Replaces auth_*_except_auth_files interfaces with files_*_non_auth_* interfaces.
Signed-off-by: James Carter <[email protected]>
---
dpkg.te | 6 +++---
ftp.te | 4 ++--
portage.if | 6 +++---
puppet.te | 2 +-
rgmanager.te | 2 +-
rpc.te | 6 +++---
rpm.te | 6 +++---
rsync.te | 6 +++---
samba.te | 12 ++++++------
snmp.te | 2 +-
sosreport.te | 2 +-
sxid.te | 2 +-
12 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/dpkg.te b/dpkg.te
index 20ee3f5..d134e6e 100644
--- a/dpkg.te
+++ b/dpkg.te
@@ -143,8 +143,8 @@ storage_raw_write_fixed_disk(dpkg_t)
# for installing kernel packages
storage_raw_read_fixed_disk(dpkg_t)
-auth_relabel_all_files_except_auth_files(dpkg_t)
-auth_manage_all_files_except_auth_files(dpkg_t)
+files_relabel_non_auth_files(dpkg_t)
+files_manage_non_auth_files(dpkg_t)
auth_dontaudit_read_shadow(dpkg_t)
files_exec_etc_files(dpkg_t)
@@ -289,7 +289,7 @@ term_use_all_terms(dpkg_script_t)
auth_dontaudit_getattr_shadow(dpkg_script_t)
# ideally we would not need this
-auth_manage_all_files_except_auth_files(dpkg_script_t)
+files_manage_non_auth_files(dpkg_script_t)
init_domtrans_script(dpkg_script_t)
init_use_script_fds(dpkg_script_t)
diff --git a/ftp.te b/ftp.te
index 02ffdfb..df288c3 100644
--- a/ftp.te
+++ b/ftp.te
@@ -261,7 +261,7 @@ tunable_policy(`allow_ftpd_use_nfs && allow_ftpd_anon_write',`
tunable_policy(`allow_ftpd_full_access',`
allow ftpd_t self:capability { dac_override dac_read_search };
- auth_manage_all_files_except_auth_files(ftpd_t)
+ files_manage_non_auth_files(ftpd_t)
')
tunable_policy(`ftp_home_dir',`
@@ -394,7 +394,7 @@ tunable_policy(`sftpd_enable_homedirs && use_samba_home_dirs',`
tunable_policy(`sftpd_full_access',`
allow sftpd_t self:capability { dac_override dac_read_search };
fs_read_noxattr_fs_files(sftpd_t)
- auth_manage_all_files_except_auth_files(sftpd_t)
+ files_manage_non_auth_files(sftpd_t)
')
tunable_policy(`use_samba_home_dirs',`
diff --git a/portage.if b/portage.if
index ce69a52..a8aed11 100644
--- a/portage.if
+++ b/portage.if
@@ -174,9 +174,9 @@ interface(`portage_compile_domain',`
# needed for merging dbus:
selinux_compute_access_vector($1)
- auth_read_all_dirs_except_auth_files($1)
- auth_read_all_files_except_auth_files($1)
- auth_read_all_symlinks_except_auth_files($1)
+ files_read_non_auth_dirs($1)
+ files_read_non_auth_files($1)
+ files_read_non_auth_symlinks($1)
libs_exec_lib_files($1)
# some config scripts use ldd
diff --git a/puppet.te b/puppet.te
index b3e7665..cab5319 100644
--- a/puppet.te
+++ b/puppet.te
@@ -134,7 +134,7 @@ sysnet_dns_name_resolve(puppet_t)
sysnet_run_ifconfig(puppet_t, system_r)
tunable_policy(`puppet_manage_all_files',`
- auth_manage_all_files_except_auth_files(puppet_t)
+ files_manage_non_auth_files(puppet_t)
')
optional_policy(`
diff --git a/rgmanager.te b/rgmanager.te
index c537000..3740776 100644
--- a/rgmanager.te
+++ b/rgmanager.te
@@ -92,7 +92,7 @@ term_getattr_pty_fs(rgmanager_t)
#term_use_ptmx(rgmanager_t)
# needed by resources scripts
-auth_read_all_files_except_auth_files(rgmanager_t)
+files_read_non_auth_files(rgmanager_t)
auth_dontaudit_getattr_shadow(rgmanager_t)
auth_use_nsswitch(rgmanager_t)
diff --git a/rpc.te b/rpc.te
index 62fca97..5f1eab6 100644
--- a/rpc.te
+++ b/rpc.te
@@ -158,7 +158,7 @@ tunable_policy(`nfs_export_all_rw',`
dev_getattr_all_chr_files(nfsd_t)
fs_read_noxattr_fs_files(nfsd_t)
- auth_manage_all_files_except_auth_files(nfsd_t)
+ files_manage_non_auth_files(nfsd_t)
')
tunable_policy(`nfs_export_all_ro',`
@@ -170,8 +170,8 @@ tunable_policy(`nfs_export_all_ro',`
fs_read_noxattr_fs_files(nfsd_t)
