/program/su_macros.te
--- /tmp/policy/macros/program/su_macros.te	2003-03-13 16:14:56.000000000 +0100
+++ policy/macros/program/su_macros.te	2003-03-10 19:19:31.000000000 +0100
@@ -43,8 +43,10 @@
 
 define(`su_domain', `
 su_mini_domain($1)
+ifdef(`chkpwd.te', `
 # Run chkpwd.
 can_exec($1_su_t, chkpwd_exec_t)
+')
 
 # Inherit and use descriptors from gnome-pty-helper.
 ifdef(`gnome-pty-helper.te', `
diff -ru /tmp/policy/macros/user_macros.te policy/macros/user_macros.te
--- /tmp/policy/macros/user_macros.te	2003-03-22 21:52:43.000000000 +0100
+++ policy/macros/user_macros.te	2003-03-22 22:43:57.000000000 +0100
@@ -200,6 +207,9 @@
 # do not audit getattr on tmpfile, otherwise ls -l /tmp fills the logs
 dontaudit $1_t tmpfile:dir_file_class_set getattr;
 
+# do not audit getattr on disk devices, otherwise KDE fills the logs
+dontaudit $1_t { removable_device_t fixed_disk_device_t }:blk_file getattr;
+
 ifdef(`xdm.te', `
 # Connect to the X server run by the X Display Manager.
 can_unix_connect($1_t, xdm_t)

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2002-11-04 12:41 Russell Coker
  0 siblings, 0 replies; 47+ messages in thread
From: Russell Coker @ 2002-11-04 12:41 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 956 bytes --]

I have attached two patches.  Games.diff addresses an unpublished security 
hole that will soon become public, and also a family of other similar 
problems.

The other patch has a bunch of things, a few things related to the 
initrc_devpts_t issue.  A change to the postfix policy which seems to be 
needed (for unknown reasons) on some systems (it's harmless enough that 
there's no reason not to include it in the main policy).  It also has a 
rewrite of xdm.te to use daemon_domain().  I've put in a change to courier.fc 
which allows you to press TAB in bash at the command line as a unpriv user 
without generating AVC messages...

There's a bunch of other things too which aren't very important.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[-- Attachment #2: games.diff --]
[-- Type: text/x-diff, Size: 1856 bytes --]

diff -ru /tmp/policy/domains/program/games.te policy/domains/program/games.te
--- /tmp/policy/domains/program/games.te	2002-10-01 18:40:37.000000000 +0200
+++ policy/domains/program/games.te	2002-11-04 02:25:59.000000000 +0100
@@ -3,8 +3,14 @@
 # Author:  Russell Coker <russell@coker.com.au>
 #
 
-# Type for the games that use X
-type games_exec_t, file_type, sysadmfile, exec_type;
+# type for shared data from games
+type games_data_t, file_type, sysadmfile;
+
+# domain games_t is for system operation of games, generic games daemons and
+# games recovery scripts, also defines games_exec_t
+daemon_domain(games)
+rw_dir_create_file(games_t, games_data_t)
+r_dir_file(initrc_t, games_data_t)
 
 # Everything else is in the x_client_domain macro in
 # macros/program/x_client_macros.te.
diff -ru /tmp/policy/file_contexts/program/games.fc policy/file_contexts/program/games.fc
--- /tmp/policy/file_contexts/program/games.fc	2002-10-01 18:40:37.000000000 +0200
+++ policy/file_contexts/program/games.fc	2002-11-04 02:26:15.000000000 +0100
@@ -1,2 +1,4 @@
 #  netscape/mozilla
 /usr/games/.*		system_u:object_r:games_exec_t
+/usr/lib/games/.* --	system_u:object_r:games_exec_t
+/var/games(/.*)?	system_u:object_r:games_data_t
diff -ru /tmp/policy/macros/user_macros.te policy/macros/user_macros.te
--- /tmp/policy/macros/user_macros.te	2002-10-28 22:56:04.000000000 +0100
+++ policy/macros/user_macros.te	2002-11-04 02:26:41.000000000 +0100
@@ -120,7 +120,10 @@
 ifdef(`chkpwd.te', `chkpwd_domain($1)')
 ifdef(`screen.te', `screen_domain($1)')
 ifdef(`netscape.te', `netscape_domain($1)')
-ifdef(`games.te', `x_client_domain($1, games)')
+ifdef(`games.te', `
+x_client_domain($1, games)
+rw_dir_create_file($1_games_t, games_data_t)
+')
 ifdef(`gpg.te', `gpg_domain($1)')
 ifdef(`xauth.te', `xauth_domain($1)')
 ifdef(`xserver.te', `xserver_domain($1)')

[-- Attachment #3: diff --]
[-- Type: text/x-diff, Size: 10823 bytes --]

Only in /tmp/policy/domains: admin
diff -ru /tmp/policy/domains/program/acct.te policy/domains/program/acct.te
--- /tmp/policy/domains/program/acct.te	2002-09-27 22:27:37.000000000 +0200
+++ policy/domains/program/acct.te	2002-11-02 13:15:30.000000000 +0100
@@ -12,6 +12,13 @@
 daemon_base_domain(acct)
 domain_auto_trans(system_crond_t, acct_exec_t, acct_t)
 
+# for monthly cron job
+file_type_auto_trans(acct_t, var_log_t, wtmp_t)
+
+ifdef(`logrotate.te', `
+allow acct_t logrotate_exec_t:file getattr;
+')
+
 type acct_data_t, file_type, sysadmfile;
 
 allow acct_t self:capability sys_pacct;
diff -ru /tmp/policy/domains/program/automount.te policy/domains/program/automount.te
--- /tmp/policy/domains/program/automount.te	2002-08-23 21:04:28.000000000 +0200
+++ policy/domains/program/automount.te	2002-11-02 13:15:30.000000000 +0100
@@ -23,6 +23,11 @@
 type automount_var_run_t, file_type, sysadmfile, pidfile;
 file_type_auto_trans(automount_t, var_run_t, automount_var_run_t)
 
+allow automount_t initrc_devpts_t:chr_file rw_file_perms;
+
+# for if the mount point is not labelled
+allow automount_t file_t:dir getattr;
+
 # Create temporary files.
 type automount_tmp_t, file_type, sysadmfile, tmpfile;
 file_type_auto_trans(automount_t, tmp_t, automount_tmp_t)
diff -ru /tmp/policy/domains/program/backup.te policy/domains/program/backup.te
--- /tmp/policy/domains/program/backup.te	2002-09-21 05:01:25.000000000 +0200
+++ policy/domains/program/backup.te	2002-11-01 15:30:00.000000000 +0100
@@ -29,7 +29,7 @@
 
 allow backup_t file_type:dir r_dir_perms;
 allow backup_t file_type:{ file lnk_file } r_file_perms;
-allow backup_t file_type:{ sock_file fifo_file } getattr;
+allow backup_t file_type:{ sock_file fifo_file chr_file blk_file } getattr;
 allow backup_t var_t:file create_file_perms;
 
 allow backup_t proc_t:dir r_dir_perms;
diff -ru /tmp/policy/domains/program/bootloader.te policy/domains/program/bootloader.te
--- /tmp/policy/domains/program/bootloader.te	2002-11-04 13:27:50.000000000 +0100
+++ policy/domains/program/bootloader.te	2002-10-30 22:25:50.000000000 +0100
@@ -20,7 +20,7 @@
 allow bootloader_t var_log_t:file write;
 
 domain_auto_trans(sysadm_t, bootloader_exec_t, bootloader_t)
-allow bootloader_t privfd:fd use;
+allow bootloader_t { initrc_t privfd }:fd use;
 
 file_type_auto_trans(bootloader_t, tmp_t, bootloader_tmp_t)
 allow bootloader_t bootloader_tmp_t:devfile_class_set create_file_perms;
@@ -78,7 +78,7 @@
 allow bootloader_t etc_runtime_t:file r_file_perms;
 
 allow bootloader_t devtty_t:chr_file rw_file_perms;
-allow bootloader_t admin_tty_type:chr_file rw_file_perms;
+allow bootloader_t { initrc_devpts_t admin_tty_type }:chr_file rw_file_perms;
 
 ifdef(`dpkg.te', `
 # for making an initrd
diff -ru /tmp/policy/domains/program/dpkg.te policy/domains/program/dpkg.te
--- /tmp/policy/domains/program/dpkg.te	2002-11-04 13:27:51.000000000 +0100
+++ policy/domains/program/dpkg.te	2002-11-02 23:26:16.000000000 +0100
@@ -32,6 +32,7 @@
 ifdef(`modutil.te', `
 domain_auto_trans(dpkg_t, update_modules_exec_t, update_modules_t)
 domain_auto_trans(dpkg_t, insmod_exec_t, insmod_t)
+domain_auto_trans(dpkg_t, depmod_exec_t, depmod_t)
 ')
 ifdef(`ipsec.te', `
 allow { ipsec_mgmt_t ipsec_t } dpkg_t:fd use;
@@ -123,10 +124,16 @@
 r_dir_file({ apt_t userdomain }, { var_lib_dpkg_t var_lib_apt_t var_cache_apt_t })
 ifdef(`crond.te', `
 r_dir_file(system_crond_t, var_lib_dpkg_t)
+allow system_crond_t etc_dpkg_t:file r_file_perms;
+
+# for Debian cron job
+allow system_crond_t shadow_t:file { read getattr };
+create_dir_file(system_crond_t, tetex_data_t)
+can_exec(dpkg_t, tetex_data_t)
 ')
 
 r_dir_file(install_menu_t, var_lib_dpkg_t)
-allow { apt_t install_menu_t userdomain system_crond_t } etc_dpkg_t:file r_file_perms;
+allow { apt_t install_menu_t userdomain } etc_dpkg_t:file r_file_perms;
 can_exec(sysadm_t, etc_dpkg_t)
 
 # Inherit and use descriptors from any domain.
@@ -168,7 +175,6 @@
 allow dpkg_t root_dir_type:dir getattr;
 
 allow dpkg_t security_t:security sid_to_context;
-domain_auto_trans(dpkg_t, depmod_exec_t, depmod_t)
 
 # change to the apt_t domain on exec from dpkg_t (dselect)
 domain_auto_trans(dpkg_t, apt_exec_t, apt_t)
@@ -254,13 +260,6 @@
 
 allow install_menu_t self:process { fork sigchld };
 
