[selinux-policy: 1603/3172] patch from dan Fri, 22 Sep 2006 16:30:34 -0400
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:23:43 UTC 2010
commit 693d4aedb5156a18126cc111c71be586e29a7d6f
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Sep 25 18:53:06 2006 +0000
patch from dan Fri, 22 Sep 2006 16:30:34 -0400
Changelog | 1 +
policy/global_tunables | 7 +++++++
policy/modules/admin/bootloader.fc | 4 +++-
policy/modules/admin/bootloader.te | 2 +-
policy/modules/admin/readahead.te | 4 +++-
policy/modules/kernel/corenetwork.te.in | 4 ++--
policy/modules/kernel/files.fc | 6 +++---
policy/modules/kernel/files.te | 4 +++-
policy/modules/kernel/filesystem.if | 2 +-
policy/modules/kernel/filesystem.te | 2 +-
policy/modules/services/bind.te | 3 ++-
policy/modules/services/cron.fc | 1 +
policy/modules/services/cron.te | 2 +-
policy/modules/services/hal.te | 8 +++++---
policy/modules/services/networkmanager.te | 3 ++-
policy/modules/services/nscd.te | 4 +++-
policy/modules/services/postfix.fc | 1 +
policy/modules/services/postfix.te | 2 +-
policy/modules/services/ssh.te | 5 ++++-
policy/modules/system/init.if | 3 +++
policy/modules/system/init.te | 11 ++++++++++-
policy/modules/system/logging.te | 3 ++-
policy/modules/system/udev.te | 3 ++-
policy/modules/system/userdomain.if | 26 +++++++++++++++++++++++++-
policy/modules/system/userdomain.te | 20 ++++++++++++++------
25 files changed, 101 insertions(+), 30 deletions(-)
---
diff --git a/Changelog b/Changelog
index 3017da4..1d127e0 100644
--- a/Changelog
+++ b/Changelog
@@ -70,6 +70,7 @@
Fri, 01 Sep 2006
Tue, 05 Sep 2006
Wed, 20 Sep 2006
+ Fri, 22 Sep 2006
- Added modules:
afs
amavis (Erich Schubert)
diff --git a/policy/global_tunables b/policy/global_tunables
index 2b98122..2bfe1e7 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -575,6 +575,13 @@ gen_tunable(xdm_sysadm_login,false)
ifdef(`targeted_policy',`
## <desc>
## <p>
+## Allow all daemons the ability to use unallocated ttys
+## </p>
+## </desc>
+gen_tunable(allow_daemons_use_tty,false)
+
+## <desc>
+## <p>
## Allow mount to mount any file
## </p>
## </desc>
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
index bcedf95..31f64c2 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -6,7 +6,9 @@
/usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+#/sbin/grub-.* -- gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
+#/sbin/grubby -- gen_context(system_u:object_r:bootloader_helper_exec_t,s0)
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index a01e35d..fe74751 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -1,5 +1,5 @@
-policy_module(bootloader,1.2.6)
+policy_module(bootloader,1.2.7)
########################################
#
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 7f91460..d635ec2 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -1,5 +1,5 @@
-policy_module(readahead,1.2.1)
+policy_module(readahead,1.2.2)
########################################
#
@@ -52,6 +52,8 @@ fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
fs_read_tmpfs_symlinks(readahead_t)
+mls_file_read_up(readahead_t)
+
term_dontaudit_use_console(readahead_t)
auth_dontaudit_read_shadow(readahead_t)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 65dfdd0..5bdfa08 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
-policy_module(corenetwork,1.1.16)
+policy_module(corenetwork,1.1.17)
########################################
#
@@ -82,7 +82,7 @@ network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0) # 8118 is for privoxy
-network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0)
+network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(i18n_input, tcp,9010,s0)
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index 61d1524..1433644 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -20,7 +20,7 @@ ifdef(`distro_redhat',`
')
ifdef(`distro_suse',`
-/success -- gen_context(system_u:object_r:etc_runtime_t,s0)
+/success -- gen_context(system_u:object_r:etc_runtime_t,s0)
')
#
@@ -49,7 +49,7 @@ ifdef(`distro_suse',`
/etc/blkid(/.*)? gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/fstab\.REVOKE -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/HOSTNAME -- gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/ioctl\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/ioctl\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/issue -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
@@ -58,7 +58,7 @@ ifdef(`distro_suse',`
/etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/reader.conf -- gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/smartd\.conf -- gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/smartd\.conf.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/cups/client\.conf -- gen_context(system_u:object_r:etc_t,s0)
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index e35bab1..a1f2e79 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
-policy_module(files,1.2.18)
+policy_module(files,1.2.19)
########################################
#
@@ -58,6 +58,8 @@ files_type(etc_t)
#
type etc_runtime_t;
files_type(etc_runtime_t)
+#Temporarily in policy until FC5 dissappears
+typealias etc_runtime_t alias firstboot_rw_t;
#
# file_t is the default type of a file that has not yet been
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index c704c3f..ae9c9f6 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -455,7 +455,7 @@ interface(`fs_register_binary_executable_type',`
')
allow $1 binfmt_misc_fs_t:dir { getattr search };
- allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
+ allow $1 binfmt_misc_fs_t:file { getattr ioctl write read };
')
########################################
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index dab2451..402fbb1 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -1,5 +1,5 @@
-policy_module(filesystem,1.3.15)
+policy_module(filesystem,1.3.16)
########################################
#
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 02fdd40..4713119 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
-policy_module(bind,1.1.9)
+policy_module(bind,1.1.10)
########################################
#
@@ -223,6 +223,7 @@ allow ndc_t dnssec_t:lnk_file { getattr read };
allow ndc_t named_t:unix_stream_socket connectto;
allow ndc_t named_conf_t:file { getattr read };
+allow ndc_t named_conf_t:lnk_file { getattr read };
allow ndc_t named_var_run_t:sock_file rw_file_perms;
diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc
index 00f919a..a950c32 100644
--- a/policy/modules/services/cron.fc
+++ b/policy/modules/services/cron.fc
@@ -10,6 +10,7 @@
/usr/sbin/cron(d)? -- gen_context(system_u:object_r:crond_exec_t,s0)
/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0)
+/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/crond\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0)
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 71c5ea7..fe25a50 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -1,5 +1,5 @@
-policy_module(cron,1.3.13)
+policy_module(cron,1.3.14)
gen_require(`
class passwd rootok;
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
index bc7634e..6c9faa1 100644
--- a/policy/modules/services/hal.te
+++ b/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
-policy_module(hal,1.3.13)
+policy_module(hal,1.3.14)
########################################
#
@@ -111,6 +111,10 @@ storage_raw_write_removable_device(hald_t)
storage_raw_read_fixed_disk(hald_t)
storage_raw_write_fixed_disk(hald_t)
+# hal_probe_serial causes these
+term_setattr_unallocated_ttys(hald_t)
+term_dontaudit_use_unallocated_ttys(hald_t)
+
auth_use_nsswitch(hald_t)
init_use_fds(hald_t)
@@ -144,8 +148,6 @@ userdom_dontaudit_search_sysadm_home_dirs(hald_t)
ifdef(`targeted_policy',`
term_dontaudit_use_console(hald_t)
- term_setattr_unallocated_ttys(hald_t)
- term_dontaudit_use_unallocated_ttys(hald_t)
term_dontaudit_use_generic_ptys(hald_t)
files_dontaudit_read_root_files(hald_t)
')
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 6b157e7..3b179f5 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.3.8)
+policy_module(networkmanager,1.3.9)
########################################
#
@@ -163,6 +163,7 @@ optional_policy(`
optional_policy(`
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
+ ppp_signal(NetworkManager_t)
')
optional_policy(`
diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te
index a073fdf..8edef14 100644
--- a/policy/modules/services/nscd.te
+++ b/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
-policy_module(nscd,1.2.8)
+policy_module(nscd,1.2.9)
gen_require(`
class nscd all_nscd_perms;
@@ -89,6 +89,8 @@ domain_use_interactive_fds(nscd_t)
files_read_etc_files(nscd_t)
files_read_generic_tmp_symlinks(nscd_t)
+# Needed to read files created by firstboot "/etc/hesiod.conf"
+files_read_etc_runtime_files(nscd_t)
init_use_fds(nscd_t)
init_use_script_ptys(nscd_t)
diff --git a/policy/modules/services/postfix.fc b/policy/modules/services/postfix.fc
index 696b5c5..3ca65e4 100644
--- a/policy/modules/services/postfix.fc
+++ b/policy/modules/services/postfix.fc
