Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 890493 Details for
Bug 1091647
After an update of selinux-policy, local modules seem to be disabled.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
local3
local3.te (text/plain), 3.63 KB, created by
Bruno Wolff III
on 2014-04-28 13:39:37 UTC
(
hide
)
Description:
local3
Filename:
MIME Type:
Creator:
Bruno Wolff III
Created:
2014-04-28 13:39:37 UTC
Size:
3.63 KB
patch
obsolete
> >module local3 1.0; > >require { > type httpd_sys_script_exec_t; > type qmail_inject_exec_t; > type postgresql_t; > type user_home_t; > type dns_port_t; > type initrc_t; > type systemd_passwd_agent_t; > type setroubleshootd_t; > type systemd_tmpfiles_t; > type qmail_queue_t; > type httpd_user_content_t; > type httpd_sys_content_t; > type logwatch_t; > type qmail_remote_t; > type qmail_lspawn_t; > type qmail_local_t; > type postgresql_var_run_t; > type qmail_send_t; > type qmail_start_t; > type qmail_inject_t; > type urandom_device_t; > type qmail_clean_t; > type ldconfig_exec_t; > type qmail_spool_t; > type tmp_t; > type qmail_alias_home_t; > type var_t; > type httpd_t; > class fifo_file { read write open }; > class process { sigchld setpgid }; > class unix_stream_socket connectto; > class chr_file { read open }; > class capability { setuid dac_read_search net_admin dac_override }; > class tcp_socket name_connect; > class file { rename read lock execute_no_trans ioctl unlink open append execute create write getattr }; > class sock_file write; > class lnk_file read; > class dir { search read write getattr remove_name open add_name }; >} > >#============= httpd_t ============== >allow httpd_t qmail_alias_home_t:dir search; > >#============= logwatch_t ============== >allow logwatch_t ldconfig_exec_t:file { read execute }; >allow logwatch_t self:capability net_admin; > >#============= qmail_clean_t ============== >allow qmail_clean_t qmail_spool_t:dir read; > >#============= qmail_inject_t ============== >allow qmail_inject_t self:capability { dac_read_search dac_override }; > >#============= qmail_local_t ============== >allow qmail_local_t httpd_sys_content_t:dir { write search read remove_name open getattr add_name }; >allow qmail_local_t httpd_sys_content_t:file { rename execute read lock create ioctl execute_no_trans write getattr unlink open }; >allow qmail_local_t httpd_sys_script_exec_t:file { ioctl execute read open getattr execute_no_trans }; >allow qmail_local_t httpd_user_content_t:lnk_file read; >allow qmail_local_t postgresql_t:unix_stream_socket connectto; >allow qmail_local_t postgresql_var_run_t:dir search; >allow qmail_local_t postgresql_var_run_t:sock_file write; >allow qmail_local_t qmail_inject_exec_t:file { read execute open execute_no_trans }; >allow qmail_local_t self:capability setuid; >allow qmail_local_t self:process setpgid; >allow qmail_local_t tmp_t:file { write create unlink open }; > >#!!!! This avc can be allowed using one of the these booleans: ># authlogin_nsswitch_use_ldap, global_ssp >allow qmail_local_t urandom_device_t:chr_file { read open }; > >#============= qmail_lspawn_t ============== >allow qmail_lspawn_t var_t:file { read open }; > >#============= qmail_queue_t ============== >allow qmail_queue_t qmail_start_t:fifo_file { read write }; >allow qmail_queue_t user_home_t:file { write append }; > >#============= qmail_remote_t ============== >allow qmail_remote_t dns_port_t:tcp_socket name_connect; >allow qmail_remote_t qmail_spool_t:dir read; > >#============= qmail_send_t ============== >allow qmail_send_t initrc_t:process sigchld; > >#============= qmail_start_t ============== >allow qmail_start_t qmail_spool_t:dir { read write search open add_name }; >allow qmail_start_t qmail_spool_t:fifo_file { read open }; >allow qmail_start_t qmail_spool_t:file { read write getattr open create }; > >#============= setroubleshootd_t ============== > >#!!!! This avc has a dontaudit rule in the current policy >allow setroubleshootd_t self:capability net_admin; > >#============= systemd_passwd_agent_t ============== >allow systemd_passwd_agent_t self:capability net_admin; > >#============= systemd_tmpfiles_t ============== > >#!!!! This avc is allowed in the current policy >allow systemd_tmpfiles_t self:capability net_admin;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=890493">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1091647
:
890473
|
890474
|
890475
|
890476
|
890490
|
890491
|
890492
| 890493 |
890495
|
890496
|
890498
|
890499
|
890500
|
890502