[selinux-policy: 215/3172] cleanup

Thu Oct 7 19:23:31 UTC 2010

commit cbeef67c1c4e58ffe5301893385277591c103e0d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue May 24 22:22:26 2005 +0000

    cleanup

 refpolicy/policy/modules/system/init.te |   16 ++++++++++------
 refpolicy/policy/modules/system/udev.te |    5 ++++-
 2 files changed, 14 insertions(+), 7 deletions(-)
---

diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 970fa6e..6b38a53 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -75,6 +75,7 @@ files_create_daemon_runtime_data(init_t,init_var_run_t)
 allow init_t initrc_t:process transition;
 allow init_t initrc_exec_t:file { getattr read execute };
 type_transition init_t initrc_exec_t:process initrc_t;
+dontaudit init_t initrc_t:process { noatsecure siginh rlimitinh };
 
 allow init_t self:fifo_file { read write ioctl };
 
@@ -93,28 +94,31 @@ kernel_share_state(init_t)
 
 terminal_use_all_terminals(init_t)
 
+corecommands_chroot(init_t)
+corecommands_execute_general_programs(init_t)
+corecommands_execute_system_programs(init_t)
+
 domain_signal_all_domains(init_t)
 domain_kill_all_domains(init_t)
 
 files_modify_system_runtime_data(init_t)
-
-# file descriptors inherited from the rootfs.
+# file descriptors inherited from the rootfs:
 files_ignore_modify_rootfs_file(init_t)
 files_ignore_modify_rootfs_device(init_t)
 
 libraries_use_dynamic_loader(init_t)
 libraries_use_shared_libraries(init_t)
 
-corecommands_chroot(init_t)
-corecommands_execute_general_programs(init_t)
-corecommands_execute_system_programs(init_t)
-
 logging_send_system_log_message(init_t)
 
 selinux_read_config(init_t)
 
 miscfiles_read_localization(init_t)
 
+tunable_policy(`distro_redhat',`
+filesystem_use_tmpfs_character_devices(init_t)
+')
+
 ########################################
 #
 # the following seem questionable
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 59594ff..9b0d8f1 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -12,9 +12,9 @@ type udev_exec_t;
 type udev_helper_exec_t;
 kernel_make_userland_entrypoint(udev_t,udev_exec_t)
 kernel_make_object_identity_change_constraint_exception(udev_t)
-init_make_daemon_domain(udev_t,udev_exec_t)
 domain_make_entrypoint_file(udev_t,udev_helper_exec_t)
 domain_make_file_descriptors_widely_inheritable(udev_t)
+init_make_daemon_domain(udev_t,udev_exec_t)
 
 type udev_etc_t alias etc_udev_t;
 files_make_file(udev_etc_t)
@@ -99,6 +99,9 @@ selinux_restorecon_transition(udev_t)
 
 modutils_insmod_transition(udev_t)
 
+libraries_use_dynamic_loader(udev_t)
+libraries_use_shared_libraries(udev_t)
+
 logging_send_system_log_message(udev_t)
 
 sysnetwork_ifconfig_transition(udev_t)
