[selinux-policy: 1913/3172] trunk: a pair of tweaks from gentoo systems.

Thu Oct 7 21:50:20 UTC 2010

commit 91d6c921603ba58c2f082dd97e05754cdf2c2e81
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Mar 14 14:55:34 2008 +0000

    trunk: a pair of tweaks from gentoo systems.

 policy/modules/kernel/selinux.te |    3 ++-
 policy/modules/system/getty.te   |   12 ++----------
 2 files changed, 4 insertions(+), 11 deletions(-)
---

diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
index 6daba32..e9cf9d4 100644
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@@ -1,5 +1,5 @@
 
-policy_module(selinux,1.5.0)
+policy_module(selinux,1.5.1)
 
 ########################################
 #
@@ -21,6 +21,7 @@ fs_type(security_t)
 mls_trusted_object(security_t)
 sid security gen_context(system_u:object_r:security_t,mls_systemhigh)
 genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
+genfscon securityfs / gen_context(system_u:object_r:security_t,s0)
 
 neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
 neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index 395d0d6..a43f4a7 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -1,5 +1,5 @@
 
-policy_module(getty,1.5.1)
+policy_module(getty,1.5.2)
 
 ########################################
 #
@@ -103,15 +103,7 @@ miscfiles_read_localization(getty_t)
 ifdef(`distro_gentoo',`
 	# Gentoo default /etc/issue makes agetty
 	# do a DNS lookup for the hostname
-	dontaudit getty_t self:udp_socket create_socket_perms;
-
-	corenet_dontaudit_all_recvfrom_unlabeled(getty_t)
-	corenet_dontaudit_udp_sendrecv_generic_if(getty_t)
-	corenet_dontaudit_udp_sendrecv_all_nodes(getty_t)
-	corenet_dontaudit_udp_sendrecv_dns_port(getty_t)
-	corenet_dontaudit_sendrecv_dns_client_packets(getty_t)
-
-	sysnet_dontaudit_read_config(getty_t)
+	sysnet_dns_name_resolve(getty_t)
 ')
 
 ifdef(`distro_redhat',`
