diff options
-rw-r--r-- | policy/modules/admin/sosreport.fc | 1 | ||||
-rw-r--r-- | policy/modules/admin/sosreport.te | 47 |
2 files changed, 43 insertions, 5 deletions
diff --git a/policy/modules/admin/sosreport.fc b/policy/modules/admin/sosreport.fc index d445530f..9958cde0 100644 --- a/policy/modules/admin/sosreport.fc +++ b/policy/modules/admin/sosreport.fc @@ -1,5 +1,6 @@ /usr/bin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0) /usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0) +/usr/sbin/sos -- gen_context(system_u:object_r:sosreport_exec_t,s0) /\.ismount-test-file -- gen_context(system_u:object_r:sosreport_tmp_t,s0) diff --git a/policy/modules/admin/sosreport.te b/policy/modules/admin/sosreport.te index 1eb06003..fa3168a6 100644 --- a/policy/modules/admin/sosreport.te +++ b/policy/modules/admin/sosreport.te @@ -39,8 +39,10 @@ allow sosreport_t self:tcp_socket { accept listen }; allow sosreport_t self:unix_stream_socket { accept listen }; manage_dirs_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t) +manage_fifo_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t) manage_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t) manage_lnk_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t) +manage_sock_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t) files_root_filetrans(sosreport_t, sosreport_tmp_t, file, ".ismount-test-file") files_tmp_filetrans(sosreport_t, sosreport_tmp_t, { file dir }) @@ -91,10 +93,17 @@ files_read_kernel_modules(sosreport_t) files_read_all_symlinks(sosreport_t) files_manage_etc_runtime_files(sosreport_t) files_etc_filetrans_etc_runtime(sosreport_t, file) +files_map_usr_files(sosreport_t) fs_getattr_all_fs(sosreport_t) fs_list_inotifyfs(sosreport_t) +selinux_compute_access_vector(sosreport_t) +selinux_compute_create_context(sosreport_t) +selinux_get_all_booleans(sosreport_t) +selinux_read_policy(sosreport_t) +selinux_validate_context(sosreport_t) + storage_dontaudit_read_fixed_disk(sosreport_t) storage_dontaudit_read_removable_device(sosreport_t) @@ -102,9 +111,11 @@ term_use_generic_ptys(sosreport_t) auth_use_nsswitch(sosreport_t) +init_get_all_units_status(sosreport_t) +init_dbus_chat(sosreport_t) init_domtrans_script(sosreport_t) -libs_domtrans_ldconfig(sosreport_t) +libs_run_ldconfig(sosreport_t, sosreport_roles) logging_read_all_logs(sosreport_t) logging_send_syslog_msg(sosreport_t) @@ -113,6 +124,8 @@ miscfiles_read_localization(sosreport_t) modutils_read_module_deps(sosreport_t) +userdom_use_inherited_user_terminals(sosreport_t) + optional_policy(` abrt_manage_runtime_files(sosreport_t) abrt_manage_cache(sosreport_t) @@ -124,11 +137,20 @@ optional_policy(` ') optional_policy(` + devicekit_dbus_chat(sosreport_t) + devicekit_dbus_chat_disk(sosreport_t) +') + +optional_policy(` dmesg_domtrans(sosreport_t) ') optional_policy(` - fstools_domtrans(sosreport_t) + firewalld_dbus_chat(sosreport_t) +') + +optional_policy(` + fstools_run(sosreport_t, sosreport_roles) ') optional_policy(` @@ -140,11 +162,19 @@ optional_policy(` ') optional_policy(` - lvm_domtrans(sosreport_t) + lvm_run(sosreport_t, sosreport_roles) ') optional_policy(` - mount_domtrans(sosreport_t) + mount_run(sosreport_t, sosreport_roles) +') + +optional_policy(` + networkmanager_dbus_chat(sosreport_t) +') + +optional_policy(` + ntp_dbus_chat(sosreport_t) ') optional_policy(` @@ -158,7 +188,14 @@ optional_policy(` ') optional_policy(` - setroubleshoot_signull(sosreport_t) + setroubleshoot_signull(sosreport_t) +') + +optional_policy(` + systemd_dbus_chat_hostnamed(sosreport_t) + systemd_dbus_chat_logind(sosreport_t) + systemd_map_hwdb(sosreport_t) + systemd_read_journal_files(sosreport_t) ') optional_policy(` |