diff options
| author | Chris PeBenito <cpebenito@tresys.com> | 2007-10-02 16:04:50 +0000 |
|---|---|---|
| committer | Chris PeBenito <cpebenito@tresys.com> | 2007-10-02 16:04:50 +0000 |
| commit | 350b6ab767016fbee12e7133fcca2f8f1a1abdcf (patch) | |
| tree | 5f6c9069963ad41edf97de472a2d36b0d01707de /config/appconfig-mls | |
| parent | cb811cda3b0de9dee36ece596cddbcd762f639bd (diff) | |
trunk: merge strict and targeted policies. merge shlib_t into lib_t.
Diffstat (limited to 'config/appconfig-mls')
| -rw-r--r-- | config/appconfig-mls/dbus_contexts | 6 | ||||
| -rw-r--r-- | config/appconfig-mls/default_contexts | 15 | ||||
| -rw-r--r-- | config/appconfig-mls/default_type | 6 | ||||
| -rw-r--r-- | config/appconfig-mls/failsafe_context | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/initrc_context | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/media | 3 | ||||
| -rw-r--r-- | config/appconfig-mls/removable_context | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/root_default_contexts | 11 | ||||
| -rw-r--r-- | config/appconfig-mls/seusers | 3 | ||||
| -rw-r--r-- | config/appconfig-mls/userhelper_context | 1 |
10 files changed, 48 insertions, 0 deletions
diff --git a/config/appconfig-mls/dbus_contexts b/config/appconfig-mls/dbus_contexts new file mode 100644 index 00000000..116e684f --- /dev/null +++ b/config/appconfig-mls/dbus_contexts @@ -0,0 +1,6 @@ +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <selinux> + </selinux> +</busconfig> diff --git a/config/appconfig-mls/default_contexts b/config/appconfig-mls/default_contexts new file mode 100644 index 00000000..c2b7a80d --- /dev/null +++ b/config/appconfig-mls/default_contexts @@ -0,0 +1,15 @@ +system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0 +system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 +system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0 +system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 +system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0 +system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 + +staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 +staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 + +sysadm_r:sysadm_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 +sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0 + +user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 +user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-mls/default_type b/config/appconfig-mls/default_type new file mode 100644 index 00000000..33528d61 --- /dev/null +++ b/config/appconfig-mls/default_type @@ -0,0 +1,6 @@ +auditadm_r:auditadm_t +secadm_r:secadm_t +sysadm_r:sysadm_t +staff_r:staff_t +unconfined_r:unconfined_t +user_r:user_t diff --git a/config/appconfig-mls/failsafe_context b/config/appconfig-mls/failsafe_context new file mode 100644 index 00000000..999abd9a --- /dev/null +++ b/config/appconfig-mls/failsafe_context @@ -0,0 +1 @@ +sysadm_r:sysadm_t:s0 diff --git a/config/appconfig-mls/initrc_context b/config/appconfig-mls/initrc_context new file mode 100644 index 00000000..4598f92e --- /dev/null +++ b/config/appconfig-mls/initrc_context @@ -0,0 +1 @@ +system_u:system_r:initrc_t:s0-mls_systemhigh diff --git a/config/appconfig-mls/media b/config/appconfig-mls/media new file mode 100644 index 00000000..81f3463e --- /dev/null +++ b/config/appconfig-mls/media @@ -0,0 +1,3 @@ +cdrom system_u:object_r:removable_device_t:s0 +floppy system_u:object_r:removable_device_t:s0 +disk system_u:object_r:fixed_disk_device_t:s0 diff --git a/config/appconfig-mls/removable_context b/config/appconfig-mls/removable_context new file mode 100644 index 00000000..7fcc56e4 --- /dev/null +++ b/config/appconfig-mls/removable_context @@ -0,0 +1 @@ +system_u:object_r:removable_t:s0 diff --git a/config/appconfig-mls/root_default_contexts b/config/appconfig-mls/root_default_contexts new file mode 100644 index 00000000..7f4a1254 --- /dev/null +++ b/config/appconfig-mls/root_default_contexts @@ -0,0 +1,11 @@ +system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0 +system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 + +staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 +sysadm_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 +user_r:user_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 + +# +# Uncomment if you want to automatically login as sysadm_r +# +#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-mls/seusers b/config/appconfig-mls/seusers new file mode 100644 index 00000000..dc156bfa --- /dev/null +++ b/config/appconfig-mls/seusers @@ -0,0 +1,3 @@ +system_u:system_u:s0-mls_systemhigh +root:root:s0-mls_systemhigh +__default__:user_u:s0 diff --git a/config/appconfig-mls/userhelper_context b/config/appconfig-mls/userhelper_context new file mode 100644 index 00000000..dc37a69b --- /dev/null +++ b/config/appconfig-mls/userhelper_context @@ -0,0 +1 @@ +system_u:sysadm_r:sysadm_t:s0 |