|
 |
0d5c10 |
From ca2288e312d232d058d6985d541353719a1800e9 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 12 Mar 2019 08:47:50 +0100
|
|
|
0d5c10 |
Subject: [PATCH 1/6] Rename SELinux Boolean docker_connect_any
|
|
|
0d5c10 |
|
|
|
0d5c10 |
The SELinux Boolean docker_connect_any has been renamed to
|
|
|
0d5c10 |
container_connect_any in both RHEL7 and RHEL8.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../sebool_container_connect_any/rule.yml | 16 ++++++++++++++++
|
|
|
0d5c10 |
.../sebool_docker_connect_any/rule.yml | 16 ----------------
|
|
|
0d5c10 |
...ect_any.var => var_container_connect_any.var} | 2 +-
|
|
|
0d5c10 |
rhel7/templates/csv/selinux_booleans.csv | 2 +-
|
|
|
0d5c10 |
rhv4/templates/csv/selinux_booleans.csv | 2 +-
|
|
|
0d5c10 |
5 files changed, 19 insertions(+), 19 deletions(-)
|
|
|
0d5c10 |
create mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_docker_connect_any/rule.yml
|
|
|
0d5c10 |
rename linux_os/guide/system/selinux/selinux-booleans/{var_docker_connect_any.var => var_container_connect_any.var} (86%)
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
|
|
|
0d5c10 |
new file mode 100644
|
|
|
0d5c10 |
index 0000000000..cb715fa66e
|
|
|
0d5c10 |
--- /dev/null
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
|
|
|
0d5c10 |
@@ -0,0 +1,16 @@
|
|
|
0d5c10 |
+documentation_complete: true
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+prodtype: rhel7,rhel8
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+title: 'Disable the container_connect_any SELinux Boolean'
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+description: |-
|
|
|
0d5c10 |
+ By default, the SELinux boolean <tt>container_connect_any</tt> is disabled.
|
|
|
0d5c10 |
+ If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
+ {{{ describe_sebool_disable(sebool="container_connect_any") }}}
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+rationale: ""
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+severity: medium
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+{{{ complete_ocil_entry_sebool_disabled(sebool="container_connect_any") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_docker_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_docker_connect_any/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 7c2a65d076..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_docker_connect_any/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the docker_connect_any SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>docker_connect_any</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="docker_connect_any") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="docker_connect_any") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_docker_connect_any.var b/linux_os/guide/system/selinux/selinux-booleans/var_container_connect_any.var
|
|
|
0d5c10 |
similarity index 86%
|
|
|
0d5c10 |
rename from linux_os/guide/system/selinux/selinux-booleans/var_docker_connect_any.var
|
|
|
0d5c10 |
rename to linux_os/guide/system/selinux/selinux-booleans/var_container_connect_any.var
|
|
|
0d5c10 |
index 24af7183da..baad46a636 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_docker_connect_any.var
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/selinux/selinux-booleans/var_container_connect_any.var
|
|
|
0d5c10 |
@@ -1,6 +1,6 @@
|
|
|
0d5c10 |
documentation_complete: true
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-title: 'docker_connect_any SELinux Boolean'
|
|
|
0d5c10 |
+title: 'container_connect_any SELinux Boolean'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
description: |-
|
|
|
0d5c10 |
default - Default SELinux boolean setting.
|
|
|
0d5c10 |
diff --git a/rhel7/templates/csv/selinux_booleans.csv b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index af220ed80a..fb0fc958c5 100644
|
|
|
0d5c10 |
--- a/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -38,7 +38,7 @@ deny_execmem,use_var
|
|
|
0d5c10 |
deny_ptrace,use_var
|
|
|
0d5c10 |
dhcpc_exec_iptables,use_var
|
|
|
0d5c10 |
dhcpd_use_ldap,use_var
|
|
|
0d5c10 |
-docker_connect_any,use_var
|
|
|
0d5c10 |
+container_connect_any,use_var
|
|
|
0d5c10 |
docker_transition_unconfined,use_var
|
|
|
0d5c10 |
domain_fd_use,use_var
|
|
|
0d5c10 |
domain_kernel_load_modules,use_var
|
|
|
0d5c10 |
diff --git a/rhv4/templates/csv/selinux_booleans.csv b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index af220ed80a..fb0fc958c5 100644
|
|
|
0d5c10 |
--- a/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -38,7 +38,7 @@ deny_execmem,use_var
|
|
|
0d5c10 |
deny_ptrace,use_var
|
|
|
0d5c10 |
dhcpc_exec_iptables,use_var
|
|
|
0d5c10 |
dhcpd_use_ldap,use_var
|
|
|
0d5c10 |
-docker_connect_any,use_var
|
|
|
0d5c10 |
+container_connect_any,use_var
|
|
|
0d5c10 |
docker_transition_unconfined,use_var
|
|
|
0d5c10 |
domain_fd_use,use_var
|
|
|
0d5c10 |
domain_kernel_load_modules,use_var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
From 8707ae7560c1a786b702281592968df28a743a01 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 12 Mar 2019 08:57:23 +0100
|
|
|
0d5c10 |
Subject: [PATCH 2/6] Remove SELinux boolean docker_transition_unconfined
|
|
|
0d5c10 |
|
|
|
0d5c10 |
The SELinux boolean docker_transition_unconfined has been
|
|
|
0d5c10 |
completely removed from SELinux without any replacement.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../var_docker_transition_unconfined.var | 19 -------------------
|
|
|
0d5c10 |
rhel7/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
rhv4/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
4 files changed, 37 deletions(-)
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_docker_transition_unconfined/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_docker_transition_unconfined.var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_docker_transition_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_docker_transition_unconfined/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 16792a395b..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_docker_transition_unconfined/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Enable the docker_transition_unconfined SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>docker_transition_unconfined</tt> is enabled.