-# for Debian cron job
-ifdef(`crond.te', `
-allow system_crond_t shadow_t:file { read getattr };
-create_dir_file(system_crond_t, tetex_data_t)
-can_exec(dpkg_t, tetex_data_t)
-')
-
 role system_r types { dpkg_t apt_t install_menu_t };
 
 #################################
diff -ru /tmp/policy/domains/program/fcron.te policy/domains/program/fcron.te
--- /tmp/policy/domains/program/fcron.te	2002-10-01 19:28:43.000000000 +0200
+++ policy/domains/program/fcron.te	2002-11-02 23:45:13.000000000 +0100
@@ -39,7 +39,7 @@
 allow fcron_t system_crond_script_t:file create_file_perms;
 
 # Read /etc/security/cron_context
-allow fcron_t cron_context_t:file r_file_perms;
+allow fcron_t default_context_t:file r_file_perms;
 
 allow fcron_t etc_t:lnk_file read;
 allow fcron_t { etc_t resolv_conf_t }:file { read getattr };
diff -ru /tmp/policy/domains/program/postfix.te policy/domains/program/postfix.te
--- /tmp/policy/domains/program/postfix.te	2002-11-04 13:27:52.000000000 +0100
+++ policy/domains/program/postfix.te	2002-11-01 12:38:12.000000000 +0100
@@ -177,7 +177,7 @@
 postfix_user_domain(postqueue)
 allow postfix_postqueue_t postfix_public_t:dir search;
 allow postfix_postqueue_t postfix_public_t:fifo_file getattr;
-allow postfix_postqueue_t self:udp_socket create;
+allow postfix_postqueue_t self:udp_socket { create ioctl };
 allow postfix_master_t postfix_postqueue_exec_t:file getattr;
 
 # to write the mailq output, it really should not need read access!
@@ -193,6 +193,7 @@
 postfix_user_domain(showq)
 # the following auto_trans is usually in postfix server domain
 domain_auto_trans_read(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
+allow postfix_showq_t self:udp_socket { create ioctl };
 allow postfix_showq_t { postfix_spool_t }:dir r_dir_perms;
 r_dir_file(postfix_showq_t, postfix_spool_maildrop_t)
 domain_auto_trans_read(postfix_postqueue_t, postfix_showq_exec_t, postfix_showq_t)
diff -ru /tmp/policy/domains/program/postgresql.te policy/domains/program/postgresql.te
--- /tmp/policy/domains/program/postgresql.te	2002-10-28 22:55:56.000000000 +0100
+++ policy/domains/program/postgresql.te	2002-11-03 10:33:24.000000000 +0100
@@ -16,7 +16,10 @@
 domain_auto_trans(dpkg_t, postgresql_exec_t, postgresql_t)
 ')
 
-dontaudit postgresql_t { sysadm_home_dir_t var_spool_t }:dir search;
+dontaudit postgresql_t sysadm_home_dir_t:dir search;
+
+# for currect directory of scripts
+allow postgresql_t { var_spool_t cron_spool_t }:dir search;
 
 # capability kill is for shutdown script
 allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid };
diff -ru /tmp/policy/domains/program/xdm.te policy/domains/program/xdm.te
--- /tmp/policy/domains/program/xdm.te	2002-10-10 17:50:21.000000000 +0200
+++ policy/domains/program/xdm.te	2002-11-02 23:53:31.000000000 +0100
@@ -13,21 +13,13 @@
 # spawned by getty.
 # xdm_exec_t is the type of the [xgk]dm program
 #
-type xdm_t, domain, privuser, privrole, privlog, auth, privowner, privmem;
-role system_r types xdm_t;
-every_domain(xdm_t)
-type xdm_exec_t, file_type, sysadmfile, exec_type;
-type xdm_var_run_t, file_type, sysadmfile, pidfile;
-type xdm_tmp_t, file_type, sysadmfile, tmpfile;
+daemon_domain(xdm, `, privuser, privrole, auth, privowner, privmem')
+#every_domain(xdm_t)
+tmp_domain(xdm)
 type xsession_exec_t, file_type, sysadmfile, exec_type;
 
-# Run the X Display Manager in its own domain.
-domain_auto_trans({ init_t initrc_t }, xdm_exec_t, xdm_t)
-
 allow xdm_t default_context_t:file { read getattr };
 
-allow xdm_t init_t:fd use;
-
 # for reboot
 allow xdm_t initctl_t:fifo_file write;
 
@@ -43,8 +35,6 @@
 domain_trans(xdm_t, xsession_exec_t, unpriv_userdomain)
 
 # Label pid and temporary files with derived types.
-file_type_auto_trans(xdm_t, var_run_t, xdm_var_run_t)
-file_type_auto_trans(xdm_t, tmp_t, xdm_tmp_t)
 rw_dir_create_file(xdm_xserver_t, xdm_tmp_t)
 allow xdm_xserver_t xdm_tmp_t:sock_file create_file_perms;
 
Only in /tmp/policy/domains: system
Only in /tmp/policy/domains: user
diff -ru /tmp/policy/file_contexts/program/courier.fc policy/file_contexts/program/courier.fc
--- /tmp/policy/file_contexts/program/courier.fc	2002-07-12 17:19:44.000000000 +0200
+++ policy/file_contexts/program/courier.fc	2002-10-29 17:23:06.000000000 +0100
@@ -1,9 +1,9 @@
 # courier pop, imap, and webmail
-/usr/lib/courier(/.*)?		system_u:object_r:etc_courier_t
+/usr/lib/courier(/.*)?		system_u:object_r:bin_t
+/usr/lib/courier/rootcerts(/.*)? system_u:object_r:etc_courier_t
 /usr/lib/courier/authlib/.*	system_u:object_r:courier_authdaemon_exec_t
 /usr/lib/courier/courier/.*	system_u:object_r:courier_exec_t
 /usr/lib/courier/courier/courierpop.*	system_u:object_r:courier_pop_exec_t
-/usr/lib/courier/courier/courierpop3.*	system_u:object_r:courier_pop_exec_t
 /usr/lib/courier/courier/imaplogin	system_u:object_r:courier_pop_exec_t
 /usr/lib/courier/courier/pcpd	system_u:object_r:courier_pcp_exec_t
 /usr/lib/courier/imapd		system_u:object_r:courier_pop_exec_t
diff -ru /tmp/policy/file_contexts/program/fcron.fc policy/file_contexts/program/fcron.fc
--- /tmp/policy/file_contexts/program/fcron.fc	2002-09-21 05:01:29.000000000 +0200
+++ policy/file_contexts/program/fcron.fc	2002-11-02 23:47:22.000000000 +0100
@@ -3,3 +3,4 @@
 /var/spool/fcron		system_u:object_r:fcron_spool_t
 /var/spool/fcron/.*		<<none>>
 /var/spool/fcron/systab.orig	system_u:object_r:sysadm_cron_spool_t
+/var/run/fcron.fifo		system_u:object_r:var_run_fcron_t
diff -ru /tmp/policy/file_contexts/program/ipsec.fc policy/file_contexts/program/ipsec.fc
--- /tmp/policy/file_contexts/program/ipsec.fc	2002-09-21 05:01:29.000000000 +0200
+++ policy/file_contexts/program/ipsec.fc	2002-11-02 23:47:02.000000000 +0100
@@ -16,3 +16,4 @@
 /usr/sbin/ipsec			system_u:object_r:ipsec_mgmt_exec_t
 /usr/local/sbin/ipsec		system_u:object_r:ipsec_mgmt_exec_t
 /var/run/ipsec.info		system_u:object_r:ipsec_var_run_t
+/var/run/pluto.ctl		system_u:object_r:ipsec_var_run_t
diff -ru /tmp/policy/macros/program/netscape_macros.te policy/macros/program/netscape_macros.te
--- /tmp/policy/macros/program/netscape_macros.te	2002-10-01 19:28:53.000000000 +0200
+++ policy/macros/program/netscape_macros.te	2002-11-02 13:19:56.000000000 +0100
@@ -27,6 +27,9 @@
 allow httpd_t $1_netscape_t:tcp_socket { recvfrom acceptfrom };
 ')
 
+dontaudit $1_netscape_t $1_home_t:dir rw_dir_perms;
+dontaudit $1_netscape_t $1_home_t:file rw_file_perms;
+
 # Use printer
 ifdef(`lpr.te', `domain_auto_trans($1_netscape_t, lpr_exec_t, $1_lpr_t)')
 

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2002-09-09 22:59 Russell Coker
  2002-09-21  2:39 ` Stephen Smalley
  0 siblings, 1 reply; 47+ messages in thread
From: Russell Coker @ 2002-09-09 22:59 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 930 bytes --]

initrd.diff is part of the policy needed to get an initrd working properly, it 
doesn't have everything because it's difficult to separate it all.  But it's 
a good improvement and it has most of what you need.

misc.diff is many things that are patches for things that are in my area (IE 
dpkg.te), trivial, or patches for things that are not fully working anyway 
(postgresql and fcron) so which can't be broken.  Also it includes part of 
the policy for the chroot setup as described in my paper for Linux Kongress 
(again it's something that's not easy to split so I'll include the rest in 
another patch).

amanda.diff is a patch for amanda to properly support the types for home dirs 
with multiple user roles.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

[-- Attachment #2: amanda.diff --]
[-- Type: text/x-diff, Size: 800 bytes --]

--- /tmp/policy/domains/program/amanda.te	2002-09-09 19:54:10.000000000 +0200
+++ domains/program/amanda.te	2002-09-10 00:37:39.000000000 +0200
@@ -195,8 +195,8 @@
 ########################
 
 # access to user_home_t
-allow amanda_t { user_home_dir_t user_home_t }:dir { search getattr read };
-allow amanda_t user_home_t:file { getattr read };
+allow amanda_t { user_home_dir_type user_home_type }:dir { search getattr read };
+allow amanda_t user_home_type:file { getattr read };
 
 # access to file_t ( /floppy, /cdrom )
 allow amanda_t file_t:dir { getattr };
@@ -204,7 +204,6 @@
 ###########
 # Dontaudit
 ###########
-
 dontaudit amanda_t file_labels_t:dir { getattr read search };
 dontaudit amanda_t file_labels_t:file { getattr read };
 dontaudit amanda_t lost_found_t:dir { getattr read };

[-- Attachment #3: initrd.diff --]
[-- Type: text/x-diff, Size: 7812 bytes --]

diff -ruN /tmp/policy/Makefile policy/Makefile
--- /tmp/policy/Makefile	2002-09-10 00:01:30.000000000 +0200
+++ policy/Makefile	2002-08-31 17:33:36.000000000 +0200
@@ -23,7 +23,6 @@
 POLICYVER := policy.$(shell $(CHECKPOLICY) -V)
 INSTALLDIR = /etc/security/selinux
 LOADPATH = $(INSTALLDIR)/$(POLICYVER)
-INITRDLOADPATH = $(INSTALLDIR)/initrd-$(POLICYVER)
 SRCINSTALLDIR = $(INSTALLDIR)/src
 POLICYCONF = $(SRCINSTALLDIR)/policy.conf
 
@@ -35,71 +34,68 @@
 POLICYFILES += rbac users constraints
 POLICYFILES += initial_sid_contexts fs_use genfs_contexts net_contexts
 
-INITRDPOLICYFILES = $(subst all.te,initrd_all.te,$(POLICYFILES))
+INITRDPOLICYFILES = $(subst users, initrd-domains/users,$(subst all.te,initrd_all.te,$(POLICYFILES)))
 
 FC = file_contexts/file_contexts
 FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te))
 
-
-policy: $(POLICYVER)
-
-$(POLICYVER):  tmp policy.conf $(CHECKPOLICY)
-	$(CHECKPOLICY) -o $@ policy.conf
-
-tmp:
-	mkdir tmp
-
-initrd-$(POLICYVER):  tmp initrd-policy.conf $(CHECKPOLICY)
-	$(CHECKPOLICY) -o tmp/$@ initrd-policy.conf
-	gzip -c tmp/$@ > $@
-
-initrd-policy: initrd-$(POLICYVER)
-
 install: $(LOADPATH)
 
-install-initrd: $(INITRDLOADPATH)
+install-initrd: $(LOADPATH).initrd
 
 $(LOADPATH):  $(POLICYCONF) $(CHECKPOLICY)
 	mkdir -p $(INSTALLDIR)
-	$(CHECKPOLICY) -o $@ $(POLICYCONF)
+	$(CHECKPOLICY) -o tmp/pol $(POLICYCONF)
+	gzip -9 < tmp/pol > $@
+	rm tmp/pol
 # Note: Can't use install, so not sure how to deal with mode, user, and group
 #	other than by default.
 
-$(INITRDLOADPATH): initrd-$(POLICYVER)
+$(LOADPATH).initrd:  $(POLICYCONF).initrd $(CHECKPOLICY)
 	mkdir -p $(INSTALLDIR)
-	install -m 644 -o root -g root initrd-$(POLICYVER) $(INITRDLOADPATH)
+	$(CHECKPOLICY) -o tmp/pol.initrd $(POLICYCONF).initrd
+	gzip -9 < tmp/pol.initrd > $@
+	rm tmp/pol.initrd
+# Note: Can't use install, so not sure how to deal with mode, user, and group
+#	other than by default.
 
 $(POLICYCONF): policy.conf 
 	mkdir -p $(SRCINSTALLDIR)
 	install -m 644 -o root -g root policy.conf $@
 
+$(POLICYCONF).initrd: policy.conf.initrd
+	mkdir -p $(SRCINSTALLDIR)
+	install -m 644 -o root -g root policy.conf.initrd $@
+
 reload tmp/load: $(LOADPATH)
 	$(BINDIR)/load_policy $(LOADPATH)
 	touch tmp/load
 
 load: tmp/load
 
-policy.conf: tmp $(POLICYFILES) 
+policy.conf: $(POLICYFILES) 
+	mkdir -p tmp
 	m4 -Imacros -s $(POLICYFILES) > policy.conf
 
 install-src: 
 	mkdir -p $(SRCINSTALLDIR)/policy
 	cp -R . $(SRCINSTALLDIR)/policy
 
-initrd-policy.conf: $(INITRDPOLICYFILES) 
-	m4 -Imacros -s $(INITRDPOLICYFILES) > initrd-policy.conf
+policy.conf.initrd: $(INITRDPOLICYFILES) 
+	m4 -Imacros -s $(INITRDPOLICYFILES) > $@
 
 ALLTEFILES := attrib.te tmp/program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_domains.te assert.te 
 
 tmp/all.te: $(ALLTEFILES)
 	cat $^ > $@
 
-INITRDALLTEFILES = $(subst all_domains.te,all_initrd_domains.te,$(subst program_used_flags.te,initrd_program_used_flags.te,$(POLICYFILES)))
+INITRD_ALLTEFILES := attrib.te tmp/initrd_program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_initrd_domains.te assert.te 
 
-tmp/initrd_all.te: $(INITRDALLTEFILES)
+tmp/initrd_all.te: $(INITRD_ALLTEFILES)
 	cat $^ > $@
 
 tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program
+	mkdir -p tmp
 	( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@
 
 tmp/initrd_program_used_flags.te: $(wildcard initrd-domains/*.te) initrd-domains
@@ -130,8 +126,7 @@
 	cat $(FCFILES) > $@
 
 clean:
-	rm -f $(POLICYVER) policy.conf 
-	rm -f initrd-$(POLICYVER) initrd-policy.conf 
+	rm -f policy.conf policy.conf.initrd
 	rm -f tmp/*
 	rm -f $(FC)
  
diff -ruN /tmp/policy/assert.te policy/assert.te
--- /tmp/policy/assert.te	2002-08-23 21:04:27.000000000 +0200
+++ policy/assert.te	2002-08-29 00:32:49.000000000 +0200
@@ -70,7 +70,7 @@
 #
 neverallow ~{ initrc_t admin kernel_t insmod_t } sysctl_t:file { write append };
 neverallow ~{ initrc_t admin } sysctl_fs_t:file { write append };
-neverallow ~{ initrc_t admin kernel_t kmod_t insmod_t } sysctl_kernel_t:file { write append };
+neverallow ~{ init_t initrc_t admin kernel_t kmod_t insmod_t } sysctl_kernel_t:file { write append };
 neverallow ~{ initrc_t admin } sysctl_net_t:file { write append };
 neverallow ~{ initrc_t admin } sysctl_net_unix_t:file { write append };
 neverallow ~{ initrc_t admin } sysctl_vm_t:file { write append };
@@ -89,8 +89,8 @@
            ``neverallow $1_t ~$1_exec_t:file entrypoint; neverallow $1_t ~{ $1_exec_t ld_so_t }:file execute_no_trans;'',
            `assert_execute($1) assert_execute(shift($@))')')
 
-assert_execute(getty, klogd)
-
+ifdef(`getty.te', `assert_execute(getty)')
+assert_execute(klogd)
 ifdef(`atd.te', `assert_execute(atd)')
 ifdef(`tcpd.te', `assert_execute(tcpd)')
 ifdef(`portmap.te', `assert_execute(portmap)')
@@ -101,8 +101,10 @@
 ifdef(`xfs.te', `assert_execute(xfs)')
 ifdef(`gpm.te', `assert_execute(gpm)')
 
+ifdef(`login.te', `
 neverallow { local_login_t remote_login_t } ~login_exec_t:file entrypoint;
 neverallow { local_login_t remote_login_t } ~ld_so_t:file execute_no_trans;
+')
 
 #
 # Verify that the passwd domain can only be entered by its
diff -ruN /tmp/policy/domains/program/init.te policy/domains/program/init.te
--- /tmp/policy/domains/program/init.te	2002-09-09 19:54:11.000000000 +0200
+++ policy/domains/program/init.te	2002-09-10 00:10:38.000000000 +0200
@@ -36,6 +36,11 @@
 # Run init.
 can_exec(init_t, init_exec_t)
 
+# Run chroot from initrd scripts.
+ifdef(`chroot.te', `
+can_exec(init_t, chroot_exec_t)
+')
+
 # Create /dev/initctl.
 file_type_auto_trans(init_t, device_t, initctl_t)
 
@@ -88,3 +93,6 @@
 # reparented to init, so we need these type transition rules.
 # 
 # These rules have been moved to the individual target domain .te files.
+
+# for initrd pivot_root seems to access this
+dontaudit init_t file_labels_t:dir { search };
diff -ruN /tmp/policy/genfs_contexts policy/genfs_contexts
--- /tmp/policy/genfs_contexts	2002-09-09 19:54:04.000000000 +0200
+++ policy/genfs_contexts	2002-08-29 00:35:11.000000000 +0200
@@ -88,7 +88,9 @@
 genfscon devfs /ppp			system_u:object_r:ppp_device_t
 genfscon devfs /fb	-c		system_u:object_r:framebuf_device_t
 genfscon devfs /initctl		system_u:object_r:initctl_t
+ifdef(`syslog.te', `
 genfscon devfs /log			system_u:object_r:devlog_t
+')
 genfscon devfs /misc/psaux		system_u:object_r:mouse_device_t
 genfscon devfs /misc/nvram		system_u:object_r:memory_device_t
 genfscon devfs /input/mouse		system_u:object_r:mouse_device_t
@@ -111,4 +113,24 @@
 genfscon autofs /			system_u:object_r:autofs_t
 ')
 
-# FLASK
+# romfs
+genfscon romfs /			system_u:object_r:root_t
+genfscon romfs /bin			system_u:object_r:bin_t
+genfscon romfs /bin/mount		system_u:object_r:mount_exec_t
+genfscon romfs /bin/umount		system_u:object_r:mount_exec_t
+genfscon romfs /bin/ash			system_u:object_r:shell_exec_t
+genfscon romfs /etc			system_u:object_r:etc_t
+genfscon romfs /lib			system_u:object_r:lib_t
+genfscon romfs /lib/ld-linux.so.2	system_u:object_r:ld_so_t
+genfscon romfs /lib/libc.so.6		system_u:object_r:shlib_t
+genfscon romfs /lib/modules		system_u:object_r:modules_object_t
+genfscon romfs /linuxrc			system_u:object_r:init_exec_t
+genfscon romfs /linuxrc.conf		system_u:object_r:etc_t
+genfscon romfs /loadmodules		system_u:object_r:shell_exec_t
+genfscon romfs /sbin			system_u:object_r:sbin_t
+genfscon romfs /sbin/init		system_u:object_r:init_exec_t
+genfscon romfs /sbin/insmod		system_u:object_r:insmod_exec_t
+genfscon romfs /sbin/modprobe		system_u:object_r:insmod_exec_t
+genfscon romfs /scripts			system_u:object_r:sbin_t
+genfscon romfs /tmp			system_u:object_r:tmp_t
+genfscon romfs /usr			system_u:object_r:sbin_t

[-- Attachment #4: misc.diff --]
[-- Type: text/x-diff, Size: 35755 bytes --]

diff -ruN /tmp/policy/domains/admin.te policy/domains/admin.te
--- /tmp/policy/domains/admin.te	2002-09-09 19:54:07.000000000 +0200
+++ policy/domains/admin.te	2002-09-08 10:31:05.000000000 +0200
@@ -22,5 +22,6 @@
 auditallow admin kernel_t:system avc_toggle;
 
 
+define(`admin_tty_type', `{ sysadm_tty_device_t sysadm_devpts_t }')
 
 
diff -ruN /tmp/policy/domains/program/backup.te policy/domains/program/backup.te
--- /tmp/policy/domains/program/backup.te	2002-08-23 20:44:18.000000000 +0200
+++ policy/domains/program/backup.te	2002-08-31 15:38:47.000000000 +0200
@@ -16,10 +16,11 @@
 
 domain_auto_trans(sysadm_t, backup_exec_t, backup_t)
 allow backup_t privfd:fd use;
-ifdef(`crond.te',
-`domain_auto_trans(system_crond_t, backup_exec_t, backup_t)
+ifdef(`crond.te', `
+domain_auto_trans(system_crond_t, backup_exec_t, backup_t)
 rw_dir_create_file(system_crond_t, backup_store_t)
-allow backup_t crond_t:fifo_file { read write ioctl };')
+allow backup_t crond_t:fifo_file { read write ioctl };
+')
 
 can_network(backup_t)
 uses_shlib(backup_t)
@@ -37,11 +38,11 @@
 allow backup_t sysctl_kernel_t:file read;
 
 allow backup_t self:fifo_file rw_file_perms;
-allow backup_t self:process { sigchld fork };
+allow backup_t self:process { signal sigchld fork };
 allow backup_t self:capability { dac_override };
 
 rw_dir_file(backup_t, backup_store_t)
-allow backup_t backup_store_t:file create;
+allow backup_t backup_store_t:file { create setattr };
 
 allow backup_t fs_t:filesystem getattr;
 
diff -ruN /tmp/policy/domains/program/courier.te policy/domains/program/courier.te
--- /tmp/policy/domains/program/courier.te	2002-09-09 19:54:10.000000000 +0200
+++ policy/domains/program/courier.te	2002-09-03 02:23:42.000000000 +0200
@@ -113,7 +113,10 @@
 
 # for webmail
 courier_domain(sqwebmail)
-ifdef(`crond.te',
-`domain_auto_trans(system_crond_t, sqwebmail_cron_exec_t, courier_sqwebmail_t)
+ifdef(`crond.te', `
+domain_auto_trans(system_crond_t, sqwebmail_cron_exec_t, courier_sqwebmail_t)
 allow courier_sqwebmail_t crond_t:fd use;
-allow courier_sqwebmail_t crond_t:fifo_file rw_file_perms;')
+allow courier_sqwebmail_t crond_t:fifo_file rw_file_perms;
+')
+allow courier_sqwebmail_t { sysctl_t sysctl_kernel_t }:dir search;
+allow courier_sqwebmail_t sysctl_kernel_t:file { getattr read };
diff -ruN /tmp/policy/domains/program/crack.te policy/domains/program/crack.te
--- /tmp/policy/domains/program/crack.te	2002-08-23 20:44:18.000000000 +0200
+++ policy/domains/program/crack.te	2002-08-29 09:46:02.000000000 +0200
@@ -12,41 +12,26 @@
 domain_auto_trans(system_crond_t, crack_exec_t, crack_t)
 
 type crack_db_t, file_type, sysadmfile;
-
 rw_dir_create_file(crack_t, crack_db_t)
 
 allow crack_t crond_t:fd use;
 allow crack_t crond_t:fifo_file r_file_perms;
+allow crack_t device_t:dir search;
 allow crack_t devtty_t:chr_file rw_file_perms;
-# Use the network.
-#can_network(crack_t)
 allow crack_t self:fifo_file { read write getattr };
-#allow crack_t self:unix_stream_socket create_socket_perms;
-#allow crack_t self:unix_dgram_socket create_socket_perms;
 
 tmp_domain(crack)
 
 can_exec(crack_t, bin_t)
 allow crack_t { bin_t sbin_t }:dir search;
 
-# Use capabilities
-#allow crack_t self:capability { net_raw net_bind_service };
-
 allow crack_t self:process { fork signal_perms };
 
 allow crack_t proc_t:dir { read search };
 allow crack_t proc_t:file { read getattr };
 
-# Allow access to the crack databases
-#allow crack_t crack_db_t:file create_file_perms;
-#allow crack_t crack_db_t:dir create_dir_perms;
-#allow crack_t var_lib_t:dir r_dir_perms;
-
 # read config files
 allow crack_t { etc_t etc_runtime_t }:file { getattr read };
 allow crack_t etc_t:dir r_dir_perms;
 
-#allow crack_t sysctl_kernel_t:dir search;
-#allow crack_t sysctl_kernel_t:file read;
-
 dontaudit crack_t sysadm_home_dir_t:dir { getattr search };
diff -ruN /tmp/policy/domains/program/crond.te policy/domains/program/crond.te
--- /tmp/policy/domains/program/crond.te	2002-08-26 18:50:43.000000000 +0200
+++ policy/domains/program/crond.te	2002-09-03 02:24:32.000000000 +0200
@@ -144,6 +144,9 @@
 # permission check for this purpose.
 #
 allow system_crond_t system_crond_script_t:file entrypoint;
+ifdef(`fcron.te', `
+allow system_crond_t sysadm_cron_spool_t:file entrypoint;
+')
 
 # Run helper programs in the system_crond_t domain.
 can_exec_any(system_crond_t)
diff -ruN /tmp/policy/domains/program/dpkg.te policy/domains/program/dpkg.te
--- /tmp/policy/domains/program/dpkg.te	2002-09-09 19:54:11.000000000 +0200
+++ policy/domains/program/dpkg.te	2002-09-09 11:15:07.000000000 +0200
@@ -113,6 +113,7 @@
 
 r_dir_file(install_menu_t, var_lib_dpkg_t)
 allow { install_menu_t userdomain system_crond_t } etc_dpkg_t:file r_file_perms;
+can_exec(sysadm_t, etc_dpkg_t)
 
 # Inherit and use descriptors from any domain.
 allow { apt_t dpkg_t } privfd:fd use;
@@ -216,7 +217,7 @@
 allow install_menu_t self:process signal;
 allow install_menu_t proc_t:dir search;
 allow install_menu_t proc_t:file r_file_perms;
-can_exec(install_menu_t, { bin_t shell_exec_t install_menu_exec_t dpkg_exec_t install_menu_t })
+can_exec(install_menu_t, { bin_t sbin_t shell_exec_t install_menu_exec_t dpkg_exec_t install_menu_t })
 allow install_menu_t { bin_t sbin_t }:dir search;
 allow install_menu_t bin_t:lnk_file read;
 
@@ -242,11 +243,7 @@
 ifdef(`crond.te', `
 allow system_crond_t shadow_t:file { read getattr };
 create_dir_file(system_crond_t, tetex_data_t)
-')
-
-ifdef(`fcron.te', `
-domain_auto_trans(dpkg_t, crontab_exec_t, sysadm_crontab_t)
-role system_r types sysadm_crontab_t;
+can_exec(dpkg_t, tetex_data_t)
 ')
 
 role system_r types { dpkg_t apt_t install_menu_t };
diff -ruN /tmp/policy/domains/program/fcron.te policy/domains/program/fcron.te
--- /tmp/policy/domains/program/fcron.te	2002-08-23 20:44:18.000000000 +0200
+++ policy/domains/program/fcron.te	2002-09-09 11:15:31.000000000 +0200
@@ -6,7 +6,8 @@
 #
 # Author: Russell Coker <russell@coker.com.au>
 
-daemon_domain(fcron, `, privuser, privrole, privmail')
+# ideally we would not give it privowner!
+daemon_domain(fcron, `, privuser, privrole, privmail, privfd, privowner')
 
 general_domain_access(fcron_t)
 
@@ -17,10 +18,12 @@
 file_type_auto_trans(fcron_t, var_log_t, cron_log_t)
 
 ifdef(`mta.te', `
-allow system_mail_t fcron_spool_t:file read;
-dontaudit system_mail_t fcron_spool_t:file write;
+# not sure why we need write access, but Postfix does not work without it
+allow { system_mail_t mta_user_agent } fcron_spool_t:file { read write getattr };
 ')
 
+allow { user_crond_domain system_crond_t sysadm_crond_t } fcron_spool_t:dir getattr;
+
 # Use capabilities.
 allow fcron_t self:capability { dac_override dac_read_search setgid setuid net_bind_service };
 
@@ -33,13 +36,13 @@
 rw_dir_create_file(fcron_t, fcron_spool_t)
 
 # Read system crontabs
-r_dir_file(fcron_t, system_crond_script_t)
+allow fcron_t system_crond_script_t:file create_file_perms;
 
 # Read /etc/security/cron_context
 allow fcron_t cron_context_t:file r_file_perms;
 
 allow fcron_t etc_t:lnk_file read;
-allow fcron_t etc_t:file r_file_perms;
+allow fcron_t { etc_t resolv_conf_t }:file { read getattr };
 
 allow fcron_t { sysadm_home_dir_t user_home_dir_type }:dir search;
 
@@ -50,6 +53,12 @@
 domain_trans(fcron_t, shell_exec_t, system_crond_t)
 allow fcron_t shell_exec_t:file read;
 
