-##
-## Allow Apache to modify public files
-## used for public file transfer services, directories/files must
-## be labeled public_content_rw_t.
-##
-=======
-##
##
## Allow Apache to modify public files
## used for public file transfer services. Directories/Files must
## be labeled public_content_rw_t.
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(allow_httpd_anon_write, false)
##
-<<<<<<< HEAD
-##
-## Allow Apache to use mod_auth_pam
-##
-=======
##
## Allow Apache to use mod_auth_pam
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(allow_httpd_mod_auth_pam, false)
##
-<<<<<<< HEAD
-##
-## Allow Apache to use mod_auth_ntlm_winbind
-##
+##
+## Allow Apache to use mod_auth_ntlm_winbind
+##
##
gen_tunable(allow_httpd_mod_auth_ntlm_winbind, false)
##
-##
-## Allow httpd scripts and modules execmem/execstack
-##
+##
+## Allow httpd scripts and modules execmem/execstack
+##
##
gen_tunable(httpd_execmem, false)
##
-##
-## Allow httpd processes to manage IPA content
-##
+##
+## Allow httpd processes to manage IPA content
+##
##
gen_tunable(httpd_manage_ipa, false)
##
-##
-## Allow httpd daemon to change system limits
-##
+##
+## Allow httpd daemon to change system limits
+##
##
gen_tunable(httpd_setrlimit, false)
##
-##
-## Allow httpd to use built in scripting (usually php)
-##
-=======
##
## Allow httpd to use built in scripting (usually php)
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_builtin_scripting, false)
##
-<<<<<<< HEAD
-##
-## Allow HTTPD scripts and modules to connect to the network using any TCP port.
-##
-=======
##
## Allow HTTPD scripts and modules to connect to the network using TCP.
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_can_network_connect, false)
##
-<<<<<<< HEAD
-##
-## Allow HTTPD scripts and modules to connect to cobbler over the network.
-##
+##
+## Allow HTTPD scripts and modules to connect to cobbler over the network.
+##
##
gen_tunable(httpd_can_network_connect_cobbler, false)
##
-##
-## Allow HTTPD to connect to port 80 for graceful shutdown
-##
+##
+## Allow HTTPD to connect to port 80 for graceful shutdown
+##
##
gen_tunable(httpd_graceful_shutdown, false)
##
-##
-## Allow HTTPD scripts and modules to connect to databases over the network.
-##
-=======
##
## Allow HTTPD scripts and modules to connect to databases over the network.
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_can_network_connect_db, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to connect to memcache server
-##
+##
+## Allow httpd to connect to memcache server
+##
##
gen_tunable(httpd_can_network_memcache, false)
##
-##
-## Allow httpd to act as a relay
-##
-=======
##
## Allow httpd to act as a relay
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_can_network_relay, false)
##
-<<<<<<< HEAD
-##
-## Allow http daemon to send mail
-##
+##
+## Allow http daemon to send mail
+##
##
gen_tunable(httpd_can_sendmail, false)
-
##
##
## Allow http daemon to connect to zabbix
@@ -173,17 +128,13 @@ gen_tunable(httpd_can_sendmail, false)
gen_tunable(httpd_can_connect_zabbix, false)
##
-##
-## Allow http daemon to check spam
-##
+##
+## Allow http daemon to check spam
+##
##
gen_tunable(httpd_can_check_spam, false)
##
-##
-## Allow Apache to communicate with avahi service via dbus
-##
-=======
##
## Allow http daemon to send mail
##
@@ -194,44 +145,29 @@ gen_tunable(httpd_can_sendmail, false)
##
## Allow Apache to communicate with avahi service via dbus
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_dbus_avahi, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to execute cgi scripts
-##
-=======
##
## Allow httpd cgi support
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_enable_cgi, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to act as a FTP server by
-## listening on the ftp port.
-##
-=======
##
## Allow httpd to act as a FTP server by
## listening on the ftp port.
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_enable_ftp_server, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to act as a FTP client
-## connecting to the ftp port and ephemeral ports
-##
+##
+## Allow httpd to act as a FTP client
+## connecting to the ftp port and ephemeral ports
+##
##
gen_tunable(httpd_can_connect_ftp, false)
@@ -243,37 +179,27 @@ gen_tunable(httpd_can_connect_ftp, false)
gen_tunable(httpd_can_connect_ldap, false)
##
-##
-## Allow httpd to read home directories
-##
-=======
##
## Allow httpd to read home directories
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_enable_homedirs, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to read user content
-##
+##
+## Allow httpd to read user content
+##
##
gen_tunable(httpd_read_user_content, false)
##
-##
-## Allow Apache to run in stickshift mode, not transition to passenger
-##
+##
+## Allow Apache to run in stickshift mode, not transition to passenger
+##
##
gen_tunable(httpd_run_stickshift, false)
##
-##
-## Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
-##
-=======
##
## Allow httpd daemon to change its resource limits
##
@@ -284,130 +210,92 @@ gen_tunable(httpd_setrlimit, false)
##
## Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_ssi_exec, false)
##
-<<<<<<< HEAD
-##
-## Allow Apache to execute tmp content.
-##
+##
+## Allow Apache to execute tmp content.
+##
##
gen_tunable(httpd_tmp_exec, false)
##
-##
-## Unify HTTPD to communicate with the terminal.
-## Needed for entering the passphrase for certificates at
-## the terminal.
-##
-=======
##
## Unify HTTPD to communicate with the terminal.
## Needed for entering the passphrase for certificates at
## the terminal.
-##
>>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_tty_comm, false)
##
-<<<<<<< HEAD
-##
-## Unify HTTPD handling of all content files.
-##
-=======
##
## Unify HTTPD handling of all content files.
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_unified, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to access openstack ports
-##
+##
+## Allow httpd to access openstack ports
+##
##
gen_tunable(httpd_use_openstack, false)
##
-##
-## Allow httpd to access cifs file systems
-##
-=======
##
## Allow httpd to access cifs file systems
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_use_cifs, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to access cifs file systems
-##
+##
+## Allow httpd to access cifs file systems
+##
##
gen_tunable(httpd_use_fusefs, false)
##
-##
-## Allow httpd to run gpg in gpg-web domain
-##
-=======
##
## Allow httpd to run gpg
##
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
gen_tunable(httpd_use_gpg, false)
##
-<<<<<<< HEAD
-##
-## Allow httpd to access nfs file systems
-##
+##
+## Allow httpd to access nfs file systems
+##
##
gen_tunable(httpd_use_nfs, false)
##
-##
-## Allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t.
-##
+##
+## Allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t.
