All the interfaces below were always being removed because of unmet requires.
ccs.if:ccs_admin()
Use cluster_conf_t instead of ccs_conf_t.
Called in roles/sysadm.te.
cfengine.if:cfengine_dontaudit_write_log_files()
Use cfengine_log_t instead of cfengine_var_log_t.
Called in contrib/sendmail.te.
cobbler.if:cobbler_admin()
Use cobbler_content_t instead of httpd_cobbler_content_t,
httpd_cobbler_content_ra_t, and httpd_cobbler_content_rw_t.
Called in roles/sysadm.te.
cron.if:cron_manage_system_spool()
Use system_cron_spool_t instead of cron_system_spool_t.
Called in system/init.te.
rpm.if:rpm_admin()
Use rpm_var_cache_t instead of rpm_cache_t.
Called in roles/sysadm.te
sssd.if:sssd_admin()
Use sssd_var_log_t instead of sssd_log_t.
Called in roles/sysadm.te
Signed-off-by: James Carter <[email protected]>
---
ccs.if | 4 ++--
cfengine.if | 4 ++--
cobbler.if | 6 +++---
cron.if | 4 ++--
rpm.if | 4 ++--
sssd.if | 4 ++--
6 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/ccs.if b/ccs.if
index 92f67fa..767fb71 100644
--- a/ccs.if
+++ b/ccs.if
@@ -99,7 +99,7 @@ interface(`ccs_admin',`
gen_require(`
type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
type ccs_var_lib_t, ccs_var_log_t;
- type ccs_var_run_t, ccs_tmp_t, ccs_conf_t;
+ type ccs_var_run_t, ccs_tmp_t;
')
allow $1 ccs_t:process { ptrace signal_perms };
@@ -108,7 +108,7 @@ interface(`ccs_admin',`
init_startstop_service($1, $2, ccs_t, ccs_initrc_exec_t)
files_search_etc($1)
- admin_pattern($1, ccs_conf_t)
+ admin_pattern($1, cluster_conf_t)
files_search_var_lib($1)
admin_pattern($1, ccs_var_lib_t)
diff --git a/cfengine.if b/cfengine.if
index fdef5f3..ff0b003 100644
--- a/cfengine.if
+++ b/cfengine.if
@@ -65,10 +65,10 @@ interface(`cfengine_read_lib_files',`
#
interface(`cfengine_dontaudit_write_log_files',`
gen_require(`
- type cfengine_var_log_t;
+ type cfengine_log_t;
')
- dontaudit $1 cfengine_var_log_t:file write_file_perms;
+ dontaudit $1 cfengine_log_t:file write_file_perms;
')
########################################
diff --git a/cobbler.if b/cobbler.if
index 40f8999..6c6b575 100644
--- a/cobbler.if
+++ b/cobbler.if
@@ -154,8 +154,8 @@ interface(`cobbler_manage_lib_files',`
interface(`cobbler_admin',`
gen_require(`
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
- type cobbler_etc_t, cobblerd_initrc_exec_t, httpd_cobbler_content_t;
- type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t, cobbler_tmp_t;
+ type cobbler_etc_t, cobblerd_initrc_exec_t, cobbler_content_t;
+ type cobbler_tmp_t;
')
allow $1 cobblerd_t:process { ptrace signal_perms };
@@ -176,5 +176,5 @@ interface(`cobbler_admin',`
admin_pattern($1, cobbler_var_log_t)
apache_search_sys_content($1)
- admin_pattern($1, { httpd_cobbler_content_t httpd_cobbler_content_ra_t httpd_cobbler_content_rw_t })
+ admin_pattern($1, cobbler_content_t)
')
diff --git a/cron.if b/cron.if
index 23bd141..d40848a 100644
--- a/cron.if
+++ b/cron.if
@@ -699,11 +699,11 @@ interface(`cron_use_system_job_fds',`
#
interface(`cron_manage_system_spool',`
gen_require(`
- type cron_system_spool_t;
+ type system_cron_spool_t;
')
files_search_spool($1)
- manage_files_pattern($1, cron_system_spool_t, cron_system_spool_t)
+ manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
')
########################################
diff --git a/rpm.if b/rpm.if
index 016cdb2..d316410 100644
--- a/rpm.if
+++ b/rpm.if
@@ -613,7 +613,7 @@ interface(`rpm_pid_filetrans_rpm_pid',`
interface(`rpm_admin',`
gen_require(`
type rpm_t, rpm_script_t, rpm_initrc_exec_t;
- type rpm_cache_t, rpm_var_lib_t, rpm_lock_t;
+ type rpm_var_cache_t, rpm_var_lib_t, rpm_lock_t;
type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t, rpm_var_run_t;
type rpm_script_tmp_t, rpm_script_tmpfs_t, rpm_file_t;
')
@@ -626,7 +626,7 @@ interface(`rpm_admin',`
admin_pattern($1, rpm_file_t)
files_list_var($1)
- admin_pattern($1, rpm_cache_t)
+ admin_pattern($1, rpm_var_cache_t)
files_list_tmp($1)
admin_pattern($1, { rpm_tmp_t rpm_script_tmp_t })
diff --git a/sssd.if b/sssd.if
index e1b4cb0..bdb7f88 100644
--- a/sssd.if
+++ b/sssd.if
@@ -336,7 +336,7 @@ interface(`sssd_admin',`
gen_require(`
type sssd_t, sssd_public_t, sssd_initrc_exec_t;
type sssd_var_lib_t, sssd_var_run_t, sssd_conf_t;
- type sssd_log_t;
+ type sssd_var_log_t;
')
allow $1 sssd_t:process { ptrace signal_perms };
@@ -354,5 +354,5 @@ interface(`sssd_admin',`
admin_pattern($1, sssd_var_run_t)
logging_search_logs($1)
- admin_pattern($1, sssd_log_t)
+ admin_pattern($1, sssd_var_log_t)
')
--
2.13.6