diff options
| author |   Chris PeBenito <Christopher.PeBenito@microsoft.com> | 2019-04-19 11:50:59 -0400 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2019-04-28 18:00:55 +0800 |
| commit | 21cc848fadf0aab51a7af63066e5130187c96cb4 (patch) | |
| tree | aca38e9384bf0346580893c4439489bd3baae85b /config | |
| parent | devices: Change netcontrol devices to pmqos. (diff) | |
| download | hardened-refpolicy-21cc848fadf0aab51a7af63066e5130187c96cb4.tar.gz hardened-refpolicy-21cc848fadf0aab51a7af63066e5130187c96cb4.tar.bz2 hardened-refpolicy-21cc848fadf0aab51a7af63066e5130187c96cb4.zip | |
systemd: Add initial policy for systemd --user.
This is just a start; it does not cover all uses.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Signed-off-by: Jason Zaman <jason@perfinion.com>
Diffstat (limited to 'config')
| -rw-r--r-- | config/appconfig-mcs/default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mcs/root_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mcs/staff_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mcs/unconfined_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mcs/user_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/root_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/staff_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/unconfined_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-mls/user_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-standard/default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-standard/root_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-standard/staff_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-standard/unconfined_u_default_contexts | 1 | ||||
| -rw-r--r-- | config/appconfig-standard/user_u_default_contexts | 1 |
15 files changed, 15 insertions, 0 deletions
diff --git a/config/appconfig-mcs/default_contexts b/config/appconfig-mcs/default_contexts index 6d2e4070a..ee278c546 100644 --- a/config/appconfig-mcs/default_contexts +++ b/config/appconfig-mcs/default_contexts @@ -1,4 +1,5 @@ system_r:crond_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0 +system_r:init_t:s0 user_r:user_systemd_t:s0 staff_r:staff_systemd_t:s0 sysadm_r:sysadm_systemd_t:s0 unconfined_r:unconfined_t:s0 system_r:atd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0 diff --git a/config/appconfig-mcs/root_default_contexts b/config/appconfig-mcs/root_default_contexts index 7805778a2..498b429f5 100644 --- a/config/appconfig-mcs/root_default_contexts +++ b/config/appconfig-mcs/root_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0 +system_r:init_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_systemd_t:s0 staff_r:staff_systemd_t:s0 user_r:user_systemd_t:s0 system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-mcs/staff_u_default_contexts b/config/appconfig-mcs/staff_u_default_contexts index daefcf77d..8f506fa57 100644 --- a/config/appconfig-mcs/staff_u_default_contexts +++ b/config/appconfig-mcs/staff_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t:s0 staff_r:staff_systemd_t:s0 sysadm_r:sysadm_systemd_t:s0 system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 system_r:remote_login_t:s0 staff_r:staff_t:s0 system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 diff --git a/config/appconfig-mcs/unconfined_u_default_contexts b/config/appconfig-mcs/unconfined_u_default_contexts index 106e093d8..96c5e13aa 100644 --- a/config/appconfig-mcs/unconfined_u_default_contexts +++ b/config/appconfig-mcs/unconfined_u_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0 +system_r:init_t:s0 unconfined_r:unconfined_t:s0 system_r:initrc_t:s0 unconfined_r:unconfined_t:s0 system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0 diff --git a/config/appconfig-mcs/user_u_default_contexts b/config/appconfig-mcs/user_u_default_contexts index 56d6071c2..24af20b93 100644 --- a/config/appconfig-mcs/user_u_default_contexts +++ b/config/appconfig-mcs/user_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t:s0 user_r:user_systemd_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 system_r:sshd_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-mls/default_contexts b/config/appconfig-mls/default_contexts index 6d2e4070a..ee278c546 100644 --- a/config/appconfig-mls/default_contexts +++ b/config/appconfig-mls/default_contexts @@ -1,4 +1,5 @@ system_r:crond_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0 +system_r:init_t:s0 user_r:user_systemd_t:s0 staff_r:staff_systemd_t:s0 sysadm_r:sysadm_systemd_t:s0 unconfined_r:unconfined_t:s0 system_r:atd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0 diff --git a/config/appconfig-mls/root_default_contexts