- auth_read_all_dirs_except_auth_files(nfsd_t)
- auth_read_all_files_except_auth_files(nfsd_t)
+ files_read_non_auth_dirs(nfsd_t)
+ files_read_non_auth_files(nfsd_t)
')
########################################
diff --git a/rpm.te b/rpm.te
index e9f1f16..b70ad5f 100644
--- a/rpm.te
+++ b/rpm.te
@@ -158,8 +158,8 @@ storage_raw_read_fixed_disk(rpm_t)
term_list_ptys(rpm_t)
-auth_relabel_all_files_except_auth_files(rpm_t)
-auth_manage_all_files_except_auth_files(rpm_t)
+files_relabel_non_auth_files(rpm_t)
+files_manage_non_auth_files(rpm_t)
auth_dontaudit_read_shadow(rpm_t)
auth_use_nsswitch(rpm_t)
@@ -308,7 +308,7 @@ term_use_all_terms(rpm_script_t)
auth_dontaudit_getattr_shadow(rpm_script_t)
auth_use_nsswitch(rpm_script_t)
# ideally we would not need this
-auth_manage_all_files_except_auth_files(rpm_script_t)
+files_manage_non_auth_files(rpm_script_t)
auth_relabel_shadow(rpm_script_t)
corecmd_exec_all_executables(rpm_script_t)
diff --git a/rsync.te b/rsync.te
index 5c17e84..24f9e93 100644
--- a/rsync.te
+++ b/rsync.te
@@ -125,9 +125,9 @@ tunable_policy(`rsync_export_all_ro',`
fs_read_noxattr_fs_files(rsync_t)
fs_read_nfs_files(rsync_t)
fs_read_cifs_files(rsync_t)
- auth_read_all_dirs_except_auth_files(rsync_t)
- auth_read_all_files_except_auth_files(rsync_t)
- auth_read_all_symlinks_except_auth_files(rsync_t)
+ files_read_non_auth_dirs(rsync_t)
+ files_read_non_auth_files(rsync_t)
+ files_read_non_auth_symlinks(rsync_t)
auth_tunable_read_shadow(rsync_t)
')
auth_can_read_shadow_passwords(rsync_t)
diff --git a/samba.te b/samba.te
index fff6675..6d238ae 100644
--- a/samba.te
+++ b/samba.te
@@ -449,18 +449,18 @@ tunable_policy(`samba_create_home_dirs',`
tunable_policy(`samba_export_all_ro',`
fs_read_noxattr_fs_files(smbd_t)
- auth_read_all_dirs_except_auth_files(smbd_t)
- auth_read_all_files_except_auth_files(smbd_t)
+ files_read_non_auth_dirs(smbd_t)
+ files_read_non_auth_files(smbd_t)
fs_read_noxattr_fs_files(nmbd_t)
- auth_read_all_dirs_except_auth_files(nmbd_t)
- auth_read_all_files_except_auth_files(nmbd_t)
+ files_read_non_auth_dirs(nmbd_t)
+ files_read_non_auth_files(nmbd_t)
')
tunable_policy(`samba_export_all_rw',`
fs_read_noxattr_fs_files(smbd_t)
- auth_manage_all_files_except_auth_files(smbd_t)
+ files_manage_non_auth_files(smbd_t)
fs_read_noxattr_fs_files(nmbd_t)
- auth_manage_all_files_except_auth_files(nmbd_t)
+ files_manage_non_auth_files(nmbd_t)
userdom_user_home_dir_filetrans_user_home_content(nmbd_t, { file dir })
')
diff --git a/snmp.te b/snmp.te
index eb3c1d0..9d6b11b 100644
--- a/snmp.te
+++ b/snmp.te
@@ -99,7 +99,7 @@ storage_dontaudit_read_fixed_disk(snmpd_t)
storage_dontaudit_read_removable_device(snmpd_t)
auth_use_nsswitch(snmpd_t)
-auth_read_all_dirs_except_auth_files(snmpd_t)
+files_read_non_auth_dirs(snmpd_t)
init_read_utmp(snmpd_t)
init_dontaudit_write_utmp(snmpd_t)
diff --git a/sosreport.te b/sosreport.te
index ebaff2f..5b653e3 100644
--- a/sosreport.te
+++ b/sosreport.te
@@ -80,7 +80,7 @@ fs_list_inotifyfs(sosreport_t)
# some config files do not have configfile attribute
# sosreport needs to read various files on system
-auth_read_all_files_except_auth_files(sosreport_t)
+files_read_non_auth_files(sosreport_t)
auth_use_nsswitch(sosreport_t)
init_domtrans_script(sosreport_t)
diff --git a/sxid.te b/sxid.te
index 045fb86..9154671 100644
--- a/sxid.te
+++ b/sxid.te
@@ -66,7 +66,7 @@ fs_list_all(sxid_t)
term_dontaudit_use_console(sxid_t)
-auth_read_all_files_except_auth_files(sxid_t)
+files_read_non_auth_files(sxid_t)
auth_dontaudit_getattr_shadow(sxid_t)
init_use_fds(sxid_t)
--
1.7.7.6