feat: add rhel 8 selinux policy files

rhel 8 selinux support Related work items: #181342
BeyondTrust · May 28, 2019 · 4d946b8 · 4d946b8
1 parent 46cacb7
commit 4d946b8
Show file tree

Hide file tree

Showing 7 changed files with 526 additions and 1 deletion.
diff --git a/config/linux/redhat/MakeKitBuild b/config/linux/redhat/MakeKitBuild
@@ -27,7 +27,7 @@ make()
     # - Executing 'make -f /usr/share/selinux/devel/Makefile' in that directory.
 
     # SELinux policy for RedHat Enterprise/CentOS 6.x
-    for distro in 'rhel/7.0' 'rhel/6.0' 'fedora/21' 'fedora/20' 'fedora/19' 'fedora/18' 'fedora/17' 'fedora/16' 'fedora/15' 'fedora/14' 'fedora/13'
+    for distro in 'rhel/8.0' 'rhel/7.0' 'rhel/6.0' 'fedora/21' 'fedora/20' 'fedora/19' 'fedora/18' 'fedora/17' 'fedora/16' 'fedora/15' 'fedora/14' 'fedora/13'
     do
         mk_stage MODE=644 \
             DEST="${MK_DATADIR}/$distro/pbis.te" SOURCE="$distro/pbis.te"

diff --git a/config/linux/redhat/rhel/8.0/pbis.fc b/config/linux/redhat/rhel/8.0/pbis.fc
@@ -0,0 +1 @@
+/opt/pbis/sbin(/.*)?    gen_context(system_u:object_r:bin_t)
diff --git a/config/linux/redhat/rhel/8.0/pbis.if b/config/linux/redhat/rhel/8.0/pbis.if
@@ -0,0 +1,21 @@
+########################################
+## <summary>
+##      Connect to pbis services.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`pbis_client',`
+        gen_require(`
+                type var_lib_t, unconfined_t;
+        ')
+
+        # Client should be allowed to talk to services.
+        allow $1 unconfined_t:unix_stream_socket connectto;
+        allow $1 var_lib_t:sock_file write;
+')
+
+
diff --git a/config/linux/redhat/rhel/8.0/pbis.pp b/config/linux/redhat/rhel/8.0/pbis.pp
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		/opt/pbis/sbin(/.*)? gen_context(system_u:object_r:bin_t)