@@ -22,6 +22,7 @@ ifdef(`distro_redhat', `
/usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0)
/usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
+/usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 60a5f71..fb89caf 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
-policy_module(postfix,1.2.13)
+policy_module(postfix,1.2.14)
########################################
#
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 038743a..e24bb9d 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
-policy_module(ssh,1.3.12)
+policy_module(ssh,1.3.13)
########################################
#
@@ -71,12 +71,15 @@ ifdef(`targeted_policy',`
ifdef(`strict_policy',`
# so a tunnel can point to another ssh tunnel
allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
+ allow sshd_t self:key { search link write };
allow sshd_t sshd_tmp_t:dir create_dir_perms;
allow sshd_t sshd_tmp_t:file create_file_perms;
allow sshd_t sshd_tmp_t:sock_file create_file_perms;
files_tmp_filetrans(sshd_t, sshd_tmp_t, { dir file sock_file })
+ kernel_link_key(sshd_t)
+
# for X forwarding
corenet_tcp_bind_xserver_port(sshd_t)
corenet_sendrecv_xserver_server_packets(sshd_t)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 435b60c..22554b4 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -63,8 +63,11 @@ interface(`init_daemon_domain',`
attribute direct_run_init, direct_init, direct_init_entry;
type initrc_t;
role system_r;
+ attribute daemon;
')
+ typeattribute $1 daemon;
+
domain_type($1)
domain_entry_file($1,$2)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index b95fa3d..f6518ec 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
-policy_module(init,1.3.25)
+policy_module(init,1.3.26)
gen_require(`
class passwd rootok;
@@ -16,6 +16,9 @@ attribute direct_run_init;
attribute direct_init;
attribute direct_init_entry;
+# Mark process types as daemons
+attribute daemon;
+
#
# init_t is the domain of the init process.
#
@@ -206,6 +209,7 @@ optional_policy(`
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
allow initrc_t self:capability ~{ sys_admin sys_module };
+dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
# Allow IPC with self
@@ -513,6 +517,11 @@ ifdef(`targeted_policy',`
optional_policy(`
mono_domtrans(initrc_t)
')
+
+ tunable_policy(`allow_daemons_use_tty',`
+ term_use_unallocated_ttys(daemon)
+ term_use_generic_ptys(daemon)
+ ')
',`
# cjp: require doesnt work in the else of optionals :\
# this also would result in a type transition
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index ee6a7d2..c172aec 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
-policy_module(logging,1.3.11)
+policy_module(logging,1.3.12)
########################################
#
@@ -161,6 +161,7 @@ libs_use_shared_libs(auditd_t)
miscfiles_read_localization(auditd_t)
mls_file_read_up(auditd_t)
+mls_file_write_down(auditd_t) # Need to be able to write to /var/run/ directory
mls_rangetrans_target(auditd_t)
seutil_dontaudit_read_config(auditd_t)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 20b7356..591e191 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,5 +1,5 @@
-policy_module(udev,1.3.5)
+policy_module(udev,1.3.6)
########################################
#
@@ -92,6 +92,7 @@ dev_rw_generic_files(udev_t)
dev_delete_generic_files(udev_t)
domain_read_all_domains_state(udev_t)
+domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
files_read_etc_runtime_files(udev_t)
files_read_etc_files(udev_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index d0cd6e1..e98a911 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -4317,6 +4317,7 @@ interface(`userdom_dontaudit_read_sysadm_home_content_files',`
')
dontaudit $1 user_home_dir_t:dir search_dir_perms;
+ dontaudit $1 user_home_t:dir search_dir_perms;
dontaudit $1 user_home_t:file r_file_perms;
',`
gen_require(`
@@ -4324,7 +4325,8 @@ interface(`userdom_dontaudit_read_sysadm_home_content_files',`
')
dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
- dontaudit $1 sysadm_home_t:dir r_file_perms;
+ dontaudit $1 sysadm_home_t:dir search_dir_perms;
+ dontaudit $1 sysadm_home_t:file r_file_perms;
')
')
@@ -5123,6 +5125,28 @@ interface(`userdom_write_unpriv_users_tmp_files',`
########################################
## <summary>
+## Read and write unprivileged user ttys.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_use_unpriv_users_ttys',`
+ ifdef(`targeted_policy',`
+ term_use_unallocated_ttys($1)
+ ',`
+ gen_require(`
+ attribute user_ttynode;
+ ')
+
+ allow $1 user_ttynode:chr_file rw_file_perms;
+ ')
+')
