[selinux-policy: 1119/3172] Change initrc_var_run_t interface noun from script_pid to utmp for clarity.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:41:46 UTC 2010
commit 68228b33003d9dd6163ce2da03af3b50266db6b3
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jan 18 18:08:39 2006 +0000
Change initrc_var_run_t interface noun from script_pid to utmp for clarity.
refpolicy/Changelog | 2 +
refpolicy/policy/modules/admin/firstboot.te | 2 +-
refpolicy/policy/modules/admin/su.if | 4 +-
refpolicy/policy/modules/admin/sudo.if | 2 +-
refpolicy/policy/modules/admin/usermanage.te | 12 +++++-----
refpolicy/policy/modules/apps/irc.if | 4 +-
refpolicy/policy/modules/apps/screen.if | 2 +-
refpolicy/policy/modules/services/apm.te | 2 +-
refpolicy/policy/modules/services/comsat.te | 4 +-
refpolicy/policy/modules/services/cron.te | 6 ++--
refpolicy/policy/modules/services/dovecot.te | 2 +-
refpolicy/policy/modules/services/finger.te | 4 +-
refpolicy/policy/modules/services/howl.te | 2 +-
.../policy/modules/services/networkmanager.te | 2 +-
refpolicy/policy/modules/services/pegasus.te | 2 +-
refpolicy/policy/modules/services/portmap.te | 2 +-
refpolicy/policy/modules/services/postgresql.te | 2 +-
refpolicy/policy/modules/services/ppp.te | 4 +-
refpolicy/policy/modules/services/remotelogin.te | 2 +-
refpolicy/policy/modules/services/rlogin.te | 2 +-
refpolicy/policy/modules/services/sendmail.te | 4 +-
refpolicy/policy/modules/services/snmp.te | 4 +-
refpolicy/policy/modules/services/spamassassin.te | 2 +-
refpolicy/policy/modules/services/ssh.if | 2 +-
refpolicy/policy/modules/services/telnet.te | 2 +-
refpolicy/policy/modules/system/authlogin.te | 4 +-
refpolicy/policy/modules/system/getty.te | 2 +-
refpolicy/policy/modules/system/init.if | 22 ++++++++++----------
refpolicy/policy/modules/system/locallogin.te | 2 +-
refpolicy/policy/modules/system/logging.te | 4 +-
refpolicy/policy/modules/system/selinuxutil.te | 4 +-
refpolicy/policy/modules/system/sysnetwork.te | 2 +-
refpolicy/policy/modules/system/udev.te | 4 +-
refpolicy/policy/modules/system/userdomain.if | 4 +-
34 files changed, 64 insertions(+), 62 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 61fef3c..9a5802c 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Change initrc_var_run_t interface noun from script_pid to utmp,
+ for greater clarity.
- Added modules:
portage
userhelper
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index 634a025..511c65f 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -81,7 +81,7 @@ files_manage_var_files(firstboot_t)
files_manage_var_symlinks(firstboot_t)
init_domtrans_script(firstboot_t)
-init_rw_script_pid(firstboot_t)
+init_rw_utmp(firstboot_t)
libs_use_ld_so(firstboot_t)
libs_use_shared_libs(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index e81bb25..c29a0f2 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -64,7 +64,7 @@ template(`su_restricted_domain_template', `
init_dontaudit_use_fd($1_su_t)
init_dontaudit_use_script_pty($1_su_t)
# Write to utmp.
- init_rw_script_pid($1_su_t)
+ init_rw_utmp($1_su_t)
libs_use_ld_so($1_su_t)
libs_use_shared_libs($1_su_t)
@@ -199,7 +199,7 @@ template(`su_per_userdomain_template',`
init_dontaudit_use_fd($1_su_t)
# Write to utmp.
- init_rw_script_pid($1_su_t)
+ init_rw_utmp($1_su_t)
libs_use_ld_so($1_su_t)
libs_use_shared_libs($1_su_t)
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index 97b9d8f..75a475a 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -121,7 +121,7 @@ template(`sudo_per_userdomain_template',`
# for some PAM modules and for cwd
files_dontaudit_search_home($1_sudo_t)
- init_rw_script_pid($1_sudo_t)
+ init_rw_utmp($1_sudo_t)
libs_use_ld_so($1_sudo_t)
libs_use_shared_libs($1_sudo_t)
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index d971caf..8250da7 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -115,7 +115,7 @@ files_dontaudit_search_var(chfn_t)
