[selinux-policy: 43/3172] add missing transition dontaudits
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:08:40 UTC 2010
commit b303042477208bfc3113a428fbe26f33593941d2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Apr 25 21:07:59 2005 +0000
add missing transition dontaudits
refpolicy/policy/modules/system/domain.if | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index 9b65ac4..ebcb4d2 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -120,11 +120,12 @@ define(`domain_all_init_domains_transition',`
requires_block_template(domain_all_init_domains_transition_depend,$3)
allow $1 init_domain:process transition;
allow $1 init_domain_entry:file { getattr read execute };
+dontaudit $1 daemon_domain:process { noatsecure siginh rlimitinh };
')
define(`domain_all_init_domains_transition_depend',`
attribute init_domain, init_domain_entry;
-class process transition;
+class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute };
')
@@ -136,11 +137,13 @@ define(`domain_all_daemon_domains_transition',`
requires_block_template(domain_all_daemon_domains_transition_depend,$3)
allow $1 daemon_domain:process transition;
allow $1 daemon_domain_entry:file { getattr read execute };
+allow init_domain $1:fd use;
+dontaudit $1 daemon_domain:process { noatsecure siginh rlimitinh };
')
define(`domain_all_daemon_domains_transition_depend',`
attribute daemon_domain, daemon_domain_entry;
-class process transition;
+class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute };
')
More information about the scm-commits
mailing list