+##
##
gen_tunable(allow_httpd_sys_script_anon_write, false)
##
-##
-## Allow httpd to communicate with oddjob to start up a service
-##
+##
+## Allow httpd to communicate with oddjob to start up a service
+##
##
gen_tunable(httpd_use_oddjob, false)
attribute httpdcontent;
attribute httpd_user_content_type;
attribute httpd_content_type;
-=======
-##
-## Allow httpd to access nfs file systems
-##
-##
-gen_tunable(httpd_use_nfs, false)
attribute httpdcontent;
attribute httpd_user_content_type;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# domains that can exec all users scripts
attribute httpd_exec_scripts;
-<<<<<<< HEAD
attribute httpd_script_type;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
attribute httpd_script_exec_type;
attribute httpd_user_script_exec_type;
@@ -426,11 +314,7 @@ files_type(httpd_cache_t)
# httpd_config_t is the type given to the configuration files
type httpd_config_t;
-<<<<<<< HEAD
files_config_file(httpd_config_t)
-=======
-files_type(httpd_config_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
type httpd_helper_t;
type httpd_helper_exec_t;
@@ -441,12 +325,9 @@ role system_r types httpd_helper_t;
type httpd_initrc_exec_t;
init_script_file(httpd_initrc_exec_t)
-<<<<<<< HEAD
type httpd_unit_file_t;
systemd_unit_file(httpd_unit_file_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
type httpd_lock_t;
files_lock_file(httpd_lock_t)
@@ -486,7 +367,6 @@ files_tmp_file(httpd_suexec_tmp_t)
# setup the system domain for system CGI scripts
apache_content_template(sys)
-<<<<<<< HEAD
optional_policy(`
postgresql_unpriv_client(httpd_sys_script_t)
@@ -502,9 +382,6 @@ typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_scri
typealias httpd_sys_rw_content_t alias { httpd_fastcgi_rw_content_t httpd_fastcgi_script_rw_t };
typealias httpd_sys_ra_content_t alias httpd_fastcgi_script_ra_t;
typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
-=======
-typealias httpd_sys_content_t alias ntop_http_content_t;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
type httpd_tmp_t;
files_tmp_file(httpd_tmp_t)
@@ -514,13 +391,11 @@ files_tmpfs_file(httpd_tmpfs_t)
apache_content_template(user)
ubac_constrained(httpd_user_script_t)
-<<<<<<< HEAD
+
typeattribute httpd_user_content_t httpdcontent;
typeattribute httpd_user_rw_content_t httpdcontent;
typeattribute httpd_user_ra_content_t httpdcontent;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
userdom_user_home_content(httpd_user_content_t)
userdom_user_home_content(httpd_user_htaccess_t)
userdom_user_home_content(httpd_user_script_exec_t)
@@ -528,10 +403,7 @@ userdom_user_home_content(httpd_user_ra_content_t)
userdom_user_home_content(httpd_user_rw_content_t)
typeattribute httpd_user_script_t httpd_script_domains;
typealias httpd_user_content_t alias { httpd_staff_content_t httpd_sysadm_content_t };
-<<<<<<< HEAD
typealias httpd_user_content_t alias httpd_unconfined_content_t;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
typealias httpd_user_content_t alias { httpd_auditadm_content_t httpd_secadm_content_t };
typealias httpd_user_content_t alias { httpd_staff_script_ro_t httpd_sysadm_script_ro_t };
typealias httpd_user_content_t alias { httpd_auditadm_script_ro_t httpd_secadm_script_ro_t };
@@ -553,7 +425,6 @@ files_type(httpd_var_lib_t)
type httpd_var_run_t;
files_pid_file(httpd_var_run_t)
-<<<<<<< HEAD
# Removal of fastcgi, will cause problems without the following
typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
@@ -561,24 +432,16 @@ typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
type squirrelmail_spool_t;
files_tmp_file(squirrelmail_spool_t)
files_spool_file(squirrelmail_spool_t)
-=======
-# File Type of squirrelmail attachments
-type squirrelmail_spool_t;
-files_tmp_file(squirrelmail_spool_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
optional_policy(`
prelink_object_file(httpd_modules_t)
')
-<<<<<<< HEAD
type httpd_passwd_t;
type httpd_passwd_exec_t;
application_domain(httpd_passwd_t, httpd_passwd_exec_t)
role system_r types httpd_passwd_t;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# Apache server local policy
@@ -598,19 +461,13 @@ allow httpd_t self:unix_dgram_socket { create_socket_perms sendto };
allow httpd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow httpd_t self:tcp_socket create_stream_socket_perms;
allow httpd_t self:udp_socket create_socket_perms;
-<<<<<<< HEAD
dontaudit httpd_t self:netlink_audit_socket create_socket_perms;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# Allow httpd_t to put files in /var/cache/httpd etc
manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
-<<<<<<< HEAD
files_var_filetrans(httpd_t, httpd_cache_t, { file dir })
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# Allow the httpd_t to read the web servers config files
allow httpd_t httpd_config_t:dir list_dir_perms;
@@ -654,14 +511,9 @@ allow httpd_t httpd_sys_script_t:unix_stream_socket connectto;
manage_dirs_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
manage_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-<<<<<<< HEAD
manage_sock_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
manage_lnk_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
files_tmp_filetrans(httpd_t, httpd_tmp_t, { file dir lnk_file sock_file })
-=======
-manage_lnk_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-files_tmp_filetrans(httpd_t, httpd_tmp_t, { file dir lnk_file })
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
manage_dirs_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
manage_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
@@ -670,14 +522,9 @@ manage_fifo_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
manage_sock_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
fs_tmpfs_filetrans(httpd_t, httpd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-<<<<<<< HEAD
manage_dirs_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
files_var_lib_filetrans(httpd_t, httpd_var_lib_t, { dir file })
-=======
-manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
-files_var_lib_filetrans(httpd_t, httpd_var_lib_t, file)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
setattr_dirs_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
manage_dirs_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
@@ -692,12 +539,9 @@ manage_lnk_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
kernel_read_kernel_sysctls(httpd_t)
# for modules that want to access /proc/meminfo
kernel_read_system_state(httpd_t)
-<<<<<<< HEAD
kernel_read_network_state(httpd_t)
kernel_read_network_state(httpd_t)
kernel_search_network_sysctl(httpd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
corenet_all_recvfrom_unlabeled(httpd_t)
corenet_all_recvfrom_netlabel(httpd_t)
@@ -708,7 +552,6 @@ corenet_udp_sendrecv_generic_node(httpd_t)
corenet_tcp_sendrecv_all_ports(httpd_t)
corenet_udp_sendrecv_all_ports(httpd_t)
corenet_tcp_bind_generic_node(httpd_t)
