harald/VerityBook
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

iii

Browse source
This commit is contained in:
Harald Hoyer 2019-06-26 17:12:02 +02:00
parent f7296a578d
commit 86450bfafb
4 changed files with 31 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
FedoraBook.te
View file

@ -1,11 +1,15 @@
module FedoraBook 1.0; module FedoraBook 1.0;
require { require {
type policykit_auth_t;
type policykit_t;
type sssd_t;
type system_dbusd_var_run_t; type system_dbusd_var_run_t;
type iscsi_unit_file_t; type iscsi_unit_file_t;
type etc_t; type etc_t;
type systemd_timedated_t; type systemd_timedated_t;
type var_t; type var_t;
type usr_t;
type NetworkManager_t; type NetworkManager_t;
type systemd_networkd_var_run_t; type systemd_networkd_var_run_t;
type default_t; type default_t;
@ -28,13 +32,16 @@ require {
type init_var_run_t; type init_var_run_t;
type svirt_t; type svirt_t;
type user_home_dir_t; type user_home_dir_t;
type chkpwd_t;
type xdm_var_lib_t;
class sock_file { create write };
class file { create getattr map open read relabelfrom relabelto rename setattr unlink write }; class file { create getattr map open read relabelfrom relabelto rename setattr unlink write };
class process { dyntransition setcurrent }; class process { dyntransition setcurrent };
class dir { add_name create getattr read write search mounton }; class dir { add_name create getattr read write search mounton map };
class process2 nnp_transition; class process2 nnp_transition;
class service { reload status stop }; class service { reload status stop };
class dbus send_msg; class dbus send_msg;
class sock_file read; class sock_file { read write };
class lnk_file { getattr read }; class lnk_file { getattr read };
} }
@ -87,6 +94,24 @@ allow useradd_t var_t:file { getattr open read write };
allow xdm_t avahi_t:dbus send_msg; allow xdm_t avahi_t:dbus send_msg;
allow xdm_t getty_var_run_t:file getattr; allow xdm_t getty_var_run_t:file getattr;
allow xdm_t lib_t:service stop; allow xdm_t lib_t:service stop;
allow xdm_t xdm_var_lib_t:dir map;
#============= svirt_t ============== #============= svirt_t ==============
allow svirt_t user_home_dir_t:dir read; allow svirt_t user_home_dir_t:dir read;
#============= chkpwd_t ==============
allow chkpwd_t usr_t:file map;
#============= policykit_auth_t ==============
allow policykit_auth_t var_lib_t:file read;
allow policykit_auth_t var_lib_t:sock_file write;
#============= policykit_t ==============
allow policykit_t var_lib_t:file read;
allow policykit_t var_lib_t:sock_file write;
#============= sssd_t ==============
allow sssd_t var_lib_t:file read;
allow sssd_t var_lib_t:sock_file { create write };

BIN
logo.bmp
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 226 KiB

After

Width:  |  Height:  |  Size: 226 KiB

2
pkglist.txt
View file

@ -1,3 +1,5 @@
toolbox
sssd-kcm
podman podman
ImageMagick ImageMagick
exa exa

3
prepare-root.sh
View file

@ -310,7 +310,6 @@ fi
(( $RET == 0 )) (( $RET == 0 ))
chroot "$sysroot" /usr/bin/systemd-sysusers chroot "$sysroot" /usr/bin/systemd-sysusers
for i in passwd shadow group gshadow subuid subgid; do for i in passwd shadow group gshadow subuid subgid; do
@ -480,6 +479,8 @@ sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/shadow#/cfg/shadow#g;s#/etc/gshado
"$sysroot"/usr/bin/newuidmap \ "$sysroot"/usr/bin/newuidmap \
"$sysroot"/usr/sbin/newusers "$sysroot"/usr/sbin/newusers
chmod u+s "$sysroot"/usr/bin/newgidmap "$sysroot"/usr/bin/newuidmap
sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \ sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \
"$sysroot"/lib*/libc.so.* \ "$sysroot"/lib*/libc.so.* \
"$sysroot"/usr/lib/systemd/libsystemd-shared*.so "$sysroot"/usr/lib/systemd/libsystemd-shared*.so