[selinux-policy: 502/3172] more targeted policy fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:48:01 UTC 2010
commit 892266ca76fd22c770d6b1b82398b9e32e39cae7
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jul 19 20:26:02 2005 +0000
more targeted policy fixes
refpolicy/policy/modules/system/hotplug.te | 4 +---
refpolicy/policy/modules/system/init.te | 1 +
refpolicy/policy/modules/system/modutils.te | 4 ++++
refpolicy/policy/modules/system/udev.te | 4 ++++
4 files changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 38fff3c..8991f7d 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -123,9 +123,7 @@ ifdef(`distro_redhat', `
')
ifdef(`targeted_policy', `
- term_dontaudit_use_unallocated_tty(hotplug_t)
- term_dontaudit_use_generic_pty(hotplug_t)
- files_dontaudit_read_root_file(hotplug_t)
+ unconfined_domain_template(hotplug_t)
')
optional_policy(`consoletype.te',`
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index ae54049..5d9b6db 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -359,6 +359,7 @@ ifdef(`distro_redhat',`
')
ifdef(`targeted_policy',`
+ unconfined_domain_template(initrc_t)
unconfined_shell_domtrans(initrc_t)
')
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 1309fad..7c99985 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -107,6 +107,10 @@ ifdef(`hide_broken_symptoms',`
dev_dontaudit_rw_cardmgr(insmod_t)
')
+ifdef(`tunable_policy',`
+ unconfined_domain_template(insmod_t)
+')
+
optional_policy(`mount.te',`
mount_domtrans(insmod_t)
')
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index aaa51ce..e0169f3 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -135,6 +135,10 @@ ifdef(`distro_redhat',`
netutils_domtrans(udev_t)
')
+ifdef(`targeted_policy',`
+ unconfined_domain_template(udev_t)
+')
+
optional_policy(`authlogin.te',`
auth_read_pam_console_data(udev_t)
auth_domtrans_pam_console(udev_t)
More information about the scm-commits
mailing list