[selinux-policy: 502/3172] more targeted policy fixes

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:48:01 UTC 2010 

commit 892266ca76fd22c770d6b1b82398b9e32e39cae7
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Jul 19 20:26:02 2005 +0000

    more targeted policy fixes

 refpolicy/policy/modules/system/hotplug.te  |    4 +---
 refpolicy/policy/modules/system/init.te     |    1 +
 refpolicy/policy/modules/system/modutils.te |    4 ++++
 refpolicy/policy/modules/system/udev.te     |    4 ++++
 4 files changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 38fff3c..8991f7d 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -123,9 +123,7 @@ ifdef(`distro_redhat', `
 ')
 
 ifdef(`targeted_policy', `
-	term_dontaudit_use_unallocated_tty(hotplug_t)
-	term_dontaudit_use_generic_pty(hotplug_t)
-	files_dontaudit_read_root_file(hotplug_t)
+	unconfined_domain_template(hotplug_t)
 ')
 
 optional_policy(`consoletype.te',`
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index ae54049..5d9b6db 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -359,6 +359,7 @@ ifdef(`distro_redhat',`
 ')
 
 ifdef(`targeted_policy',`
+	unconfined_domain_template(initrc_t)
 	unconfined_shell_domtrans(initrc_t)
 ')
 
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 1309fad..7c99985 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -107,6 +107,10 @@ ifdef(`hide_broken_symptoms',`
 	dev_dontaudit_rw_cardmgr(insmod_t)
 ')
 
+ifdef(`tunable_policy',`
+	unconfined_domain_template(insmod_t)
+')
+
 optional_policy(`mount.te',`
 	mount_domtrans(insmod_t)
 ')
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index aaa51ce..e0169f3 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -135,6 +135,10 @@ ifdef(`distro_redhat',`
 	netutils_domtrans(udev_t)
 ')
 
+ifdef(`targeted_policy',`
+	unconfined_domain_template(udev_t)
+')
+
 optional_policy(`authlogin.te',`
 	auth_read_pam_console_data(udev_t)
 	auth_domtrans_pam_console(udev_t)

More information about the scm-commits mailing list