+ifdef(`dpkg.te', `
+can_exec(dpkg_t, crontab_exec_t)
+file_type_auto_trans(dpkg_t, fcron_spool_t, sysadm_cron_spool_t)
+')
+allow sysadm_crontab_t system_crond_script_t:file { setattr rw_file_perms };
+
 # Modutils are now combined, so we can no longer distinguish them.
 # Let crond run the insmod executable in the insmod_t domain.
 ifdef(`modutil.te', `
diff -ruN /tmp/policy/domains/program/fingerd.te policy/domains/program/fingerd.te
--- /tmp/policy/domains/program/fingerd.te	2002-08-23 20:44:18.000000000 +0200
+++ policy/domains/program/fingerd.te	2002-09-07 23:03:06.000000000 +0200
@@ -38,6 +38,8 @@
 can_exec(fingerd_t, { shell_exec_t bin_t sbin_t })
 allow fingerd_t devtty_t:chr_file { read write };
 
+allow fingerd_t { ttyfile ptyfile }:chr_file getattr;
+
 # Use the network.
 can_network(fingerd_t)
 
diff -ruN /tmp/policy/domains/program/hotplug.te policy/domains/program/hotplug.te
--- /tmp/policy/domains/program/hotplug.te	2002-08-23 20:44:19.000000000 +0200
+++ policy/domains/program/hotplug.te	2002-09-08 11:06:35.000000000 +0200
@@ -32,6 +32,7 @@
 can_exec(hotplug_t, { bin_t sbin_t ls_exec_t shell_exec_t etc_hotplug_t etc_t })
 
 r_dir_file(hotplug_t, usbdevfs_t)
+allow hotplug_t usbdevfs_device_t:file getattr;
 
 allow hotplug_t fs_t:filesystem getattr;
 
diff -ruN /tmp/policy/domains/program/ircd.te policy/domains/program/ircd.te
--- /tmp/policy/domains/program/ircd.te	2002-08-23 20:44:19.000000000 +0200
+++ policy/domains/program/ircd.te	2002-08-29 00:33:54.000000000 +0200
@@ -18,6 +18,11 @@
 
 log_domain(ircd)
 
+type var_lib_ircd_t, sysadmfile, file_type;
+file_type_auto_trans(ircd_t, var_lib_t, var_lib_ircd_t)
+
+allow ircd_t sysadm_devpts_t:chr_file rw_file_perms;
+
 # Use the network.
 can_network(ircd_t)
 #allow ircd_t self:fifo_file { read write };
@@ -30,8 +35,6 @@
 
 allow ircd_t sbin_t:dir search;
 
-r_dir_file(ircd_t, var_lib_t)
-
 allow ircd_t proc_t:file { getattr read };
 
 # read config files
diff -ruN /tmp/policy/domains/program/kcheckpass.te policy/domains/program/kcheckpass.te
--- /tmp/policy/domains/program/kcheckpass.te	2002-08-26 18:50:43.000000000 +0200
+++ policy/domains/program/kcheckpass.te	2002-09-03 02:28:34.000000000 +0200
@@ -24,6 +24,8 @@
 
 allow kcheckpass_t self:process { fork sigchld };
 
+allow kcheckpass_t devtty_t:chr_file rw_file_perms;
+
 # read config files
 allow kcheckpass_t { etc_t resolv_conf_t }:file { read getattr };
 allow kcheckpass_t etc_t:lnk_file read;
diff -ruN /tmp/policy/domains/program/logrotate.te policy/domains/program/logrotate.te
--- /tmp/policy/domains/program/logrotate.te	2002-08-23 21:04:28.000000000 +0200
+++ policy/domains/program/logrotate.te	2002-08-31 17:58:11.000000000 +0200
@@ -39,6 +39,7 @@
 
 # Modify /var/log and other log dirs.
 allow logrotate_t logfile:dir rw_dir_perms;
+allow logrotate_t logfile:lnk_file read;
 
 # Create, rename, and truncate log files.
 allow logrotate_t logfile:file create_file_perms;
diff -ruN /tmp/policy/domains/program/mount.te policy/domains/program/mount.te
--- /tmp/policy/domains/program/mount.te	2002-09-09 19:54:12.000000000 +0200
+++ policy/domains/program/mount.te	2002-08-29 00:33:54.000000000 +0200
@@ -37,5 +37,6 @@
 ifdef(`devfsd.te', `
 allow mount_t device_t:filesystem unmount;
 ')
+allow mount_t root_t:filesystem unmount;
 
 
diff -ruN /tmp/policy/domains/program/mrtg.te policy/domains/program/mrtg.te
--- /tmp/policy/domains/program/mrtg.te	2002-09-09 19:54:12.000000000 +0200
+++ policy/domains/program/mrtg.te	2002-08-28 17:20:05.000000000 +0200
@@ -59,4 +59,5 @@
 dontaudit mrtg_t initrc_var_run_t:file { write lock };
 allow mrtg_t etc_runtime_t:file { getattr read };
 
-dontaudit mrtg_t sysadm_home_dir_t:dir { search read };
+# should not need this!
+allow mrtg_t sysadm_home_dir_t:dir { search read getattr };
diff -ruN /tmp/policy/domains/program/mta.te policy/domains/program/mta.te
--- /tmp/policy/domains/program/mta.te	2002-09-09 19:54:12.000000000 +0200
+++ policy/domains/program/mta.te	2002-08-24 21:36:08.000000000 +0200
@@ -37,5 +37,3 @@
 
 allow system_mail_t privmail:fd use;
 allow system_mail_t privmail:fifo_file rw_file_perms;
-allow system_mail_t mqueue_spool_t:dir rw_dir_perms;
-allow system_mail_t mqueue_spool_t:{ file lnk_file } create_file_perms;
diff -ruN /tmp/policy/domains/program/named.te policy/domains/program/named.te
--- /tmp/policy/domains/program/named.te	2002-08-23 20:44:19.000000000 +0200
+++ policy/domains/program/named.te	2002-09-08 10:30:40.000000000 +0200
@@ -16,6 +16,9 @@
 type ndc_t, domain, privlog;
 role sysadm_r types ndc_t;
 
+# named will not start without this!
+allow named_t admin_tty_type:chr_file { read write };
+
 can_exec(named_t, named_exec_t)
 allow named_t sbin_t:dir search;
 
diff -ruN /tmp/policy/domains/program/postfix.te policy/domains/program/postfix.te
--- /tmp/policy/domains/program/postfix.te	2002-08-26 18:50:43.000000000 +0200
+++ policy/domains/program/postfix.te	2002-09-09 11:15:55.000000000 +0200
@@ -48,6 +48,8 @@
 allow postfix_$1_t resolv_conf_t:file { read getattr };
 allow postfix_$1_t var_t:dir { search getattr };
 
+allow postfix_$1_t tmp_t:dir getattr;
+
 file_type_auto_trans(postfix_$1_t, var_run_t, postfix_var_run_t)
 
 ')dnl
@@ -86,6 +88,7 @@
 allow postfix_master_t privfd:fd use;
 allow postfix_master_t etc_aliases_t:file r_file_perms;
 create_dir_file(postfix_master_t, postfix_spool_flush_t)
+allow postfix_master_t { sysadm_tty_device_t sysadm_devpts_t }:chr_file { read write };
 
 # allow access to deferred queue
 allow postfix_master_t postfix_spool_t:dir create_dir_perms;
@@ -122,7 +125,6 @@
 allow postfix_smtpd_t { postfix_private_t postfix_public_t }:sock_file rw_file_perms;
 allow postfix_smtpd_t postfix_master_t:unix_stream_socket connectto;
 can_network(postfix_smtpd_t)
-allow postfix_smtpd_t tmp_t:dir getattr;
 
 allow { postfix_smtp_t postfix_smtpd_t } postfix_prng_t:file rw_file_perms;
 
@@ -137,7 +139,6 @@
 allow postfix_local_t postfix_spool_t:dir r_dir_perms;
 allow postfix_local_t postfix_spool_t:file rw_file_perms;
 # for .forward - maybe we need a new type for it?
-allow postfix_local_t tmp_t:dir getattr;
 allow postfix_local_t postfix_private_t:dir search;
 allow postfix_local_t postfix_private_t:sock_file rw_file_perms;
 allow postfix_local_t postfix_master_t:unix_stream_socket connectto;
@@ -155,7 +156,6 @@
 allow postfix_cleanup_t postfix_public_t:fifo_file rw_file_perms;
 allow postfix_cleanup_t postfix_private_t:dir search;
 allow postfix_cleanup_t postfix_private_t:sock_file rw_file_perms;
-allow postfix_cleanup_t tmp_t:dir getattr;
 allow postfix_cleanup_t postfix_master_t:unix_stream_socket connectto;
 can_network(postfix_cleanup_t)
 allow postfix_cleanup_t { postfix_spool_bounce_t }:dir r_dir_perms;
@@ -165,7 +165,7 @@
 allow user_mail_domain self:capability dac_override;
 
 define(`postfix_user_domain', `
-postfix_domain($1)
+postfix_domain($1, `$2')
 domain_auto_trans(user_mail_domain, postfix_$1_exec_t, postfix_$1_t)
 in_user_role(postfix_$1_t)
 role sysadm_r types postfix_$1_t;
@@ -202,7 +202,7 @@
 allow postfix_showq_t self:tcp_socket create_socket_perms;
 allow postfix_showq_t ptyfile:chr_file { read write };
 
-postfix_user_domain(postdrop)
+postfix_user_domain(postdrop, `, mta_user_agent')
 allow postfix_postdrop_t postfix_spool_maildrop_t:dir rw_dir_perms;
 allow postfix_postdrop_t postfix_spool_maildrop_t:file create_file_perms;
 allow postfix_postdrop_t user_mail_domain:unix_stream_socket rw_socket_perms;
diff -ruN /tmp/policy/domains/program/postgresql.te policy/domains/program/postgresql.te
--- /tmp/policy/domains/program/postgresql.te	2002-09-09 19:54:14.000000000 +0200
+++ policy/domains/program/postgresql.te	2002-08-28 18:21:05.000000000 +0200
@@ -15,6 +15,8 @@
 # gross hack
 domain_auto_trans(dpkg_t, postgresql_exec_t, postgresql_t)
 ')
+# a grosser hack
+allow postgresql_t etc_t:file setattr;
 
 dontaudit postgresql_t { sysadm_home_dir_t var_spool_t }:dir search;
 