b/config/appconfig-mls/root_default_contexts index 7805778a2..498b429f5 100644 --- a/config/appconfig-mls/root_default_contexts +++ b/config/appconfig-mls/root_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0 +system_r:init_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_systemd_t:s0 staff_r:staff_systemd_t:s0 user_r:user_systemd_t:s0 system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-mls/staff_u_default_contexts b/config/appconfig-mls/staff_u_default_contexts index daefcf77d..8f506fa57 100644 --- a/config/appconfig-mls/staff_u_default_contexts +++ b/config/appconfig-mls/staff_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t:s0 staff_r:staff_systemd_t:s0 sysadm_r:sysadm_systemd_t:s0 system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 system_r:remote_login_t:s0 staff_r:staff_t:s0 system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 diff --git a/config/appconfig-mls/unconfined_u_default_contexts b/config/appconfig-mls/unconfined_u_default_contexts index 106e093d8..96c5e13aa 100644 --- a/config/appconfig-mls/unconfined_u_default_contexts +++ b/config/appconfig-mls/unconfined_u_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0 +system_r:init_t:s0 unconfined_r:unconfined_t:s0 system_r:initrc_t:s0 unconfined_r:unconfined_t:s0 system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0 diff --git a/config/appconfig-mls/user_u_default_contexts b/config/appconfig-mls/user_u_default_contexts index 56d6071c2..24af20b93 100644 --- a/config/appconfig-mls/user_u_default_contexts +++ b/config/appconfig-mls/user_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t:s0 user_r:user_systemd_t:s0 system_r:local_login_t:s0 user_r:user_t:s0 system_r:remote_login_t:s0 user_r:user_t:s0 system_r:sshd_t:s0 user_r:user_t:s0 diff --git a/config/appconfig-standard/default_contexts b/config/appconfig-standard/default_contexts index fcc65d670..5afa8d2a6 100644 --- a/config/appconfig-standard/default_contexts +++ b/config/appconfig-standard/default_contexts @@ -1,4 +1,5 @@ system_r:crond_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t user_r:cronjob_t staff_r:cronjob_t sysadm_r:cronjob_t system_r:system_cronjob_t unconfined_r:unconfined_cronjob_t +system_r:init_t user_r:user_systemd_t staff_r:staff_systemd_t sysadm_r:sysadm_systemd_t unconfined_r:unconfined_t system_r:atd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:local_login_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t unconfined_r:unconfined_t system_r:remote_login_t user_r:user_t staff_r:staff_t unconfined_r:unconfined_t diff --git a/config/appconfig-standard/root_default_contexts b/config/appconfig-standard/root_default_contexts index f5225686c..60080fb2a 100644 --- a/config/appconfig-standard/root_default_contexts +++ b/config/appconfig-standard/root_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t unconfined_r:unconfined_t sysadm_r:cronjob_t staff_r:cronjob_t user_r:cronjob_t +system_r:init_t unconfined_r:unconfined_t sysadm_r:sysadm_systemd_t staff_r:staff_systemd_t user_r:user_systemd_t system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t staff_r:staff_su_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t diff --git a/config/appconfig-standard/staff_u_default_contexts b/config/appconfig-standard/staff_u_default_contexts index 382fe3380..e44544f08 100644 --- a/config/appconfig-standard/staff_u_default_contexts +++ b/config/appconfig-standard/staff_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t staff_r:staff_systemd_t sysadm_r:sysadm_systemd_t system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t system_r:remote_login_t staff_r:staff_t system_r:sshd_t staff_r:staff_t sysadm_r:sysadm_t diff --git a/config/appconfig-standard/unconfined_u_default_contexts b/config/appconfig-standard/unconfined_u_default_contexts index e340b2199..2931e851c 100644 --- a/config/appconfig-standard/unconfined_u_default_contexts +++ b/config/appconfig-standard/unconfined_u_default_contexts @@ -1,4 +1,5 @@ system_r:crond_t unconfined_r:unconfined_t unconfined_r:unconfined_cronjob_t +system_r:init_t unconfined_r:unconfined_t system_r:initrc_t unconfined_r:unconfined_t system_r:local_login_t unconfined_r:unconfined_t system_r:remote_login_t unconfined_r:unconfined_t diff --git a/config/appconfig-standard/user_u_default_contexts b/config/appconfig-standard/user_u_default_contexts index 63b7eecd1..8b553c4bd 100644 --- a/config/appconfig-standard/user_u_default_contexts +++ b/config/appconfig-standard/user_u_default_contexts @@ -1,3 +1,4 @@ +system_r:init_t user_r:user_systemd_t system_r:local_login_t user_r:user_t system_r:remote_login_t user_r:user_t system_r:sshd_t user_r:user_t |