-<<<<<<< HEAD
corenet_udp_bind_generic_node(httpd_t)
corenet_tcp_bind_http_port(httpd_t)
corenet_udp_bind_http_port(httpd_t)
@@ -722,13 +565,6 @@ corenet_tcp_bind_puppet_port(httpd_t)
tunable_policy(`httpd_graceful_shutdown',`
corenet_tcp_connect_http_port(httpd_t)
')
-=======
-corenet_tcp_bind_http_port(httpd_t)
-corenet_tcp_bind_http_cache_port(httpd_t)
-corenet_sendrecv_http_server_packets(httpd_t)
-# Signal self for shutdown
-corenet_tcp_connect_http_port(httpd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
dev_read_sysfs(httpd_t)
dev_read_rand(httpd_t)
@@ -737,7 +573,6 @@ dev_rw_crypto(httpd_t)
fs_getattr_all_fs(httpd_t)
fs_search_auto_mountpoints(httpd_t)
-<<<<<<< HEAD
fs_read_iso9660_files(httpd_t)
fs_read_anon_inodefs_files(httpd_t)
fs_read_hugetlbfs_files(httpd_t)
@@ -745,14 +580,10 @@ fs_read_hugetlbfs_files(httpd_t)
auth_use_nsswitch(httpd_t)
application_exec_all(httpd_t)
-=======
-
-auth_use_nsswitch(httpd_t)
# execute perl
corecmd_exec_bin(httpd_t)
corecmd_exec_shell(httpd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
domain_use_interactive_fds(httpd_t)
@@ -760,10 +591,7 @@ files_dontaudit_getattr_all_pids(httpd_t)
files_read_usr_files(httpd_t)
files_list_mnt(httpd_t)
files_search_spool(httpd_t)
-<<<<<<< HEAD
files_read_var_symlinks(httpd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
files_read_var_lib_files(httpd_t)
files_search_home(httpd_t)
files_getattr_home_dir(httpd_t)
@@ -775,7 +603,6 @@ files_read_etc_files(httpd_t)
files_read_var_lib_symlinks(httpd_t)
fs_search_auto_mountpoints(httpd_sys_script_t)
-<<<<<<< HEAD
# php uploads a file to /tmp and then execs programs to acton them
manage_dirs_pattern(httpd_sys_script_t, httpd_tmp_t, httpd_tmp_t)
manage_files_pattern(httpd_sys_script_t, httpd_tmp_t, httpd_tmp_t)
@@ -790,47 +617,31 @@ ifdef(`hide_broken_symptoms',`
libs_exec_lib_files(httpd_t)
')
-=======
-
-libs_read_lib_files(httpd_t)
-
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
logging_send_syslog_msg(httpd_t)
miscfiles_read_localization(httpd_t)
miscfiles_read_fonts(httpd_t)
miscfiles_read_public_files(httpd_t)
miscfiles_read_generic_certs(httpd_t)
-<<<<<<< HEAD
miscfiles_read_tetex_data(httpd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
seutil_dontaudit_search_config(httpd_t)
userdom_use_unpriv_users_fds(httpd_t)
-<<<<<<< HEAD
tunable_policy(`httpd_setrlimit',`
allow httpd_t self:process setrlimit;
allow httpd_t self:capability sys_resource;
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
tunable_policy(`allow_httpd_anon_write',`
miscfiles_manage_public_files(httpd_t)
')
-<<<<<<< HEAD
-=======
-ifdef(`TODO', `
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
#
# We need optionals to be able to be within booleans to make this work
#
tunable_policy(`allow_httpd_mod_auth_pam',`
-<<<<<<< HEAD
auth_domtrans_chkpwd(httpd_t)
logging_send_audit_msgs(httpd_t)
')
@@ -839,17 +650,12 @@ optional_policy(`
tunable_policy(`allow_httpd_mod_auth_ntlm_winbind',`
samba_domtrans_winbind_helper(httpd_t)
')
-=======
- auth_domtrans_chk_passwd(httpd_t)
-')
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
tunable_policy(`httpd_can_network_connect',`
corenet_tcp_connect_all_ports(httpd_t)
')
-<<<<<<< HEAD
tunable_policy(`httpd_can_network_connect_db',`
corenet_tcp_connect_firebird_port(httpd_t)
corenet_tcp_connect_mssql_port(httpd_t)
@@ -862,24 +668,18 @@ tunable_policy(`httpd_can_network_memcache',`
corenet_tcp_connect_memcache_port(httpd_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
tunable_policy(`httpd_can_network_relay',`
# allow httpd to work as a relay
corenet_tcp_connect_gopher_port(httpd_t)
corenet_tcp_connect_ftp_port(httpd_t)
corenet_tcp_connect_http_port(httpd_t)
corenet_tcp_connect_http_cache_port(httpd_t)
-<<<<<<< HEAD
corenet_tcp_connect_squid_port(httpd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
corenet_tcp_connect_memcache_port(httpd_t)
corenet_sendrecv_gopher_client_packets(httpd_t)
corenet_sendrecv_ftp_client_packets(httpd_t)
corenet_sendrecv_http_client_packets(httpd_t)
corenet_sendrecv_http_cache_client_packets(httpd_t)
-<<<<<<< HEAD
corenet_sendrecv_squid_client_packets(httpd_t)
corenet_tcp_connect_all_ephemeral_ports(httpd_t)
')
@@ -898,8 +698,6 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
tunable_policy(`allow_httpd_sys_script_anon_write',`
miscfiles_manage_public_files(httpd_sys_script_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
tunable_policy(`httpd_enable_cgi && httpd_use_nfs',`
@@ -910,7 +708,6 @@ tunable_policy(`httpd_enable_cgi && httpd_use_cifs',`
fs_cifs_domtrans(httpd_t, httpd_sys_script_t)
')
-<<<<<<< HEAD
tunable_policy(`httpd_enable_cgi && httpd_use_fusefs',`
fs_fusefs_domtrans(httpd_t, httpd_sys_script_t)
')
@@ -921,24 +718,19 @@ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
manage_dirs_pattern(httpd_t, httpdcontent, httpd_sys_rw_content_t)
manage_files_pattern(httpd_t, httpdcontent, httpd_sys_rw_content_t)
manage_lnk_files_pattern(httpd_t, httpdcontent, httpd_sys_rw_content_t)
-=======
-tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
- domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
manage_lnk_files_pattern(httpd_t, httpdcontent, httpdcontent)
')
-<<<<<<< HEAD
tunable_policy(`httpd_can_connect_ftp',`
corenet_tcp_connect_ftp_port(httpd_t)
corenet_tcp_connect_all_ephemeral_ports(httpd_t)
')
tunable_policy(`httpd_can_connect_ldap',`
- corenet_tcp_connect_ldap_port(httpd_t)
+ corenet_tcp_connect_ldap_port(httpd_t)
')
tunable_policy(`httpd_can_connect_zabbix',`
@@ -960,22 +752,10 @@ tunable_policy(`httpd_tmp_exec && httpd_enable_cgi',`
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
fs_list_auto_mountpoints(httpd_t)
-=======
-tunable_policy(`httpd_enable_ftp_server',`
- corenet_tcp_bind_ftp_port(httpd_t)
-')
-
-tunable_policy(`httpd_enable_homedirs',`
- userdom_read_user_home_content_files(httpd_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
fs_read_nfs_files(httpd_t)
fs_read_nfs_symlinks(httpd_t)
')
-<<<<<<< HEAD
tunable_policy(`httpd_use_nfs',`
fs_list_auto_mountpoints(httpd_t)
fs_manage_nfs_dirs(httpd_t)
@@ -983,8 +763,6 @@ tunable_policy(`httpd_use_nfs',`
fs_manage_nfs_symlinks(httpd_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_t)
fs_read_cifs_symlinks(httpd_t)
@@ -994,7 +772,6 @@ tunable_policy(`httpd_can_sendmail',`
# allow httpd to connect to mail servers
corenet_tcp_connect_smtp_port(httpd_t)
corenet_sendrecv_smtp_client_packets(httpd_t)
-<<<<<<< HEAD
corenet_tcp_connect_pop_port(httpd_t)
corenet_sendrecv_pop_client_packets(httpd_t)
mta_send_mail(httpd_t)
@@ -1011,14 +788,11 @@ tunable_policy(`httpd_use_fusefs',`
fs_manage_fusefs_dirs(httpd_t)
fs_manage_fusefs_files(httpd_t)
fs_manage_fusefs_symlinks(httpd_t)
-=======
- mta_send_mail(httpd_t)
')
tunable_policy(`httpd_setrlimit',`
allow httpd_t self:process setrlimit;
allow httpd_t self:capability sys_resource;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
tunable_policy(`httpd_ssi_exec',`
@@ -1033,7 +807,6 @@ tunable_policy(`httpd_ssi_exec',`
# to run correctly without this permission, so the permission
# are dontaudited here.
tunable_policy(`httpd_tty_comm',`
-<<<<<<< HEAD
userdom_use_inherited_user_terminals(httpd_t)
userdom_use_inherited_user_terminals(httpd_suexec_t)
',`
@@ -1047,11 +820,6 @@ optional_policy(`
abrt_manage_spool_retrace(httpd_t)
abrt_domtrans_retrace_worker(httpd_t)
abrt_read_config(httpd_t)
-=======
- userdom_use_user_terminals(httpd_t)
-',`
- userdom_dontaudit_use_user_terminals(httpd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
@@ -1063,17 +831,10 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
cobbler_list_config(httpd_t)
cobbler_read_config(httpd_t)
cobbler_read_lib_files(httpd_t)
-
- tunable_policy(`httpd_can_network_connect_cobbler',`
- corenet_tcp_connect_cobbler_port(httpd_t)
- ')
-=======
cobbler_search_lib(httpd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
@@ -1088,7 +849,6 @@ optional_policy(`
daemontools_service_domain(httpd_t, httpd_exec_t)
')
-<<<<<<< HEAD
optional_policy(`
dirsrv_manage_config(httpd_t)
dirsrv_manage_log(httpd_t)
@@ -1101,10 +861,7 @@ optional_policy(`
dirsrvadmin_domtrans_unconfined_script_t(httpd_t)
')
-optional_policy(`
-=======
optional_policy(`
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
dbus_system_bus_client(httpd_t)
tunable_policy(`httpd_dbus_avahi',`
@@ -1113,7 +870,6 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
git_read_generic_system_content_files(httpd_t)
gitosis_read_lib_files(httpd_t)
')
@@ -1121,21 +877,14 @@ optional_policy(`
optional_policy(`
tunable_policy(`httpd_enable_cgi && httpd_use_gpg',`
gpg_domtrans_web(httpd_t)
-=======
- tunable_policy(`httpd_enable_cgi && httpd_use_gpg',`
- gpg_domtrans(httpd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
')
optional_policy(`
-<<<<<<< HEAD
jetty_admin(httpd_t)
')
optional_policy(`
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
kerberos_keytab_template(httpd, httpd_t)
')
@@ -1149,7 +898,6 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
mediawiki_read_tmp_files(httpd_t)
mediawiki_delete_tmp_files(httpd_t)
')
@@ -1165,9 +913,6 @@ optional_policy(`
optional_policy(`
# Allow httpd to work with mysql
mysql_read_config(httpd_t)
-=======
- # Allow httpd to work with mysql
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
mysql_stream_connect(httpd_t)
mysql_rw_db_sockets(httpd_t)
@@ -1178,10 +923,7 @@ optional_policy(`
optional_policy(`
nagios_read_config(httpd_t)
-<<<<<<< HEAD
nagios_read_log(httpd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
@@ -1192,7 +934,6 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
pwauth_domtrans(httpd_t)
')
@@ -1220,8 +961,6 @@ optional_policy(`
')
optional_policy(`
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# Allow httpd to work with postgresql
postgresql_stream_connect(httpd_t)
postgresql_unpriv_client(httpd_t)
@@ -1236,14 +975,11 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
smokeping_read_lib_files(httpd_t)
')
optional_policy(`
files_dontaudit_rw_usr_dirs(httpd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
')
@@ -1256,15 +992,12 @@ optional_policy(`
yam_read_content(httpd_t)
')
-<<<<<<< HEAD
optional_policy(`
zarafa_manage_lib_files(httpd_t)
zarafa_stream_connect_server(httpd_t)
zarafa_search_config(httpd_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# Apache helper local policy
@@ -1278,15 +1011,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
logging_send_syslog_msg(httpd_helper_t)
-<<<<<<< HEAD
userdom_use_inherited_user_terminals(httpd_helper_t)
tunable_policy(`httpd_tty_comm',`
userdom_use_inherited_user_terminals(httpd_helper_t)
')
-=======
-userdom_use_user_terminals(httpd_helper_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
@@ -1324,53 +1053,30 @@ libs_exec_lib_files(httpd_php_t)
userdom_use_unpriv_users_fds(httpd_php_t)
tunable_policy(`httpd_can_network_connect_db',`
-<<<<<<< HEAD
corenet_tcp_connect_firebird_port(httpd_php_t)
corenet_tcp_connect_mssql_port(httpd_php_t)
corenet_sendrecv_mssql_client_packets(httpd_php_t)
corenet_tcp_connect_oracle_port(httpd_php_t)
corenet_sendrecv_oracle_client_packets(httpd_php_t)
-=======
- corenet_tcp_connect_mysqld_port(httpd_t)
- corenet_sendrecv_mysqld_client_packets(httpd_t)
- corenet_tcp_connect_mysqld_port(httpd_sys_script_t)
- corenet_sendrecv_mysqld_client_packets(httpd_sys_script_t)
- corenet_tcp_connect_mysqld_port(httpd_suexec_t)
- corenet_sendrecv_mysqld_client_packets(httpd_suexec_t)
-
- corenet_tcp_connect_mssql_port(httpd_t)
- corenet_sendrecv_mssql_client_packets(httpd_t)
- corenet_tcp_connect_mssql_port(httpd_sys_script_t)
- corenet_sendrecv_mssql_client_packets(httpd_sys_script_t)
- corenet_tcp_connect_mssql_port(httpd_suexec_t)
- corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
mysql_stream_connect(httpd_php_t)
-<<<<<<< HEAD
mysql_rw_db_sockets(httpd_php_t)
mysql_read_config(httpd_php_t)
tunable_policy(`httpd_can_network_connect_db',`
mysql_tcp_connect(httpd_php_t)
')
-=======
- mysql_read_config(httpd_php_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
postgresql_stream_connect(httpd_php_t)
-<<<<<<< HEAD
postgresql_unpriv_client(httpd_php_t)
tunable_policy(`httpd_can_network_connect_db',`
postgresql_tcp_connect(httpd_php_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
########################################
@@ -1380,11 +1086,7 @@ optional_policy(`
allow httpd_suexec_t self:capability { setuid setgid };
allow httpd_suexec_t self:process signal_perms;
-<<<<<<< HEAD
-
allow httpd_suexec_t self:fifo_file rw_fifo_file_perms;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
@@ -1399,33 +1101,26 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
-<<<<<<< HEAD
can_exec(httpd_suexec_t, httpd_sys_script_exec_t)
read_files_pattern(httpd_suexec_t, httpd_user_content_t, httpd_user_content_t)
read_files_pattern(httpd_suexec_t, httpd_user_rw_content_t, httpd_user_rw_content_t)
read_files_pattern(httpd_suexec_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
kernel_read_kernel_sysctls(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
kernel_read_proc_symlinks(httpd_suexec_t)
dev_read_urand(httpd_suexec_t)
-<<<<<<< HEAD
fs_read_iso9660_files(httpd_suexec_t)
fs_search_auto_mountpoints(httpd_suexec_t)
application_exec_all(httpd_suexec_t)
-=======
-fs_search_auto_mountpoints(httpd_suexec_t)
# for shell scripts
corecmd_exec_bin(httpd_suexec_t)
corecmd_exec_shell(httpd_suexec_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
@@ -1456,7 +1151,6 @@ tunable_policy(`httpd_can_network_connect',`
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
-<<<<<<< HEAD
tunable_policy(`httpd_can_network_connect_db',`
corenet_tcp_connect_firebird_port(httpd_suexec_t)
corenet_tcp_connect_mssql_port(httpd_suexec_t)
@@ -1482,15 +1176,6 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
fs_list_auto_mountpoints(httpd_suexec_t)
-=======
-tunable_policy(`httpd_enable_cgi && httpd_unified',`
- allow httpd_sys_script_t httpdcontent:file entrypoint;
- domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
-
-')
-
-tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
fs_read_nfs_files(httpd_suexec_t)
fs_read_nfs_symlinks(httpd_suexec_t)
fs_exec_nfs_files(httpd_suexec_t)
@@ -1513,7 +1198,6 @@ optional_policy(`
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
-<<<<<<< HEAD
optional_policy(`
mysql_stream_connect(httpd_suexec_t)
mysql_rw_db_sockets(httpd_suexec_t)
@@ -1533,8 +1217,6 @@ optional_policy(`
')
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# Apache system script local policy
@@ -1555,7 +1237,6 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
kernel_read_kernel_sysctls(httpd_sys_script_t)
-<<<<<<< HEAD
files_read_var_symlinks(httpd_sys_script_t)
files_search_var_lib(httpd_sys_script_t)
files_search_spool(httpd_sys_script_t)
@@ -1567,14 +1248,6 @@ apache_domtrans_rotatelogs(httpd_sys_script_t)
auth_use_nsswitch(httpd_sys_script_t)
-=======
-files_search_var_lib(httpd_sys_script_t)
-files_search_spool(httpd_sys_script_t)
-
-# Should we add a boolean?
-apache_domtrans_rotatelogs(httpd_sys_script_t)
-
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
ifdef(`distro_redhat',`
allow httpd_sys_script_t httpd_log_t:file append_file_perms;
')
@@ -1583,7 +1256,6 @@ tunable_policy(`httpd_can_sendmail',`
mta_send_mail(httpd_sys_script_t)
')
-<<<<<<< HEAD
optional_policy(`
tunable_policy(`httpd_can_sendmail && httpd_can_check_spam',`
spamassassin_domtrans_client(httpd_t)
@@ -1616,13 +1288,10 @@ tunable_policy(`httpd_use_nfs',`
fs_exec_nfs_files(httpd_suexec_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
allow httpd_sys_script_t self:tcp_socket create_stream_socket_perms;
allow httpd_sys_script_t self:udp_socket create_socket_perms;
-<<<<<<< HEAD
corenet_tcp_bind_generic_node(httpd_sys_script_t)
corenet_udp_bind_generic_node(httpd_sys_script_t)
corenet_all_recvfrom_unlabeled(httpd_sys_script_t)
@@ -1631,16 +1300,6 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
corenet_udp_sendrecv_generic_if(httpd_sys_script_t)
corenet_tcp_sendrecv_generic_node(httpd_sys_script_t)
corenet_udp_sendrecv_generic_node(httpd_sys_script_t)
-=======
- corenet_tcp_bind_all_nodes(httpd_sys_script_t)
- corenet_udp_bind_all_nodes(httpd_sys_script_t)
- corenet_all_recvfrom_unlabeled(httpd_sys_script_t)
- corenet_all_recvfrom_netlabel(httpd_sys_script_t)
- corenet_tcp_sendrecv_all_if(httpd_sys_script_t)
- corenet_udp_sendrecv_all_if(httpd_sys_script_t)
- corenet_tcp_sendrecv_all_nodes(httpd_sys_script_t)
- corenet_udp_sendrecv_all_nodes(httpd_sys_script_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
corenet_tcp_connect_all_ports(httpd_sys_script_t)
@@ -1648,23 +1307,15 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
')
tunable_policy(`httpd_enable_homedirs',`
-<<<<<<< HEAD
userdom_search_user_home_dirs(httpd_sys_script_t)
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
fs_list_auto_mountpoints(httpd_sys_script_t)
-=======
- userdom_read_user_home_content_files(httpd_sys_script_t)
-')
-
-tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
fs_read_nfs_files(httpd_sys_script_t)
fs_read_nfs_symlinks(httpd_sys_script_t)
')
-<<<<<<< HEAD
tunable_policy(`httpd_read_user_content',`
userdom_read_user_home_content_files(httpd_sys_script_t)
')
@@ -1689,8 +1340,6 @@ tunable_policy(`httpd_use_fusefs',`
fs_exec_fusefs_files(httpd_suexec_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
@@ -1703,26 +1352,20 @@ optional_policy(`
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
-<<<<<<< HEAD
mysql_read_config(httpd_sys_script_t)
tunable_policy(`httpd_can_network_connect_db',`
mysql_tcp_connect(httpd_sys_script_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
postgresql_stream_connect(httpd_sys_script_t)
-<<<<<<< HEAD
postgresql_unpriv_client(httpd_sys_script_t)
tunable_policy(`httpd_can_network_connect_db',`
postgresql_tcp_connect(httpd_sys_script_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
########################################
@@ -1768,18 +1411,14 @@ optional_policy(`
tunable_policy(`httpd_enable_cgi && httpd_unified',`
allow httpd_user_script_t httpdcontent:file entrypoint;
-<<<<<<< HEAD
manage_dirs_pattern(httpd_user_script_t, httpd_user_content_t, httpd_user_content_t)
manage_files_pattern(httpd_user_script_t, httpd_user_content_t, httpd_user_content_t)
manage_dirs_pattern(httpd_user_script_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
manage_files_pattern(httpd_user_script_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
# allow accessing files/dirs below the users home dir
tunable_policy(`httpd_enable_homedirs',`
-<<<<<<< HEAD
userdom_search_user_home_content(httpd_t)
userdom_search_user_home_content(httpd_suexec_t)
userdom_search_user_home_content(httpd_user_script_t)
@@ -1915,9 +1554,3 @@ tunable_policy(`httpd_use_openstack',`
corenet_tcp_connect_glance_port(httpd_sys_script_t)
')
-=======
- userdom_search_user_home_dirs(httpd_t)
- userdom_search_user_home_dirs(httpd_suexec_t)
- userdom_search_user_home_dirs(httpd_user_script_t)
-')
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
diff --git a/apcupsd.fc b/apcupsd.fc
index c63f9bf..f3506be 100644
--- a/apcupsd.fc
+++ b/apcupsd.fc
@@ -1,19 +1,13 @@
/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
-<<<<<<< HEAD
/usr/lib/systemd/system/apcupsd.* -- gen_context(system_u:object_r:apcupsd_unit_file_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
/usr/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
-<<<<<<< HEAD
/var/lock/subsys/apcupsd -- gen_context(system_u:object_r:apcupsd_lock_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
/var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
@@ -23,7 +17,4 @@
/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsimage\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
-<<<<<<< HEAD
/var/www/cgi-bin/apcgui(/.*)? gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
diff --git a/apcupsd.te b/apcupsd.te
index 72f23e2..77e6e19 100644
--- a/apcupsd.te
+++ b/apcupsd.te
@@ -24,12 +24,9 @@ files_tmp_file(apcupsd_tmp_t)
type apcupsd_var_run_t;
files_pid_file(apcupsd_var_run_t)
-<<<<<<< HEAD
type apcupsd_unit_file_t;
systemd_unit_file(apcupsd_unit_file_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# apcupsd local policy
@@ -82,10 +79,7 @@ files_etc_filetrans_etc_runtime(apcupsd_t, file)
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240805
term_use_unallocated_ttys(apcupsd_t)
-<<<<<<< HEAD
term_use_usb_ttys(apcupsd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
#apcupsd runs shutdown, probably need a shutdown domain
init_rw_utmp(apcupsd_t)
@@ -97,24 +91,17 @@ miscfiles_read_localization(apcupsd_t)
sysnet_dns_name_resolve(apcupsd_t)
-<<<<<<< HEAD
userdom_use_inherited_user_ttys(apcupsd_t)
-=======
-userdom_use_user_ttys(apcupsd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
optional_policy(`
hostname_exec(apcupsd_t)
')
optional_policy(`
-<<<<<<< HEAD
shutdown_domtrans(apcupsd_t)
')
optional_policy(`
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
mta_send_mail(apcupsd_t)
mta_system_content(apcupsd_tmp_t)
')
diff --git a/apm.fc b/apm.fc
index fc9706d..f2f0c35 100644
--- a/apm.fc
+++ b/apm.fc
@@ -1,7 +1,4 @@
-<<<<<<< HEAD
/usr/lib/systemd/system/apmd.* -- gen_context(system_u:object_r:apmd_unit_file_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
#
# /usr
diff --git a/apm.if b/apm.if
index 5c510ae..0b668ae 100644
--- a/apm.if
+++ b/apm.if
@@ -52,12 +52,7 @@ interface(`apm_write_pipes',`
type apmd_t;
')
-<<<<<<< HEAD
- allow $1 apmd_t:fd use;
- allow $1 apmd_t:fifo_file write_fifo_file_perms;
-=======
allow $1 apmd_t:fifo_file write;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
########################################
@@ -94,20 +89,12 @@ interface(`apm_append_log',`
')
logging_search_logs($1)
-<<<<<<< HEAD
allow $1 apmd_log_t:file append_file_perms;
-=======
- allow $1 apmd_log_t:file append;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
########################################
##
-<<<<<<< HEAD
-## Connect to apmd over a unix stream socket.