@@ -22,7 +24,7 @@
 
 type etc_postgresql_t, file_type, sysadmfile;
 type postgresql_db_t, file_type, sysadmfile;
-type postgresql_log_t, file_type, sysadmfile;
+type postgresql_log_t, file_type, sysadmfile, logfile;
 
 file_type_auto_trans(postgresql_t, var_log_t, postgresql_log_t)
 
@@ -52,7 +54,7 @@
 
 # read config files
 allow postgresql_t { etc_t etc_runtime_t }:{ file lnk_file } { read getattr };
-r_dir_file(postgresql_t, etc_postgresql_t)
+r_dir_file({ initrc_t postgresql_t }, etc_postgresql_t)
 
 allow postgresql_t etc_t:dir rw_dir_perms;
 allow postgresql_t etc_t:lnk_file create;
@@ -68,7 +70,7 @@
 allow postgresql_t bin_t:lnk_file read;
 allow postgresql_t postgresql_exec_t:lnk_file read;
 
-allow postgresql_t initrc_var_run_t:file { read };
+allow postgresql_t initrc_var_run_t:file { read write lock };
 
 allow postgresql_t self:sem rw_sem_perms;
 
diff -ruN /tmp/policy/domains/program/pppd.te policy/domains/program/pppd.te
--- /tmp/policy/domains/program/pppd.te	2002-09-09 19:54:14.000000000 +0200
+++ policy/domains/program/pppd.te	2002-09-09 22:31:18.000000000 +0200
@@ -41,7 +41,7 @@
 allow postfix_postqueue_t pppd_t:process sigchld;')
 
 # allow running ip-up and ip-down scripts and running chat.
-can_exec(pppd_t, { shell_exec_t bin_t sbin_t etc_t })
+can_exec(pppd_t, { shell_exec_t bin_t sbin_t etc_t ifconfig_exec_t })
 allow pppd_t { bin_t sbin_t }:dir search;
 allow pppd_t bin_t:lnk_file read;
 
diff -ruN /tmp/policy/domains/program/snmpd.te policy/domains/program/snmpd.te
--- /tmp/policy/domains/program/snmpd.te	2002-08-26 18:50:43.000000000 +0200
+++ policy/domains/program/snmpd.te	2002-08-29 00:33:54.000000000 +0200
@@ -24,7 +24,7 @@
 allow snmpd_t etc_snmpd_t:file { getattr read };
 
 type var_lib_snmpd_t, file_type, sysadmfile;
-file_type_auto_trans(snmpd_t, var_lib_t, var_lib_snmpd_t)
+file_type_auto_trans(snmpd_t, { var_lib_t usr_t }, var_lib_snmpd_t)
 
 can_udp_send(sysadm_t, snmpd_t)
 can_udp_send(snmpd_t, sysadm_t)
@@ -40,5 +40,3 @@
 allow snmpd_t proc_t:file r_file_perms;
 allow snmpd_t fs_t:filesystem getattr;
 allow snmpd_t self:file { getattr read };
-
-allow snmpd_t var_lib_t:dir r_dir_perms;
diff -ruN /tmp/policy/domains/program/sxid.te policy/domains/program/sxid.te
--- /tmp/policy/domains/program/sxid.te	2002-08-23 20:44:20.000000000 +0200
+++ policy/domains/program/sxid.te	2002-09-08 11:03:31.000000000 +0200
@@ -38,6 +38,9 @@
 allow sxid_t self:unix_stream_socket create_socket_perms;
 
 allow sxid_t { proc_t self }:file { read getattr };
+ifdef(`mta.te', `
+allow system_mail_t sxid_t:file { read getattr };
+')
 allow sxid_t { sysctl_kernel_t sysctl_t }:dir search;
 allow sxid_t sysctl_kernel_t:file read;
 allow sxid_t devtty_t:chr_file rw_file_perms;
diff -ruN /tmp/policy/domains/program/sysstat.te policy/domains/program/sysstat.te
--- /tmp/policy/domains/program/sysstat.te	2002-09-09 19:54:15.000000000 +0200
+++ policy/domains/program/sysstat.te	2002-09-08 11:31:17.000000000 +0200
@@ -24,7 +24,9 @@
 
 allow sysstat_t devtty_t:chr_file rw_file_perms;
 # for mtab
-allow sysstat_t etc_runtime_t:file r_file_perms;
+allow sysstat_t etc_runtime_t:file { read getattr };
+# for fstab
+allow sysstat_t etc_t:file { read getattr };
 
 dontaudit sysstat_t sysadm_home_dir_t:dir r_dir_perms;
 
@@ -36,11 +38,9 @@
 allow sysstat_t var_log_t:dir r_dir_perms;
 allow sysstat_t var_log_sysstat_t:dir rw_dir_perms;
 allow sysstat_t var_log_sysstat_t:file create_file_perms;
-#allow domain var_log_sysstat_t:dir r_dir_perms;
-#allow domain var_log_sysstat_t:file r_file_perms;
 
 allow sysstat_t etc_t:dir r_dir_perms;
-allow sysstat_t etc_t:lnk_file r_file_perms;
+allow sysstat_t etc_t:lnk_file read;
 
 # Inherit and use descriptors from cron.
 allow sysstat_t crond_t:fd use;
@@ -50,16 +50,12 @@
 
 # get info from /proc
 allow sysstat_t { proc_t sysctl_kernel_t sysctl_t sysctl_fs_t }:dir r_dir_perms;
-allow sysstat_t { proc_t sysctl_kernel_t sysctl_t sysctl_fs_t }:file r_file_perms;
-
-# read config files
-#allow sysstat_t { etc_t etc_sysstat_t }:{ file lnk_file } r_file_perms;
+allow sysstat_t { proc_t sysctl_kernel_t sysctl_t sysctl_fs_t }:file { read getattr };
 
 domain_auto_trans({ system_crond_t initrc_t }, sysstat_exec_t, sysstat_t)
 allow sysstat_t init_t:fd use;
 allow sysstat_t console_device_t:chr_file { read write };
 
-#allow sysstat_t { root_t etc_t }:dir r_dir_perms;
 uses_shlib(sysstat_t)
 
 allow system_crond_t var_log_sysstat_t:dir { write remove_name };
diff -ruN /tmp/policy/domains/program/tftpd.te policy/domains/program/tftpd.te
--- /tmp/policy/domains/program/tftpd.te	2002-09-09 19:54:16.000000000 +0200
+++ policy/domains/program/tftpd.te	2002-08-29 00:33:54.000000000 +0200
@@ -18,6 +18,9 @@
 # Use the network.
 can_network(tftpd_t)
 allow tftpd_t tftp_port_t:udp_socket name_bind;
+ifdef(`inetd.te', `
+allow inetd_t tftp_port_t:udp_socket name_bind;
+')
 allow tftpd_t self:unix_dgram_socket create_socket_perms;
 allow tftpd_t self:unix_stream_socket create_stream_socket_perms;
 
diff -ruN /tmp/policy/domains/program/vmware.te policy/domains/program/vmware.te
--- /tmp/policy/domains/program/vmware.te	2002-08-23 21:04:28.000000000 +0200
+++ policy/domains/program/vmware.te	2002-09-04 13:28:48.000000000 +0200
@@ -83,8 +83,10 @@
 # Rules added to kmod_t domain for VMWare to start up
 #
 # VMWare need access to pcmcia devices for network
+ifdef(`cardmgr.te', `
 allow kmod_t cardmgr_var_lib_t:dir { getattr search };
 allow kmod_t cardmgr_var_lib_t:file { getattr ioctl read };
+')
 
 # Vmware create network devices
 allow kmod_t kmod_t:capability { net_admin };
diff -ruN /tmp/policy/domains/program/xdm.te policy/domains/program/xdm.te
--- /tmp/policy/domains/program/xdm.te	2002-09-09 19:54:16.000000000 +0200
+++ policy/domains/program/xdm.te	2002-08-31 17:49:18.000000000 +0200
@@ -131,7 +131,7 @@
 dontaudit xdm_t sysadm_tty_device_t:chr_file { read write };
 