|
|
|
0d5c10 |
- If this setting is disabled, it should be enabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_enable(sebool="docker_transition_unconfined") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_enabled(sebool="docker_transition_unconfined") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_docker_transition_unconfined.var b/linux_os/guide/system/selinux/selinux-booleans/var_docker_transition_unconfined.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index cf66e5e915..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_docker_transition_unconfined.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'docker_transition_unconfined SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: true
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/rhel7/templates/csv/selinux_booleans.csv b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index fb0fc958c5..8a5d34cffa 100644
|
|
|
0d5c10 |
--- a/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -39,7 +39,6 @@ deny_ptrace,use_var
|
|
|
0d5c10 |
dhcpc_exec_iptables,use_var
|
|
|
0d5c10 |
dhcpd_use_ldap,use_var
|
|
|
0d5c10 |
container_connect_any,use_var
|
|
|
0d5c10 |
-docker_transition_unconfined,use_var
|
|
|
0d5c10 |
domain_fd_use,use_var
|
|
|
0d5c10 |
domain_kernel_load_modules,use_var
|
|
|
0d5c10 |
entropyd_use_audio,use_var
|
|
|
0d5c10 |
diff --git a/rhv4/templates/csv/selinux_booleans.csv b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index fb0fc958c5..8a5d34cffa 100644
|
|
|
0d5c10 |
--- a/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -39,7 +39,6 @@ deny_ptrace,use_var
|
|
|
0d5c10 |
dhcpc_exec_iptables,use_var
|
|
|
0d5c10 |
dhcpd_use_ldap,use_var
|
|
|
0d5c10 |
container_connect_any,use_var
|
|
|
0d5c10 |
-docker_transition_unconfined,use_var
|
|
|
0d5c10 |
domain_fd_use,use_var
|
|
|
0d5c10 |
domain_kernel_load_modules,use_var
|
|
|
0d5c10 |
entropyd_use_audio,use_var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
From a794b4a365001fbe6b5aed4bf9b8169a6a9dea53 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 12 Mar 2019 09:02:59 +0100
|
|
|
0d5c10 |
Subject: [PATCH 3/6] Remove SELinux boolean ftp_home_dir
|
|
|
0d5c10 |
|
|
|
0d5c10 |
The SELinux boolean ftp_home_dir has been
|
|
|
0d5c10 |
completely removed from SELinux without any replacement.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../sebool_ftp_home_dir/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../selinux-booleans/var_ftp_home_dir.var | 19 -------------------
|
|
|
0d5c10 |
rhel7/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
rhv4/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
4 files changed, 37 deletions(-)
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_ftp_home_dir/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_ftp_home_dir.var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftp_home_dir/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 1836bc059e..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftp_home_dir/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the ftp_home_dir SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>ftp_home_dir</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="ftp_home_dir") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="ftp_home_dir") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_ftp_home_dir.var b/linux_os/guide/system/selinux/selinux-booleans/var_ftp_home_dir.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 5da7175f65..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_ftp_home_dir.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'ftp_home_dir SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/rhel7/templates/csv/selinux_booleans.csv b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index 8a5d34cffa..17a1f51403 100644
|
|
|
0d5c10 |
--- a/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -57,7 +57,6 @@ ftpd_use_cifs,use_var
|
|
|
0d5c10 |
ftpd_use_fusefs,use_var
|
|
|
0d5c10 |
ftpd_use_nfs,use_var
|
|
|
0d5c10 |
ftpd_use_passive_mode,use_var
|
|
|
0d5c10 |
-ftp_home_dir,use_var
|
|
|
0d5c10 |
git_cgi_enable_homedirs,use_var
|
|
|
0d5c10 |
git_cgi_use_cifs,use_var
|
|
|
0d5c10 |
git_cgi_use_nfs,use_var
|
|
|
0d5c10 |
diff --git a/rhv4/templates/csv/selinux_booleans.csv b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index 8a5d34cffa..17a1f51403 100644
|
|
|
0d5c10 |
--- a/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -57,7 +57,6 @@ ftpd_use_cifs,use_var
|
|
|
0d5c10 |
ftpd_use_fusefs,use_var
|
|
|
0d5c10 |
ftpd_use_nfs,use_var
|
|
|
0d5c10 |
ftpd_use_passive_mode,use_var
|
|
|
0d5c10 |
-ftp_home_dir,use_var
|
|
|
0d5c10 |
git_cgi_enable_homedirs,use_var
|
|
|
0d5c10 |
git_cgi_use_cifs,use_var
|
|
|
0d5c10 |
git_cgi_use_nfs,use_var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
From f71a5f81abad89505ac4e4404249cebc5cf39c89 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 12 Mar 2019 09:19:03 +0100
|
|
|
0d5c10 |
Subject: [PATCH 4/6] Remove SELinux boolean virt_sandbox_use_nfs
|
|
|
0d5c10 |