-=======
## Connect to apmd over an unix stream socket.
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
##
##
##
@@ -121,7 +108,6 @@ interface(`apm_stream_connect',`
')
files_search_pids($1)
-<<<<<<< HEAD
stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t)
')
@@ -146,8 +132,4 @@ interface(`apmd_systemctl',`
allow $1 apmd_unit_file_t:service manage_service_perms;
ps_process_pattern($1, apmd_t)
-=======
- allow $1 apmd_var_run_t:sock_file write;
- allow $1 apmd_t:unix_stream_socket connectto;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
diff --git a/apm.te b/apm.te
index 851b996..13a6f08 100644
--- a/apm.te
+++ b/apm.te
@@ -4,10 +4,7 @@ policy_module(apm, 1.11.0)
#
# Declarations
#
-<<<<<<< HEAD
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
type apmd_t;
type apmd_exec_t;
init_daemon_domain(apmd_t, apmd_exec_t)
@@ -36,12 +33,9 @@ ifdef(`distro_suse',`
files_type(apmd_var_lib_t)
')
-<<<<<<< HEAD
type apmd_unit_file_t;
systemd_unit_file(apmd_unit_file_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# apm client Local policy
@@ -55,11 +49,7 @@ dev_rw_apm_bios(apm_t)
fs_getattr_xattr_fs(apm_t)
-<<<<<<< HEAD
term_use_all_inherited_terms(apm_t)
-=======
-term_use_all_terms(apm_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
domain_use_interactive_fds(apm_t)
@@ -73,16 +63,10 @@ logging_send_syslog_msg(apm_t)
# mknod: controlling an orderly resume of PCMCIA requires creating device
# nodes 254,{0,1,2} for some reason.
allow apmd_t self:capability { sys_admin sys_nice sys_time kill mknod };
-<<<<<<< HEAD
dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_tty_config };
allow apmd_t self:process { signal_perms getsession };
allow apmd_t self:fifo_file rw_fifo_file_perms;
allow apmd_t self:netlink_socket create_socket_perms;
-=======
-dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_ptrace sys_tty_config };
-allow apmd_t self:process { signal_perms getsession };
-allow apmd_t self:fifo_file rw_fifo_file_perms;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
allow apmd_t self:unix_dgram_socket create_socket_perms;
allow apmd_t self:unix_stream_socket create_stream_socket_perms;
@@ -102,11 +86,8 @@ kernel_rw_all_sysctls(apmd_t)
kernel_read_system_state(apmd_t)
kernel_write_proc_files(apmd_t)
-<<<<<<< HEAD
dev_read_input(apmd_t)
dev_read_mouse(apmd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
dev_read_realtime_clock(apmd_t)
dev_read_urand(apmd_t)
dev_rw_apm_bios(apmd_t)
@@ -127,10 +108,7 @@ selinux_search_fs(apmd_t)
corecmd_exec_all_executables(apmd_t)
domain_read_all_domains_state(apmd_t)
-<<<<<<< HEAD
-=======
domain_dontaudit_ptrace_all_domains(apmd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
domain_use_interactive_fds(apmd_t)
domain_dontaudit_getattr_all_sockets(apmd_t)
domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive?
@@ -143,11 +121,8 @@ files_dontaudit_getattr_all_symlinks(apmd_t) # Excessive?
files_dontaudit_getattr_all_pipes(apmd_t) # Excessive?
files_dontaudit_getattr_all_sockets(apmd_t) # Excessive?
-<<<<<<< HEAD
auth_use_nsswitch(apmd_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
init_domtrans_script(apmd_t)
init_rw_utmp(apmd_t)
init_telinit(apmd_t)
@@ -161,15 +136,11 @@ logging_send_audit_msgs(apmd_t)
miscfiles_read_localization(apmd_t)
miscfiles_read_hwdata(apmd_t)
-<<<<<<< HEAD
-seutil_dontaudit_read_config(apmd_t)
-seutil_sigchld_newrole(apmd_t)
-=======
modutils_domtrans_insmod(apmd_t)
modutils_read_module_config(apmd_t)
seutil_dontaudit_read_config(apmd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
+seutil_sigchld_newrole(apmd_t)
userdom_dontaudit_use_unpriv_user_fds(apmd_t)
userdom_dontaudit_search_user_home_dirs(apmd_t)
@@ -181,14 +152,8 @@ ifdef(`distro_redhat',`
can_exec(apmd_t, apmd_var_run_t)
-<<<<<<< HEAD
optional_policy(`
fstools_domtrans(apmd_t)
-=======
- # ifconfig_exec_t needs to be run in its own domain for Red Hat
- optional_policy(`
- sysnet_domtrans_ifconfig(apmd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
@@ -199,7 +164,6 @@ ifdef(`distro_redhat',`
netutils_domtrans(apmd_t)
')
-<<<<<<< HEAD
# ifconfig_exec_t needs to be run in its own domain for Red Hat
optional_policy(`
sssd_search_lib(apmd_t)
@@ -209,8 +173,6 @@ ifdef(`distro_redhat',`
sysnet_domtrans_ifconfig(apmd_t)
')
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
',`
# for ifconfig which is run all the time
kernel_dontaudit_search_sysctl(apmd_t)
@@ -237,15 +199,12 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
devicekit_manage_pid_files(apmd_t)
devicekit_manage_log_files(apmd_t)
devicekit_relabel_log_files(apmd_t)
')
optional_policy(`
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
dbus_system_bus_client(apmd_t)
optional_policy(`
@@ -266,12 +225,7 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
- modutils_domtrans_insmod(apmd_t)
- modutils_read_module_config(apmd_t)
-=======
nscd_socket_use(apmd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
@@ -279,14 +233,9 @@ optional_policy(`
pcmcia_domtrans_cardctl(apmd_t)
')
-<<<<<<< HEAD
optional_policy(`
shutdown_domtrans(apmd_t)
-=======
-optional_policy(`
- seutil_sigchld_newrole(apmd_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
optional_policy(`
@@ -295,13 +244,10 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
-=======
unconfined_domain(apmd_t)
')
optional_policy(`
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
vbetool_domtrans(apmd_t)
')
diff --git a/apt.fc b/apt.fc
index 336fc68..0a29b89 100644
--- a/apt.fc
+++ b/apt.fc
@@ -10,20 +10,12 @@
# package list repository
/var/lib/apt(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0)
-<<<<<<< HEAD
-/var/lib/aptitude(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0)
-=======
/var/lib/aptitude(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# aptitude lock
/var/lock/aptitude gen_context(system_u:object_r:apt_lock_t,s0)
# aptitude log
-<<<<<<< HEAD
-/var/log/aptitude gen_context(system_u:object_r:apt_var_log_t,s0)
-=======
/var/log/aptitude.* gen_context(system_u:object_r:apt_var_log_t,s0)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# dpkg terminal log
/var/log/apt(/.*)? gen_context(system_u:object_r:apt_var_log_t,s0)
diff --git a/apt.te b/apt.te
index a6aefa1..c5a4ce3 100644
--- a/apt.te
+++ b/apt.te
@@ -1,8 +1,4 @@
-<<<<<<< HEAD
-policy_module(apt, 1.6.0)
-=======
policy_module(apt, 1.7.0)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
@@ -125,11 +121,7 @@ fs_getattr_all_fs(apt_t)
term_create_pty(apt_t, apt_devpts_t)
term_list_ptys(apt_t)
-<<<<<<< HEAD
term_use_all_inherited_terms(apt_t)
-=======
-term_use_all_terms(apt_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
libs_exec_ld_so(apt_t)
libs_exec_lib_files(apt_t)
@@ -142,11 +134,7 @@ seutil_use_newrole_fds(apt_t)
sysnet_read_config(apt_t)
-<<<<<<< HEAD
userdom_use_inherited_user_terminals(apt_t)
-=======
-userdom_use_user_terminals(apt_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