+
+########################################
+## <summary>
## Do not audit attempts to use unprivileged
## user ttys.
## </summary>
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 323c400..6f96406 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
-policy_module(userdomain,1.3.34)
+policy_module(userdomain,1.3.35)
gen_require(`
role sysadm_r, staff_r, user_r;
@@ -111,6 +111,10 @@ ifdef(`strict_policy',`
init_exec(sysadm_t)
+ # Following for sending reboot and wall messages
+ userdom_use_unpriv_users_ptys(sysadm_t)
+ userdom_use_unpriv_users_ttys(sysadm_t)
+
ifdef(`direct_sysadm_daemon',`
optional_policy(`
init_run_daemon(sysadm_t,sysadm_r,admin_terminal)
@@ -128,11 +132,13 @@ ifdef(`strict_policy',`
domain_kill_all_domains(auditadm_t)
seutil_read_bin_policy(auditadm_t)
corecmd_exec_shell(auditadm_t)
+ logging_send_syslog_msg(auditadm_t)
logging_read_generic_logs(auditadm_t)
logging_manage_audit_log(auditadm_t)
logging_manage_audit_config(auditadm_t)
logging_run_auditctl(auditadm_t,auditadm_r,{ auditadm_tty_device_t auditadm_devpts_t })
logging_run_auditd(auditadm_t, auditadm_r, { auditadm_tty_device_t auditadm_devpts_t })
+ userdom_dontaudit_read_sysadm_home_content_files(auditadm_t)
allow secadm_t self:capability dac_override;
corecmd_exec_shell(secadm_t)
@@ -148,6 +154,7 @@ ifdef(`strict_policy',`
logging_read_audit_log(secadm_t)
logging_read_generic_logs(secadm_t)
userdom_dontaudit_append_staff_home_content_files(secadm_t)
+ userdom_dontaudit_read_sysadm_home_content_files(secadm_t)
',`
logging_manage_audit_log(sysadm_t)
logging_manage_audit_config(sysadm_t)
@@ -376,11 +383,12 @@ ifdef(`strict_policy',`
selinux_set_parameters(secadm_t)
seutil_manage_bin_policy(secadm_t)
- seutil_run_checkpolicy(secadm_t,secadm_r,admin_terminal)
- seutil_run_loadpolicy(secadm_t,secadm_r,admin_terminal)
- seutil_run_semanage(secadm_t,secadm_r,admin_terminal)
- seutil_run_setfiles(secadm_t,secadm_r,admin_terminal)
- seutil_run_restorecon(secadm_t,secadm_r,admin_terminal)
+ seutil_run_checkpolicy(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
+ seutil_run_loadpolicy(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
+ seutil_run_semanage(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
+ seutil_run_setfiles(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
+ seutil_run_restorecon(secadm_t,secadm_r,{ secadm_tty_device_t sysadm_devpts_t })
+ logging_send_syslog_msg(secadm_t)
', `
selinux_set_enforce_mode(sysadm_t)
selinux_set_boolean(sysadm_t)
More information about the scm-commits
mailing list