|
|
|
0d5c10 |
The SELinux boolean virt_sandbox_use_nfs has been removed and
|
|
|
0d5c10 |
is superseded by virt_use_nfs which we already have in other
|
|
|
0d5c10 |
rule.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../sebool_virt_sandbox_use_nfs/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../var_virt_sandbox_use_nfs.var | 19 -------------------
|
|
|
0d5c10 |
rhel7/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
rhv4/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
4 files changed, 37 deletions(-)
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_nfs/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_nfs.var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_nfs/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 7d553a85de..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_nfs/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the virt_sandbox_use_nfs SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>virt_sandbox_use_nfs</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="virt_sandbox_use_nfs") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="virt_sandbox_use_nfs") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_nfs.var b/linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_nfs.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index f7a0cd0679..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_nfs.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'virt_sandbox_use_nfs SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/rhel7/templates/csv/selinux_booleans.csv b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index 17a1f51403..aaf2e1a34f 100644
|
|
|
0d5c10 |
--- a/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -268,7 +268,6 @@ virt_sandbox_use_all_caps,use_var
|
|
|
0d5c10 |
virt_sandbox_use_audit,use_var
|
|
|
0d5c10 |
virt_sandbox_use_mknod,use_var
|
|
|
0d5c10 |
virt_sandbox_use_netlink,use_var
|
|
|
0d5c10 |
-virt_sandbox_use_nfs,use_var
|
|
|
0d5c10 |
virt_sandbox_use_samba,use_var
|
|
|
0d5c10 |
virt_sandbox_use_sys_admin,use_var
|
|
|
0d5c10 |
virt_transition_userdomain,use_var
|
|
|
0d5c10 |
diff --git a/rhv4/templates/csv/selinux_booleans.csv b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index 17a1f51403..aaf2e1a34f 100644
|
|
|
0d5c10 |
--- a/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -268,7 +268,6 @@ virt_sandbox_use_all_caps,use_var
|
|
|
0d5c10 |
virt_sandbox_use_audit,use_var
|
|
|
0d5c10 |
virt_sandbox_use_mknod,use_var
|
|
|
0d5c10 |
virt_sandbox_use_netlink,use_var
|
|
|
0d5c10 |
-virt_sandbox_use_nfs,use_var
|
|
|
0d5c10 |
virt_sandbox_use_samba,use_var
|
|
|
0d5c10 |
virt_sandbox_use_sys_admin,use_var
|
|
|
0d5c10 |
virt_transition_userdomain,use_var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
From 7afaf886cd99437a09b6aedd9e375ee1162155c6 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 12 Mar 2019 09:27:35 +0100
|
|
|
0d5c10 |
Subject: [PATCH 5/6] Remove SELinux boolean virt_sandbox_use_samba
|
|
|
0d5c10 |
|
|
|
0d5c10 |
The SELinux boolean virt_sandbox_use_samba has been removed and
|
|
|
0d5c10 |
is superseded by virt_use_samba which we already have in other
|
|
|
0d5c10 |
rule.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../sebool_virt_sandbox_use_samba/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../var_virt_sandbox_use_samba.var | 19 -------------------
|
|
|
0d5c10 |
rhel7/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
rhv4/templates/csv/selinux_booleans.csv | 1 -
|
|
|
0d5c10 |
4 files changed, 37 deletions(-)
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_samba/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_samba.var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_samba/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index b3ce5feb9e..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_samba/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the virt_sandbox_use_samba SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>virt_sandbox_use_samba</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="virt_sandbox_use_samba") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="virt_sandbox_use_samba") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_samba.var b/linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_samba.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index de370465dd..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_virt_sandbox_use_samba.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'virt_sandbox_use_samba SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/rhel7/templates/csv/selinux_booleans.csv b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index aaf2e1a34f..19a27493db 100644
|
|
|
0d5c10 |
--- a/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -268,7 +268,6 @@ virt_sandbox_use_all_caps,use_var
|
|
|
0d5c10 |
virt_sandbox_use_audit,use_var
|
|
|
0d5c10 |
virt_sandbox_use_mknod,use_var
|
|
|
0d5c10 |
virt_sandbox_use_netlink,use_var
|
|
|
0d5c10 |