# with boolean, for cron-apt and such?
#optional_policy(`
diff --git a/arpwatch.fc b/arpwatch.fc
index fb3dc3a..ab50afe 100644
--- a/arpwatch.fc
+++ b/arpwatch.fc
@@ -1,10 +1,7 @@
/etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
-<<<<<<< HEAD
/usr/lib/systemd/system/arpwatch.* -- gen_context(system_u:object_r:arpwatch_unit_file_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
#
# /usr
#
diff --git a/arpwatch.te b/arpwatch.te
index d77af4e..613f77f 100644
--- a/arpwatch.te
+++ b/arpwatch.te
@@ -21,12 +21,9 @@ files_tmp_file(arpwatch_tmp_t)
type arpwatch_var_run_t;
files_pid_file(arpwatch_var_run_t)
-<<<<<<< HEAD
type arpwatch_unit_file_t;
systemd_unit_file(arpwatch_unit_file_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# Local policy
@@ -40,10 +37,7 @@ allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
allow arpwatch_t self:udp_socket create_socket_perms;
allow arpwatch_t self:packet_socket create_socket_perms;
allow arpwatch_t self:socket create_socket_perms;
-<<<<<<< HEAD
allow arpwatch_t self:netlink_socket create_socket_perms;;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
manage_dirs_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
manage_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
@@ -57,14 +51,9 @@ manage_files_pattern(arpwatch_t, arpwatch_var_run_t, arpwatch_var_run_t)
files_pid_filetrans(arpwatch_t, arpwatch_var_run_t, file)
kernel_read_network_state(arpwatch_t)
-<<<<<<< HEAD
# meminfo
kernel_read_system_state(arpwatch_t)
kernel_read_kernel_sysctls(arpwatch_t)
-=======
-kernel_read_kernel_sysctls(arpwatch_t)
-kernel_list_proc(arpwatch_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
kernel_read_proc_symlinks(arpwatch_t)
kernel_request_load_module(arpwatch_t)
diff --git a/asterisk.if b/asterisk.if
index 039aaf1..313c6e4 100644
--- a/asterisk.if
+++ b/asterisk.if
@@ -39,8 +39,6 @@ interface(`asterisk_stream_connect',`
stream_connect_pattern($1, asterisk_var_run_t, asterisk_var_run_t, asterisk_t)
')
-<<<<<<< HEAD
-=======
#######################################
##
## Allow changing the attributes of the asterisk log files and directories
@@ -82,7 +80,6 @@ interface(`asterisk_setattr_pid_files',`
files_search_pids($1)
')
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
##
## All of the rules required to administrate
@@ -108,7 +105,6 @@ interface(`asterisk_admin',`
type asterisk_initrc_exec_t;
')
-<<<<<<< HEAD
allow $1 asterisk_t:process signal_perms;
ps_process_pattern($1, asterisk_t)
@@ -116,11 +112,6 @@ interface(`asterisk_admin',`
allow $1 asterisk_t:process ptrace;
')
-=======
- allow $1 asterisk_t:process { ptrace signal_perms getattr };
- ps_process_pattern($1, asterisk_t)
-
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 asterisk_initrc_exec_t system_r;
diff --git a/asterisk.te b/asterisk.te
index d0d99f6..1b02605 100644
--- a/asterisk.te
+++ b/asterisk.te
@@ -1,8 +1,4 @@
-<<<<<<< HEAD
-policy_module(asterisk, 1.9.0)
-=======
policy_module(asterisk, 1.10.1)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
@@ -12,10 +8,7 @@ policy_module(asterisk, 1.10.1)
type asterisk_t;
type asterisk_exec_t;
init_daemon_domain(asterisk_t, asterisk_exec_t)
-<<<<<<< HEAD
-=======
application_executable_file(asterisk_exec_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
type asterisk_etc_t;
files_config_file(asterisk_etc_t)
@@ -27,18 +20,11 @@ type asterisk_log_t;
logging_log_file(asterisk_log_t)
type asterisk_spool_t;
-<<<<<<< HEAD
files_spool_file(asterisk_spool_t)
type asterisk_tmp_t;
files_tmp_file(asterisk_tmp_t)
mta_system_content(asterisk_tmp_t)
-=======
-files_type(asterisk_spool_t)
-
-type asterisk_tmp_t;
-files_tmp_file(asterisk_tmp_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
type asterisk_tmpfs_t;
files_tmpfs_file(asterisk_tmpfs_t)
@@ -55,22 +41,13 @@ files_pid_file(asterisk_var_run_t)
#
# dac_override for /var/run/asterisk
-<<<<<<< HEAD
allow asterisk_t self:capability { dac_override chown setgid setuid sys_nice net_admin };
dontaudit asterisk_t self:capability { sys_module sys_tty_config };
-=======
-allow asterisk_t self:capability { dac_override setgid setuid sys_nice net_admin chown };
-dontaudit asterisk_t self:capability sys_tty_config;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
allow asterisk_t self:process { getsched setsched signal_perms getcap setcap };
allow asterisk_t self:fifo_file rw_fifo_file_perms;
allow asterisk_t self:sem create_sem_perms;
allow asterisk_t self:shm create_shm_perms;
-<<<<<<< HEAD
-allow asterisk_t self:unix_stream_socket connectto;
-=======
allow asterisk_t self:unix_stream_socket { connectto listen accept };
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
allow asterisk_t self:tcp_socket create_stream_socket_perms;
allow asterisk_t self:udp_socket create_socket_perms;
@@ -109,13 +86,6 @@ manage_sock_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
files_pid_filetrans(asterisk_t, asterisk_var_run_t, { dir file })
kernel_read_network_state(asterisk_t)
-=======
-manage_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
-manage_fifo_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
-manage_sock_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
-files_pid_filetrans(asterisk_t, asterisk_var_run_t, file)
-
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
kernel_read_system_state(asterisk_t)
kernel_read_kernel_sysctls(asterisk_t)
kernel_request_load_module(asterisk_t)
@@ -143,7 +113,6 @@ corenet_tcp_bind_generic_port(asterisk_t)
corenet_udp_bind_generic_port(asterisk_t)
corenet_dontaudit_udp_bind_all_ports(asterisk_t)
corenet_sendrecv_generic_server_packets(asterisk_t)
-<<<<<<< HEAD
corenet_tcp_connect_festival_port(asterisk_t)
corenet_tcp_connect_jabber_client_port(asterisk_t)
corenet_tcp_connect_pktcable_port(asterisk_t)
@@ -151,11 +120,6 @@ corenet_tcp_connect_postgresql_port(asterisk_t)
corenet_tcp_connect_snmp_port(asterisk_t)
corenet_tcp_connect_sip_port(asterisk_t)
corenet_tcp_connect_jabber_client_port(asterisk_t)
-=======
-corenet_tcp_connect_postgresql_port(asterisk_t)
-corenet_tcp_connect_snmp_port(asterisk_t)
-corenet_tcp_connect_sip_port(asterisk_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
dev_rw_generic_usb_dev(asterisk_t)
dev_read_sysfs(asterisk_t)
@@ -171,10 +135,7 @@ files_search_spool(asterisk_t)
# demo files installed in /usr/share/asterisk/sounds/demo-instruct.gsm
# are labeled usr_t
files_read_usr_files(asterisk_t)
-<<<<<<< HEAD
files_dontaudit_search_home(asterisk_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
fs_getattr_all_fs(asterisk_t)
fs_list_inotifyfs(asterisk_t)
diff --git a/authbind.te b/authbind.te
index e78940b..7074612 100644
--- a/authbind.te
+++ b/authbind.te
@@ -1,8 +1,4 @@
-<<<<<<< HEAD
-policy_module(authbind, 1.1.0)
-=======
policy_module(authbind, 1.1.1)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
diff --git a/automount.fc b/automount.fc
index 5bbd044..e4178a4 100644
--- a/automount.fc
+++ b/automount.fc
@@ -4,11 +4,8 @@
/etc/apm/event\.d/autofs -- gen_context(system_u:object_r:automount_exec_t,s0)
/etc/rc\.d/init\.d/autofs -- gen_context(system_u:object_r:automount_initrc_exec_t,s0)
-<<<<<<< HEAD
/usr/lib/systemd/system/autofs.* -- gen_context(system_u:object_r:automount_unit_file_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
#
# /usr
#
diff --git a/automount.if b/automount.if