 # Do not audit access to /root
-dontaudit xdm_t sysadm_home_t:dir search;
+dontaudit xdm_t sysadm_home_dir_t:dir search;
 
 # Do not audit user access to the X log files due to file handle inheritance
 dontaudit unpriv_userdomain xserver_var_log_t:file append;
diff -ruN /tmp/policy/file_contexts/program/fcron.fc policy/file_contexts/program/fcron.fc
--- /tmp/policy/file_contexts/program/fcron.fc	2002-08-23 20:44:20.000000000 +0200
+++ policy/file_contexts/program/fcron.fc	2002-09-03 02:28:59.000000000 +0200
@@ -2,4 +2,4 @@
 /usr/sbin/fcron			system_u:object_r:fcron_exec_t
 /var/spool/fcron		system_u:object_r:fcron_spool_t
 /var/spool/fcron/.*		<<none>>
-/var/spool/fcron/root.orig	system_u:object_r:sysadm_cron_spool_t
+/var/spool/fcron/systab.orig	system_u:object_r:sysadm_cron_spool_t
diff -ruN /tmp/policy/file_contexts/program/ipsec.fc policy/file_contexts/program/ipsec.fc
--- /tmp/policy/file_contexts/program/ipsec.fc	2002-08-23 21:04:28.000000000 +0200
+++ policy/file_contexts/program/ipsec.fc	2002-08-27 23:17:32.000000000 +0200
@@ -15,4 +15,4 @@
 /usr/local/lib/ipsec/spi	system_u:object_r:ipsec_exec_t
 /usr/sbin/ipsec			system_u:object_r:ipsec_mgmt_exec_t
 /usr/local/sbin/ipsec		system_u:object_r:ipsec_mgmt_exec_t
-/var/run/ipsec.info            system_u:object_r:ipsec_mgmt_var_run_t
+/var/run/ipsec.info		system_u:object_r:ipsec_var_run_t
diff -ruN /tmp/policy/file_contexts/program/ircd.fc policy/file_contexts/program/ircd.fc
--- /tmp/policy/file_contexts/program/ircd.fc	2002-08-23 20:44:20.000000000 +0200
+++ policy/file_contexts/program/ircd.fc	2002-08-29 00:34:21.000000000 +0200
@@ -2,3 +2,4 @@
 /usr/sbin/(dancer-)?ircd	system_u:object_r:ircd_exec_t
 /etc/(dancer-)?ircd(/.*)?	system_u:object_r:etc_ircd_t
 /var/log/(dancer-)?ircd(/.*)?	system_u:object_r:ircd_log_t
+/var/lib/dancer-ircd(/.*)?	system_u:object_r:var_lib_ircd_t
diff -ruN /tmp/policy/file_contexts/program/pppd.fc policy/file_contexts/program/pppd.fc
--- /tmp/policy/file_contexts/program/pppd.fc	2002-07-03 22:26:22.000000000 +0200
+++ policy/file_contexts/program/pppd.fc	2002-09-08 19:20:23.000000000 +0200
@@ -1,4 +1,8 @@
 # pppd
 /usr/sbin/pppd			system_u:object_r:pppd_exec_t
+/usr/sbin/ipppd			system_u:object_r:pppd_exec_t
 /dev/ppp			system_u:object_r:ppp_device_t
+/dev/ippp.*			system_u:object_r:ppp_device_t
 /var/run/pppd.tdb		system_u:object_r:var_run_pppd_t
+/etc/ppp/.*secrets		system_u:object_r:pppd_secret_t
+/var/run/ipppd.*pid		system_u:object_r:var_run_pppd_t
diff -ruN /tmp/policy/file_contexts/program/snmpd.fc policy/file_contexts/program/snmpd.fc
--- /tmp/policy/file_contexts/program/snmpd.fc	2002-08-26 18:50:44.000000000 +0200
+++ policy/file_contexts/program/snmpd.fc	2002-08-29 00:34:21.000000000 +0200
@@ -2,3 +2,4 @@
 /usr/sbin/snmp(trap)?d		system_u:object_r:snmpd_exec_t
 /var/lib/snmp(/.*)?		system_u:object_r:var_lib_snmpd_t
 /etc/snmp/snmp(trap)?d.conf	system_u:object_r:etc_snmpd_t
+/usr/share/snmp/mibs/.index	system_u:object_r:var_lib_snmpd_t
diff -ruN /tmp/policy/file_contexts/program/vmware.fc policy/file_contexts/program/vmware.fc
--- /tmp/policy/file_contexts/program/vmware.fc	2002-07-12 17:19:44.000000000 +0200
+++ policy/file_contexts/program/vmware.fc	2002-08-24 22:59:34.000000000 +0200
@@ -30,6 +30,7 @@
 /dev/vmnet7                     system_u:object_r:vmware_device_t
 /dev/vmnet8                     system_u:object_r:vmware_device_t
 /dev/vmnet9                     system_u:object_r:vmware_device_t
+/dev/plex86			system_u:object_r:vmware_device_t
 
 /etc/vmware.*(/.*)?             system_u:object_r:vmware_sys_conf_t
 /usr/lib/vmware/config          system_u:object_r:vmware_sys_conf_t
diff -ruN /tmp/policy/macros/admin_macros.te policy/macros/admin_macros.te
--- /tmp/policy/macros/admin_macros.te	2002-09-09 19:54:23.000000000 +0200
+++ policy/macros/admin_macros.te	2002-08-29 00:35:40.000000000 +0200
@@ -17,7 +17,11 @@
 # Inherit rules for ordinary users.
 user_domain($1)
 
+rw_dir_create_file($1_t, policy_config_t)
+
+ifdef(`crond.te', `
 allow $1_crond_t var_log_t:file r_file_perms;
+')
 
 # Allow system log read
 allow $1_t kernel_t:system syslog_read;
diff -ruN /tmp/policy/macros/global_macros.te policy/macros/global_macros.te
--- /tmp/policy/macros/global_macros.te	2002-09-09 19:54:23.000000000 +0200
+++ policy/macros/global_macros.te	2002-09-10 00:12:18.000000000 +0200
@@ -193,6 +193,11 @@
 allow $1 $2:{ file lnk_file } create_file_perms;
 ')
 
+define(`create_dir_notdevfile', `
+allow $1 $2:dir create_dir_perms;
+allow $1 $2:notdevfile_class_set create_file_perms;
+')
+
 define(`create_append_log_file', `
 allow $1 $2:dir { read getattr access search add_name write };
 allow $1 $2:file { create ioctl getattr access setattr append link };
@@ -736,7 +741,9 @@
 allow $1 boot_t:dir { search getattr };
 allow $1 boot_t:file getattr;
 allow $1 system_map_t:{ file lnk_file } r_file_perms;
+ifdef(`rpm.te', `
 allow $1 boot_runtime_t:{ file lnk_file } r_file_perms;
+')
 allow $1 boot_t:lnk_file read;
 
 # Read /etc.
@@ -1016,3 +1023,4 @@
 uses_shlib($1_t)
 allow $1_t etc_t:dir r_dir_perms;
 ')
+
diff -ruN /tmp/policy/macros/program/chroot_macros.te policy/macros/program/chroot_macros.te
--- /tmp/policy/macros/program/chroot_macros.te	1970-01-01 01:00:00.000000000 +0100
+++ policy/macros/program/chroot_macros.te	2002-09-10 00:11:51.000000000 +0200
@@ -0,0 +1,129 @@
+
+# macro for chroot environments
+# Author Russell Coker
+
+# chroot(initial_domain, basename, role, tty_device_type)
+define(`chroot', `
+
+ifelse(`$1', `initrc', `
+define(`chroot_role', `system_r')
+define(`chroot_tty_device', `{ sysadm_devpts_t sysadm_tty_device_t }')
+define(`chroot_mount_domain', `mount_t')
+', `
+define(`chroot_role', `$1_r')
+define(`chroot_tty_device', `{ $1_devpts_t $1_tty_device_t }')
+
+# allow mounting /proc and /dev
+ifdef(`$1_mount_def', `', `
+mount_domain($1, $1_mount)
+role chroot_role types $1_mount_t;
+')
+define(`chroot_mount_domain', `$1_mount_t')
+ifdef(`ssh.te', `
+can_tcp_connect($1_ssh_t, $2_t)
+')dnl end ssh
+')dnl end ifelse initrc
+
+# types for read-only and read-write files in the chroot
+type $2_ro_t, file_type, sysadmfile, home_type, user_home_type;
+type $2_rw_t, file_type, sysadmfile, home_type, user_home_type;
+# type like $2_ro_t but that triggers a transition from $2_super_t to $2_t
+# when you execute it
+type $2_dropdown_t, file_type, sysadmfile, home_type, user_home_type;
+
+allow chroot_mount_domain { $2_rw_t $2_ro_t }:dir { getattr search mounton };
+allow chroot_mount_domain { $2_rw_t $2_ro_t }:file { getattr mounton };
+
+# entry point for $2_super_t
+type $2_super_entry_t, file_type, sysadmfile, home_type, user_home_type;
+# $2_t is the base domain, has full access to $2_rw_t files
+type $2_t, domain, userdomain, unpriv_userdomain;
+# $2_super_t is the super-chroot domain, can also write to $2_ro_t
+# but still can not access outside the chroot
+type $2_super_t, domain, userdomain, unpriv_userdomain;
+allow $2_super_t chroot_tty_device:chr_file rw_file_perms;
+
+ifdef(`$1_chroot_def', `', `
+dnl can not have this defined twice
+define(`$1_chroot_def')
+
+allow chroot_mount_domain { proc_t device_t fs_t }:filesystem { mount unmount };
+
+# $1_chroot_t is the domain for /usr/sbin/chroot
+type $1_chroot_t, domain;
+
+# allow $1_chroot_t to write to the tty device
+allow $1_chroot_t chroot_tty_device:chr_file rw_file_perms;
+allow $1_chroot_t privfd:fd use;
+allow { $1_chroot_t $2_t $2_super_t } $1_t:fd use;
+
+role chroot_role types $1_chroot_t;
+uses_shlib($1_chroot_t)
+allow $1_chroot_t self:capability sys_chroot;
+allow $1_t $1_chroot_t:dir { search getattr read };
+allow $1_t $1_chroot_t:{ file lnk_file } { read getattr };
+domain_auto_trans($1_t, chroot_exec_t, $1_chroot_t)
+allow $1_chroot_t fs_t:filesystem getattr;
+')dnl End conditional
+
+role chroot_role types { $2_t $2_super_t };
+
+# allow ps to show processes and allow killing them
+allow $1_t { $2_super_t $2_t }:dir { search getattr read };
+allow $1_t { $2_super_t $2_t }:{ file lnk_file } { read getattr };
+allow $1_t { $2_super_t $2_t }:process signal_perms;
+allow $2_super_t $2_t:dir { search getattr read };
+allow $2_super_t $2_t:{ file lnk_file } { read getattr };
+allow { $1_t $2_super_t } $2_t:process { signal_perms ptrace };
+allow $1_t $2_super_t:process { signal_perms ptrace };
+allow sysadm_t { $2_super_t $2_t }:process { signal_perms ptrace };
+
+allow { $2_super_t $2_t } { fs_t device_t }:filesystem getattr;
+allow { $2_super_t $2_t } device_t:dir { search getattr };
+allow { $2_super_t $2_t } devtty_t:chr_file rw_file_perms;
+allow { $2_super_t $2_t } random_device_t:chr_file r_file_perms;
+allow { $2_super_t $2_t } self:capability { fowner chown fsetid setgid setuid net_bind_service sys_tty_config };
+allow $2_super_t self:capability sys_ptrace;
+
+can_tcp_connect($2_super_t, $2_t)
+allow { $2_super_t $2_t } $2_rw_t:sock_file create_file_perms;
+
+allow { $2_super_t $2_t } devpts_t:dir { getattr search read };
+
+# quiet ps and killall
+dontaudit { $2_super_t $2_t } domain:dir { search getattr };
+
+# allow $2_t to write to the owner tty device (should remove this)
+allow $2_t chroot_tty_device:chr_file { read write };
+
+r_dir_file($1_chroot_t, { $2_ro_t $2_rw_t $2_super_entry_t $2_dropdown_t })
+can_exec($2_t, { $2_ro_t $2_rw_t $2_super_entry_t $2_dropdown_t })
+can_exec($2_super_t, { $2_ro_t $2_super_entry_t })
+create_dir_notdevfile($2_super_t, { $2_ro_t $2_rw_t $2_super_entry_t $2_dropdown_t })
+# $2_super_t transitions to $2_t when it executes
+# any file that $2_t can write
+domain_auto_trans($2_super_t, { $2_rw_t $2_dropdown_t }, $2_t)
+allow $1_chroot_t { $2_ro_t $2_rw_t }:lnk_file read;
+r_dir_file($2_t, { $2_ro_t $2_super_entry_t $2_dropdown_t })
+create_dir_notdevfile($2_t, $2_rw_t)
+allow $2_t $2_rw_t:fifo_file create_file_perms;
+allow $2_t $2_ro_t:fifo_file rw_file_perms;
+allow { $1_t $2_super_t } { $2_rw_t $2_ro_t }:fifo_file create_file_perms;
+create_dir_notdevfile($1_t, { $2_ro_t $2_rw_t $2_super_entry_t $2_dropdown_t })
+can_exec($1_t, { $2_ro_t $2_dropdown_t })
+domain_auto_trans($1_chroot_t, { $2_ro_t $2_rw_t $2_dropdown_t }, $2_t)
+domain_auto_trans_read($1_chroot_t, $2_super_entry_t, $2_super_t)
+allow { $1_t $2_super_t } { $2_ro_t $2_rw_t $2_super_entry_t $2_dropdown_t }:{ dir notdevfile_class_set } { relabelfrom relabelto };
+general_proc_read_access({ $2_t $2_super_t })
+general_domain_access({ $2_t $2_super_t })
+can_create_pty($2)
+can_create_pty($2_super)
+can_network({ $2_t $2_super_t })
+allow { $2_t $2_super_t } null_device_t:chr_file rw_file_perms;
+allow $2_super_t { $2_rw_t $2_ro_t }:{ dir file } mounton;
+allow { $2_t $2_super_t } self:capability { dac_override kill };
+
+undefine(`chroot_role')
+undefine(`chroot_tty_device')
+undefine(`chroot_mount_domain')
+')
diff -ruN /tmp/policy/macros/program/crontab_macros.te policy/macros/program/crontab_macros.te
--- /tmp/policy/macros/program/crontab_macros.te	2002-09-09 19:54:24.000000000 +0200
+++ policy/macros/program/crontab_macros.te	2002-09-09 11:16:26.000000000 +0200
@@ -31,7 +31,7 @@
 every_domain($1_crontab_t)
 