-virt_sandbox_use_samba,use_var
|
|
|
0d5c10 |
virt_sandbox_use_sys_admin,use_var
|
|
|
0d5c10 |
virt_transition_userdomain,use_var
|
|
|
0d5c10 |
virt_use_comm,use_var
|
|
|
0d5c10 |
diff --git a/rhv4/templates/csv/selinux_booleans.csv b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index aaf2e1a34f..19a27493db 100644
|
|
|
0d5c10 |
--- a/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -268,7 +268,6 @@ virt_sandbox_use_all_caps,use_var
|
|
|
0d5c10 |
virt_sandbox_use_audit,use_var
|
|
|
0d5c10 |
virt_sandbox_use_mknod,use_var
|
|
|
0d5c10 |
virt_sandbox_use_netlink,use_var
|
|
|
0d5c10 |
-virt_sandbox_use_samba,use_var
|
|
|
0d5c10 |
virt_sandbox_use_sys_admin,use_var
|
|
|
0d5c10 |
virt_transition_userdomain,use_var
|
|
|
0d5c10 |
virt_use_comm,use_var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
From e0287da5af28c3357fa920a16d538ab424bd5392 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 12 Mar 2019 10:13:10 +0100
|
|
|
0d5c10 |
Subject: [PATCH 6/6] Remove sftpd_.* SELinux booleans
|
|
|
0d5c10 |
|
|
|
0d5c10 |
SELinux booleans sftpd_anon_write, sftpd_enable_homedirs,
|
|
|
0d5c10 |
sftpd_full_access, sftpd_write_ssh_home have been removed from SELinux
|
|
|
0d5c10 |
because they were useless because openssh doesn't use sftpd_t type
|
|
|
0d5c10 |
anymore and it uses user's type for sftpd sessions. They haven't been
|
|
|
0d5c10 |
superseded by anything else.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../sebool_sftpd_anon_write/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../sebool_sftpd_enable_homedirs/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../sebool_sftpd_full_access/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../sebool_sftpd_write_ssh_home/rule.yml | 16 ----------------
|
|
|
0d5c10 |
.../selinux-booleans/var_sftpd_anon_write.var | 19 -------------------
|
|
|
0d5c10 |
.../var_sftpd_enable_homedirs.var | 19 -------------------
|
|
|
0d5c10 |
.../var_sftpd_full_access.var | 19 -------------------
|
|
|
0d5c10 |
.../var_sftpd_write_ssh_home.var | 19 -------------------
|
|
|
0d5c10 |
rhel7/templates/csv/selinux_booleans.csv | 4 ----
|
|
|
0d5c10 |
rhv4/templates/csv/selinux_booleans.csv | 4 ----
|
|
|
0d5c10 |
10 files changed, 148 deletions(-)
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_anon_write/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_enable_homedirs/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_full_access/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_write_ssh_home/rule.yml
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_sftpd_anon_write.var
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_sftpd_enable_homedirs.var
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_sftpd_full_access.var
|
|
|
0d5c10 |
delete mode 100644 linux_os/guide/system/selinux/selinux-booleans/var_sftpd_write_ssh_home.var
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_anon_write/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index a5327110f8..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_anon_write/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the sftpd_anon_write SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>sftpd_anon_write</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="sftpd_anon_write") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="sftpd_anon_write") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_enable_homedirs/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index ac52da2773..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_enable_homedirs/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the sftpd_enable_homedirs SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>sftpd_enable_homedirs</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="sftpd_enable_homedirs") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="sftpd_enable_homedirs") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_full_access/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index fff440ff7e..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_full_access/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the sftpd_full_access SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>sftpd_full_access</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="sftpd_full_access") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="sftpd_full_access") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_write_ssh_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_write_ssh_home/rule.yml
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 7b67579eb5..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sftpd_write_ssh_home/rule.yml
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,16 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-prodtype: rhel7,rhel8
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'Disable the sftpd_write_ssh_home SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- By default, the SELinux boolean <tt>sftpd_write_ssh_home</tt> is disabled.