index 5e0cee7..ef740ef 100644
--- a/automount.if
+++ b/automount.if
@@ -29,10 +29,6 @@ interface(`automount_domtrans',`
##
##
#
-<<<<<<< HEAD
-=======
-#
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
interface(`automount_signal',`
gen_require(`
type automount_t;
@@ -71,12 +67,7 @@ interface(`automount_read_state',`
type automount_t;
')
-<<<<<<< HEAD
- kernel_search_proc($1)
- ps_process_pattern($1, automount_t)
-=======
read_files_pattern($1, automount_t, automount_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
########################################
@@ -112,10 +103,6 @@ interface(`automount_dontaudit_write_pipes',`
type automount_t;
')
-<<<<<<< HEAD
- dontaudit $1 automount_t:fd use;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
dontaudit $1 automount_t:fifo_file write;
')
@@ -135,7 +122,6 @@ interface(`automount_dontaudit_getattr_tmp_dirs',`
type automount_tmp_t;
')
-<<<<<<< HEAD
dontaudit $1 automount_tmp_t:dir getattr_dir_perms;
')
@@ -160,9 +146,6 @@ interface(`automount_systemctl',`
allow $1 automount_unit_file_t:service manage_service_perms;
ps_process_pattern($1, automount_t)
-=======
- dontaudit $1 automount_tmp_t:dir getattr;
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
########################################
@@ -186,7 +169,6 @@ interface(`automount_admin',`
gen_require(`
type automount_t, automount_lock_t, automount_tmp_t;
type automount_var_run_t, automount_initrc_exec_t;
-<<<<<<< HEAD
type automount_unit_file_t;
')
@@ -197,13 +179,6 @@ interface(`automount_admin',`
allow $1 automount_t:process ptrace;
')
-=======
- ')
-
- allow $1 automount_t:process { ptrace signal_perms getattr };
- ps_process_pattern($1, automount_t)
-
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
init_labeled_script_domtrans($1, automount_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 automount_initrc_exec_t system_r;
@@ -217,11 +192,8 @@ interface(`automount_admin',`
files_list_pids($1)
admin_pattern($1, automount_var_run_t)
-<<<<<<< HEAD
automount_systemctl($1)
admin_pattern($1, automount_unit_file_t)
allow $1 automount_unit_file_t:service all_service_perms;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
diff --git a/automount.te b/automount.te
index 8bf66eb..48901a2 100644
--- a/automount.te
+++ b/automount.te
@@ -22,12 +22,9 @@ type automount_tmp_t;
files_tmp_file(automount_tmp_t)
files_mountpoint(automount_tmp_t)
-<<<<<<< HEAD
type automount_unit_file_t;
systemd_unit_file(automount_unit_file_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
# Local policy
@@ -70,10 +67,7 @@ kernel_read_network_state(automount_t)
kernel_list_proc(automount_t)
kernel_dontaudit_search_xen_state(automount_t)
-<<<<<<< HEAD
files_read_usr_files(automount_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
files_search_boot(automount_t)
# Automount is slowly adding all mount functionality internally
files_search_all(automount_t)
@@ -153,13 +147,6 @@ logging_search_logs(automount_t)
miscfiles_read_localization(automount_t)
miscfiles_read_generic_certs(automount_t)
-<<<<<<< HEAD
-=======
-# Run mount in the mount_t domain.
-mount_domtrans(automount_t)
-mount_signal(automount_t)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
-
userdom_dontaudit_use_unpriv_user_fds(automount_t)
userdom_dontaudit_search_user_home_dirs(automount_t)
@@ -168,7 +155,6 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
# Run mount in the mount_t domain.
mount_domtrans(automount_t)
mount_domtrans_showmount(automount_t)
@@ -176,8 +162,6 @@ optional_policy(`
')
optional_policy(`
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
fstools_domtrans(automount_t)
')
diff --git a/avahi.fc b/avahi.fc
index f38992b..010b2bc 100644
--- a/avahi.fc
+++ b/avahi.fc
@@ -1,10 +1,7 @@
/etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
-<<<<<<< HEAD
/usr/lib/systemd/system/avahi.* -- gen_context(system_u:object_r:avahi_unit_file_t,s0)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
/usr/sbin/avahi-daemon -- gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-autoipd -- gen_context(system_u:object_r:avahi_exec_t,s0)
diff --git a/avahi.if b/avahi.if
index 3319864..17b3ecc 100644
--- a/avahi.if
+++ b/avahi.if
@@ -90,10 +90,6 @@ interface(`avahi_dbus_chat',`
class dbus send_msg;
')
-<<<<<<< HEAD
- allow avahi_t $1:file read;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
allow $1 avahi_t:dbus send_msg;
allow avahi_t $1:dbus send_msg;
')
@@ -137,7 +133,6 @@ interface(`avahi_dontaudit_search_pid',`
########################################
##
-<<<<<<< HEAD
## Execute avahi server in the avahi domain.
##
##
@@ -161,8 +156,6 @@ interface(`avahi_systemctl',`
########################################
##
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
## All of the rules required to administrate
## an avahi environment
##
@@ -181,7 +174,6 @@ interface(`avahi_systemctl',`
interface(`avahi_admin',`
gen_require(`
type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
-<<<<<<< HEAD
type avahi_unit_file_t;
')
@@ -192,13 +184,6 @@ interface(`avahi_admin',`
allow $1 avahi_t:process ptrace;
')
-=======
- ')
-
- allow $1 avahi_t:process { ptrace signal_perms };
- ps_process_pattern($1, avahi_t)
-
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
init_labeled_script_domtrans($1, avahi_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 avahi_initrc_exec_t system_r;
@@ -206,11 +191,8 @@ interface(`avahi_admin',`
files_list_pids($1)
admin_pattern($1, avahi_var_run_t)
-<<<<<<< HEAD
avahi_systemctl($1)
admin_pattern($1, avahi_unit_file_t)
allow $1 avahi_unit_file_t:service all_service_perms;
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
')
diff --git a/avahi.te b/avahi.te
index 8d9176d..3b01eed 100644
--- a/avahi.te
+++ b/avahi.te
@@ -17,13 +17,10 @@ files_pid_file(avahi_var_lib_t)
type avahi_var_run_t;
files_pid_file(avahi_var_run_t)
-<<<<<<< HEAD
init_sock_file(avahi_var_run_t)
type avahi_unit_file_t;
systemd_unit_file(avahi_unit_file_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#
@@ -53,10 +50,7 @@ files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
kernel_read_system_state(avahi_t)
kernel_read_kernel_sysctls(avahi_t)
kernel_read_network_state(avahi_t)
-<<<<<<< HEAD
kernel_request_load_module(avahi_t)
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
corecmd_exec_bin(avahi_t)
corecmd_exec_shell(avahi_t)
@@ -115,13 +109,10 @@ optional_policy(`
')
optional_policy(`
-<<<<<<< HEAD
rpcbind_signull(avahi_t)
')
optional_policy(`
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
seutil_sigchld_newrole(avahi_t)
')
diff --git a/awstats.if b/awstats.if
index ad542e6..53f9ba1 100644
--- a/awstats.if
+++ b/awstats.if
@@ -5,7 +5,6 @@
########################################
##
-<<<<<<< HEAD
## Execute the awstats program in the awstats domain.
##
##
@@ -25,8 +24,6 @@ interface(`awstats_domtrans',`
########################################
##
-=======
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
## Read and write awstats unnamed pipes.
##
##
diff --git a/awstats.te b/awstats.te
index dee09de..6bd3ad3 100644
--- a/awstats.te
+++ b/awstats.te
@@ -1,8 +1,4 @@
-<<<<<<< HEAD
-policy_module(awstats, 1.3.1)
-=======
policy_module(awstats, 1.4.0)
->>>>>>> 9f8a6a356b99a19e09256fc37630cd6c22da66b4
########################################
#