add some definition to the standard types available for sandboxes
This commit is contained in:
parent
9d3be2cefc
commit
3348eaa82b
|
@ -245660,6 +245660,30 @@ index 9db766c..92034be 100644
|
||||||
/*
|
/*
|
||||||
* Do not execvp the command directly from run_init; since it would run
|
* Do not execvp the command directly from run_init; since it would run
|
||||||
* under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
|
* under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
|
||||||
|
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
|
||||||
|
index 3f05c79..00d9b37 100644
|
||||||
|
--- a/policycoreutils/sandbox/sandbox.8
|
||||||
|
+++ b/policycoreutils/sandbox/sandbox.8
|
||||||
|
@@ -41,6 +41,19 @@ Create a Sandbox with temporary files for $HOME and /tmp.
|
||||||
|
.TP
|
||||||
|
\fB\-t type\fR
|
||||||
|
Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
|
||||||
|
+
|
||||||
|
+\fBExamples:\fR
|
||||||
|
+.br
|
||||||
|
+sandbox_t - No X, No Network Access, No Open, read/write on passed in file descriptors.
|
||||||
|
+.br
|
||||||
|
+sandbox_min_t - No Network Access
|
||||||
|
+.br
|
||||||
|
+sandbox_x_t - Printer Ports
|
||||||
|
+.br
|
||||||
|
+sandbox_web_t - Ports required for web browsing
|
||||||
|
+.br
|
||||||
|
+sandbox_net_t - All network ports
|
||||||
|
+
|
||||||
|
.TP
|
||||||
|
\fB\-T\ tmpdir
|
||||||
|
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||||
index 9f6a949..779a6a1 100755
|
index 9f6a949..779a6a1 100755
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
--- a/policycoreutils/scripts/fixfiles
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.11
|
Version: 2.1.11
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
|
@ -340,6 +340,9 @@ fi
|
||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-11
|
||||||
|
- add some definition to the standard types available for sandboxes
|
||||||
|
|
||||||
* Mon May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
|
* Mon May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
|
||||||
- Remove lockdown wizard
|
- Remove lockdown wizard
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue