add some definition to the standard types available for sandboxes

This commit is contained in:
Dan Walsh 2012-05-03 19:34:17 -04:00
parent 9d3be2cefc
commit 3348eaa82b
2 changed files with 28 additions and 1 deletions

View File

@ -245660,6 +245660,30 @@ index 9db766c..92034be 100644
/*
* Do not execvp the command directly from run_init; since it would run
* under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
index 3f05c79..00d9b37 100644
--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
@@ -41,6 +41,19 @@ Create a Sandbox with temporary files for $HOME and /tmp.
.TP
\fB\-t type\fR
Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
+
+\fBExamples:\fR
+.br
+sandbox_t - No X, No Network Access, No Open, read/write on passed in file descriptors.
+.br
+sandbox_min_t - No Network Access
+.br
+sandbox_x_t - Printer Ports
+.br
+sandbox_web_t - Ports required for web browsing
+.br
+sandbox_net_t - All network ports
+
.TP
\fB\-T\ tmpdir
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 9f6a949..779a6a1 100755
--- a/policycoreutils/scripts/fixfiles

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.11
Release: 10%{?dist}
Release: 11%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -340,6 +340,9 @@ fi
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
* Thu May 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-11
- add some definition to the standard types available for sandboxes
* Mon May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
- Remove lockdown wizard