Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1459439 Details for
Bug 1601958
seinfo cannot resolve dccp portcons
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
example policy.conf file
policy.conf.from.secilc (text/plain), 4.02 KB, created by
Milos Malik
on 2018-07-17 14:44:09 UTC
(
hide
)
Description:
example policy.conf file
Filename:
MIME Type:
Creator:
Milos Malik
Created:
2018-07-17 14:44:09 UTC
Size:
4.02 KB
patch
obsolete
>class file >class process >class char > >sid kernel >sid security >sid unlabeled > >common file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton } > >class file inherits file { execute_no_trans entrypoint execmod open audit_access } >class char inherits file { foo transition } >class process { open } > >sensitivity s0 alias sens0; >sensitivity s1; > >dominance { s0 s1 } > >category c0 alias cat0; >category c1; >category c2; > >level s0:c0.c2; >level s1:c0.c2; > >mlsconstrain file { open } (not (((l1 eq l2) and (u1 eq u2)) or (r1 eq r2))); >mlsconstrain file { open } (((l1 eq l2) and (u1 eq u2)) or (r1 != r2)); >mlsconstrain file { open } (l1 dom h2); >mlsconstrain file { open } (h1 domby l2); >mlsconstrain file { open } (l1 incomp l2); > >mlsvalidatetrans file (h1 domby l2); > >attribute foo_type; >attribute bar_type; >attribute baz_type; >attribute exec_type; > >type bin_t, bar_type, exec_type; >type kernel_t, foo_type, exec_type, baz_type; >type security_t, baz_type; >type unlabeled_t, baz_type; > >type exec_t, baz_type; >type console_t, baz_type; >type auditadm_t, baz_type; >type console_device_t, baz_type; >type user_tty_device_t, baz_type; >type device_t, baz_type; >type getty_t, baz_type; >type a_t, baz_type; >type b_t, baz_type; > >typealias bin_t alias sbin_t; > >bool secure_mode false; >bool console_login true; >bool b1 false; > >role system_r; >role user_r; >role system_r types bin_t; >role system_r types kernel_t; >role system_r types security_t; >role system_r types unlabeled_t; > >permissive device_t; > >range_transition device_t console_t : file s0:c0 - s1:c0.c1; > >type_transition device_t console_t : file console_device_t; >type_member device_t bin_t : file exec_t; > >if console_login{ > type_change auditadm_t console_device_t : file user_tty_device_t; >} > >role_transition system_r bin_t user_r; > >auditallow device_t auditadm_t: file { open }; >dontaudit device_t auditadm_t: file { read }; > >allow system_r user_r; > >allow console_t console_device_t: char { write setattr }; >allow console_t console_device_t: file { open read getattr }; >allow foo_type self: file { execute }; >allow bin_t device_t: file { execute }; >allow bin_t exec_t: file { execute }; >allow bin_t bin_t: file { execute }; >allow a_t b_t : file { write }; >allow console_t console_device_t: file { read write getattr setattr lock append }; >allow kernel_t kernel_t : file { execute }; > >if b1 { > allow a_t b_t : file { read }; >} > >if secure_mode{ > auditallow device_t exec_t: file { read write }; >} > >if console_login{ > allow getty_t console_device_t: file { getattr open read write append }; >} >else { > dontaudit getty_t console_device_t: file { getattr open read write append }; >} > >if (not ((secure_mode eq console_login) xor ((secure_mode or console_login) and secure_mode))){ > allow bin_t exec_t: file { execute }; >} > >user system_u roles system_r level s0:c0 range s0:c0 - s1:c0,c1; >user user_u roles user_r level s0:c0 range s0:c0 - s0:c0; > >validatetrans file (t1 == exec_t); > >constrain char transition (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2))); >constrain file { open } (r1 dom r2); >constrain file { open } (r1 domby r2); >constrain file { open } (r1 incomp r2); >constrain file { open read getattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2))); >constrain char { write setattr } (not (((t1 eq exec_t) and (t2 eq bin_t)) or (r1 eq r2))); > > >sid kernel system_u:system_r:kernel_t:s0:c0 - s1:c0,c1 >sid security system_u:system_r:security_t:s0:c0 - s1:c0,c1 >sid unlabeled system_u:system_r:unlabeled_t:s0:c0 - s1:c0,c1 > >fs_use_xattr ext3 system_u:system_r:bin_t:s0:c0 - s1:c0,c1; > >genfscon proc /usr/bin system_u:system_r:bin_t:s0:c0 - s1:c0,c1 > >portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 >portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 >portcon dccp 1025 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 > >netifcon eth0 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 > >nodecon 192.25.35.200 192.168.1.1 system_u:system_r:bin_t:s0:c0 - s1:c0,c1 >nodecon 2001:db8:ac10:fe01:: 2001:de0:da88:2222:: system_u:system_r:bin_t:s0:c0 - s1:c0,c1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1459439">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1601958
: 1459439 |
1469968