 # Use capabilities
-allow $1_crontab_t $1_crontab_t:capability { setuid chown dac_override net_bind_service };
+allow $1_crontab_t $1_crontab_t:capability { setuid setgid chown dac_override net_bind_service };
 
 # Type for temporary files.
 type $1_crontab_tmp_t, file_type, sysadmfile, tmpfile;
@@ -45,7 +45,14 @@
 ifdef(`fcron.te', `
 file_type_auto_trans($1_crontab_t, fcron_spool_t, $1_cron_spool_t)
 allow fcron_t $1_cron_spool_t:file create_file_perms;
-')
+# fcron wants an instant update of a crontab change for the administrator
+ifelse(`$1', `sysadm', `
+allow $1_crontab_t fcron_t:process signal;
+', `
+dontaudit $1_crontab_t fcron_t:process signal;
+')dnl end ifelse
+')dnl end ifdef fcron
+
 # crontab signals crond by updating the mtime on the spooldir
 allow $1_crontab_t cron_spool_t:dir setattr;
 # Allow crond to read those crontabs in cron spool.
diff -ruN /tmp/policy/macros/program/mount_macros.te policy/macros/program/mount_macros.te
--- /tmp/policy/macros/program/mount_macros.te	2002-08-23 20:44:20.000000000 +0200
+++ policy/macros/program/mount_macros.te	2002-08-29 00:35:52.000000000 +0200
@@ -36,7 +36,7 @@
 file_type_auto_trans($2_t, etc_t, etc_runtime_t)
 
 # Access the terminal.
-allow $2_t $1_tty_device_t:chr_file { getattr read write };
+allow $2_t $1_tty_device_t:chr_file { getattr read write ioctl };
 allow $2_t $1_devpts_t:chr_file { getattr read write };
 ifdef(`gnome-pty-helper.te', `allow $2_t $1_gph_t:fd use;')
 ')
diff -ruN /tmp/policy/macros/program/xserver_macros.te policy/macros/program/xserver_macros.te
--- /tmp/policy/macros/program/xserver_macros.te	2002-09-09 19:54:24.000000000 +0200
+++ policy/macros/program/xserver_macros.te	2002-08-31 17:50:44.000000000 +0200
@@ -20,8 +20,8 @@
 # FIXME!  The X server requires far too many privileges.
 #
 undefine(`xserver_domain')
-ifdef(`xserver.te',
-`
+ifdef(`xserver.te', `
+
 define(`xserver_domain',`
 # Derived domain based on the calling user domain and the program.
 type $1_xserver_t, domain, privlog, privmem;
@@ -106,8 +106,11 @@
 
 # Communicate via System V shared memory.
 allow $1_xserver_t $1_t:shm rw_shm_perms;
-ifelse($1, xdm, , `
-allow $1_xserver_t $1_tmpfs_t:file rw_file_perms;')
+allow $1_t $1_xserver_t:shm rw_shm_perms;
+ifelse($1, xdm, `', `
+allow $1_xserver_t $1_tmpfs_t:file rw_file_perms;
+allow $1_t $1_xserver_tmpfs_t:file rw_file_perms;
+')
 
 # David Wheeler says he needs the following permission
 # for his X server.  Something is wrong here - the shared
@@ -128,7 +131,7 @@
 dontaudit xdm_xserver_t sysadm_home_dir_t:dir { read search };
 ', `
 # Access the home directory.
-allow $1_xserver_t $1_home_dir_t:dir { read search };
+allow $1_xserver_t $1_home_dir_t:dir { getattr read search };
 allow $1_xserver_t $1_home_t:dir r_dir_perms;
 allow $1_xserver_t $1_home_t:file r_file_perms;')
 
diff -ruN /tmp/policy/macros/user_macros.te policy/macros/user_macros.te
--- /tmp/policy/macros/user_macros.te	2002-09-09 19:54:23.000000000 +0200
+++ policy/macros/user_macros.te	2002-08-31 17:51:17.000000000 +0200
@@ -210,9 +210,11 @@
 allow $1_t xdm_xserver_tmp_t:sock_file { read write };
 allow $1_t xdm_xserver_tmp_t:dir search;
 
+ifelse(`$1', sysadm, `', `
 # gross hack - should not need this
 file_type_auto_trans(xdm_t, $1_home_dir_t, $1_home_t, file)
-')
+')dnl end ifelse sysadm
+')dnl end ifdef xdm.te
 
 # Access the sound device.
 allow $1_t sound_device_t:chr_file { getattr read write ioctl };

^ permalink raw reply	[flat|nested] 47+ messages in thread
* policy patches
@ 2002-08-09 15:30 Russell Coker
  0 siblings, 0 replies; 47+ messages in thread
From: Russell Coker @ 2002-08-09 15:30 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 850 bytes --]

I have attached the most important parts of the diff file between the last 
release SE Linux policy and my policy tree.

I have not included work in progress such as my chroot policy, the patches 
for better handling of "sendmail -t", user_home_dir_t, and other things I 
regard as experimental.  I have left them in the attrib.te file because it 
doesn't do any harm to commit a patch to add an attribute before anything 
uses it.

I've included some new policy files such as tmpreaper and mysqld, but left 
others out (postgresql and Brian's anti-virus policy).

I think that most (if not all) of this patch is suitable for inclusion.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

[-- Attachment #2: selinux-small_2002070313-7.diff.gz --]
[-- Type: application/x-gzip, Size: 26604 bytes --]

^ permalink raw reply	[flat|nested] 47+ messages in thread
end of thread, other threads:[~2005-09-19  5:17 UTC | newest]

Thread overview: 47+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-29 13:54 policy patches Russell Coker
2004-09-29 17:45 ` Thomas Bleher
2004-09-29 20:20   ` Russell Coker
2004-10-01 16:42     ` James Carter
2004-10-01 17:44       ` Russell Coker
2004-10-01 20:45         ` Daniel J Walsh
2004-10-02  0:42           ` Russell Coker
2004-10-02 10:16             ` Daniel J Walsh
2004-10-02 20:14               ` Russell Coker
2004-10-06 15:28                 ` Daniel J Walsh
2004-10-10 17:37                   ` Russell Coker
2004-10-02  0:43           ` Russell Coker
2004-10-02 10:18             ` Daniel J Walsh
2004-10-02 20:15               ` Russell Coker
2004-10-04 20:12         ` James Carter
2004-10-05 15:41           ` Daniel J Walsh
2004-10-05 17:35             ` James Carter
     [not found]               ` <4162DEC3.4050306@redhat.com>
2004-10-05 18:22                 ` James Carter
2004-10-05 19:06             ` James Carter
2004-10-06 10:10               ` Luke Kenneth Casson Leighton
2004-10-06 11:40                 ` Erich Schubert
2004-10-06 12:32                 ` James Carter
2004-10-06 13:13                 ` Daniel J Walsh
2004-10-06 13:50                   ` Luke Kenneth Casson Leighton
  -- strict thread matches above, loose matches on Subject: below --
2005-09-19  5:13 Russell Coker
2005-01-02 12:03 Russell Coker
2005-01-04 19:33 ` James Carter
2005-01-05 16:45 ` James Carter
2004-09-16 11:51 hald fix Russell Coker
2004-09-16 14:52 ` James Carter
2004-09-16 21:23   ` Policy patches Daniel J Walsh
2004-09-17 12:07     ` Russell Coker
2004-09-20 20:03       ` James Carter
2004-09-17 20:56     ` James Carter
2004-09-20 12:35       ` Daniel J Walsh
2004-09-21 20:55         ` Daniel J Walsh
2004-09-22 20:21           ` James Carter
2004-08-19 12:57 policy patches Russell Coker
2004-08-20 19:07 ` Stephen Smalley
2003-04-26  7:30 Russell Coker
2003-03-27 18:25 Kelly_Djahandari
2003-03-26 17:47 Kelly_Djahandari
2003-03-22 22:53 Russell Coker
2003-03-22 22:14 Russell Coker
2003-03-24 17:13 ` Wayne Salamon
2002-11-04 12:41 Russell Coker
2002-09-09 22:59 Russell Coker
2002-09-21  2:39 ` Stephen Smalley
2002-08-09 15:30 Russell Coker

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.