[selinux-policy: 16/3172] use interface to send syslog messages
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:06:22 UTC 2010
commit 5050e500fe9d28112ada3445ecc30005e3e62a14
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 19 20:43:44 2005 +0000
use interface to send syslog messages
refpolicy/policy/modules/system/init.te | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 7a98123..9d91782 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -31,9 +31,6 @@ allow init_t init_var_run_t:file { create getattr read append write setattr unli
allow init_t initrc_t:process transition;
allow init_t initrc_exec_t:file { getattr read execute };
-# Create unix sockets
-allow init_t self:unix_dgram_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
-allow init_t self:unix_stream_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
allow init_t self:fifo_file { read write ioctl };
kernel_transition_from(init_t,init_exec_t)
@@ -68,6 +65,8 @@ corecommands_chroot(init_t)
corecommands_execute_general_programs(init_t)
corecommands_execute_system_programs(init_t)
+logging_send_system_log_message(init_t)
+
selinux_read_config(init_t)
miscfiles_read_localization(init_t)
@@ -243,6 +242,8 @@ files_manage_pseudorandom_saved_seed(initrc_t)
corecommands_execute_general_programs(initrc_t)
corecommands_execute_system_programs(initrc_t)
+logging_send_system_log_message(initrc_t)
+
selinux_read_config(initrc_t)
selinux_read_default_contexts(run_init_t)
More information about the scm-commits
mailing list