|
|
|
0d5c10 |
- If this setting is enabled, it should be disabled.
|
|
|
0d5c10 |
- {{{ describe_sebool_disable(sebool="sftpd_write_ssh_home") }}}
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-rationale: ""
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-severity: medium
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-{{{ complete_ocil_entry_sebool_disabled(sebool="sftpd_write_ssh_home") }}}
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_anon_write.var b/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_anon_write.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index ec43879c93..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_anon_write.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'sftpd_anon_write SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_enable_homedirs.var b/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_enable_homedirs.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 1ebd92f562..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_enable_homedirs.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'sftpd_enable_homedirs SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_full_access.var b/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_full_access.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index a6d1fc9efc..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_full_access.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'sftpd_full_access SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_write_ssh_home.var b/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_write_ssh_home.var
|
|
|
0d5c10 |
deleted file mode 100644
|
|
|
0d5c10 |
index 67a3f00655..0000000000
|
|
|
0d5c10 |
--- a/linux_os/guide/system/selinux/selinux-booleans/var_sftpd_write_ssh_home.var
|
|
|
0d5c10 |
+++ /dev/null
|
|
|
0d5c10 |
@@ -1,19 +0,0 @@
|
|
|
0d5c10 |
-documentation_complete: true
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-title: 'sftpd_write_ssh_home SELinux Boolean'
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-description: |-
|
|
|
0d5c10 |
- default - Default SELinux boolean setting.
|
|
|
0d5c10 |
-
on - SELinux boolean is enabled.
|
|
|
0d5c10 |
-
off - SELinux boolean is disabled.
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-type: boolean
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-operator: equals
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-interactive: false
|
|
|
0d5c10 |
-
|
|
|
0d5c10 |
-options:
|
|
|
0d5c10 |
- default: false
|
|
|
0d5c10 |
- off: false
|
|
|
0d5c10 |
- on: true
|
|
|
0d5c10 |
diff --git a/rhel7/templates/csv/selinux_booleans.csv b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index 19a27493db..1b55f6db31 100644
|
|
|
0d5c10 |
--- a/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhel7/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -224,10 +224,6 @@ selinuxuser_share_music,use_var
|
|
|
0d5c10 |
selinuxuser_tcp_server,use_var
|
|
|
0d5c10 |
selinuxuser_udp_server,use_var
|
|
|
0d5c10 |
selinuxuser_use_ssh_chroot,use_var
|
|
|
0d5c10 |
-sftpd_anon_write,use_var
|
|
|
0d5c10 |
-sftpd_enable_homedirs,use_var
|
|
|
0d5c10 |
-sftpd_full_access,use_var
|
|
|
0d5c10 |
-sftpd_write_ssh_home,use_var
|
|
|
0d5c10 |
sge_domain_can_network_connect,use_var
|
|
|
0d5c10 |
sge_use_nfs,use_var
|
|
|
0d5c10 |
smartmon_3ware,use_var
|
|
|
0d5c10 |
diff --git a/rhv4/templates/csv/selinux_booleans.csv b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
index 19a27493db..1b55f6db31 100644
|
|
|
0d5c10 |
--- a/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
+++ b/rhv4/templates/csv/selinux_booleans.csv
|
|
|
0d5c10 |
@@ -224,10 +224,6 @@ selinuxuser_share_music,use_var
|
|
|
0d5c10 |
selinuxuser_tcp_server,use_var
|
|
|
0d5c10 |
selinuxuser_udp_server,use_var
|
|
|
0d5c10 |
selinuxuser_use_ssh_chroot,use_var
|
|
|
0d5c10 |
-sftpd_anon_write,use_var
|
|
|
0d5c10 |
-sftpd_enable_homedirs,use_var
|
|
|
0d5c10 |
-sftpd_full_access,use_var
|
|
|
0d5c10 |
-sftpd_write_ssh_home,use_var
|
|
|
0d5c10 |
sge_domain_can_network_connect,use_var
|
|
|
0d5c10 |
sge_use_nfs,use_var
|
|
|
0d5c10 |
smartmon_3ware,use_var
|