# /usr/bin/passwd asks for w access to utmp, but it will operate
# correctly without it. Do not audit write denials to utmp.
-init_dontaudit_rw_script_pid(chfn_t)
+init_dontaudit_rw_utmp(chfn_t)
libs_use_ld_so(chfn_t)
libs_use_shared_libs(chfn_t)
@@ -218,8 +218,8 @@ term_use_all_user_ttys(groupadd_t)
term_use_all_user_ptys(groupadd_t)
init_use_fd(groupadd_t)
-init_read_script_pid(groupadd_t)
-init_dontaudit_write_script_pid(groupadd_t)
+init_read_utmp(groupadd_t)
+init_dontaudit_write_utmp(groupadd_t)
domain_use_wide_inherit_fd(groupadd_t)
@@ -319,7 +319,7 @@ files_relabel_etc_files(passwd_t)
# /usr/bin/passwd asks for w access to utmp, but it will operate
# correctly without it. Do not audit write denials to utmp.
-init_dontaudit_rw_script_pid(passwd_t)
+init_dontaudit_rw_utmp(passwd_t)
libs_use_ld_so(passwd_t)
libs_use_shared_libs(passwd_t)
@@ -413,7 +413,7 @@ files_dontaudit_search_pids(sysadm_passwd_t)
# /usr/bin/passwd asks for w access to utmp, but it will operate
# correctly without it. Do not audit write denials to utmp.
-init_dontaudit_rw_script_pid(sysadm_passwd_t)
+init_dontaudit_rw_utmp(sysadm_passwd_t)
libs_use_ld_so(sysadm_passwd_t)
libs_use_shared_libs(sysadm_passwd_t)
@@ -486,7 +486,7 @@ files_search_var_lib(useradd_t)
files_relabel_etc_files(useradd_t)
init_use_fd(useradd_t)
-init_rw_script_pid(useradd_t)
+init_rw_utmp(useradd_t)
libs_use_ld_so(useradd_t)
libs_use_shared_libs(useradd_t)
diff --git a/refpolicy/policy/modules/apps/irc.if b/refpolicy/policy/modules/apps/irc.if
index 54dfd75..af67fcb 100644
--- a/refpolicy/policy/modules/apps/irc.if
+++ b/refpolicy/policy/modules/apps/irc.if
@@ -123,8 +123,8 @@ template(`irc_per_userdomain_template',`
term_list_ptys($1_irc_t)
# allow utmp access
- init_read_script_pid($1_irc_t)
- init_dontaudit_lock_pid($1_irc_t)
+ init_read_utmp($1_irc_t)
+ init_dontaudit_lock_utmp($1_irc_t)
libs_use_ld_so($1_irc_t)
libs_use_shared_libs($1_irc_t)
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index d49aac3..1f8137b 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -142,7 +142,7 @@ template(`screen_per_userdomain_template',`
auth_dontaudit_exec_utempter($1_screen_t)
# Write to utmp.
- init_rw_script_pid($1_screen_t)
+ init_rw_utmp($1_screen_t)
libs_use_ld_so($1_screen_t)
libs_use_shared_libs($1_screen_t)
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index ca75216..980ce25 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -127,7 +127,7 @@ files_dontaudit_getattr_all_sockets(apmd_t) # Excessive?
init_domtrans_script(apmd_t)
init_use_fd(apmd_t)
init_use_script_pty(apmd_t)
-init_rw_script_pid(apmd_t)
+init_rw_utmp(apmd_t)
init_write_initctl(apmd_t)
libs_exec_ld_so(apmd_t)
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 330a670..27097e9 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -64,8 +64,8 @@ files_list_usr(comsat_t)
files_search_spool(comsat_t)
files_search_home(comsat_t)
-init_read_script_pid(comsat_t)
-init_dontaudit_write_script_pid(comsat_t)
+init_read_utmp(comsat_t)
+init_dontaudit_write_utmp(comsat_t)
libs_use_ld_so(comsat_t)
libs_use_shared_libs(comsat_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index fc2976b..6577ab3 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -120,7 +120,7 @@ files_search_default(crond_t)
init_use_fd(crond_t)
init_use_script_pty(crond_t)
-init_rw_script_pid(crond_t)
+init_rw_utmp(crond_t)
libs_use_ld_so(crond_t)
libs_use_shared_libs(crond_t)
@@ -331,8 +331,8 @@ ifdef(`targeted_policy',`
init_use_fd(system_crond_t)
init_use_script_fd(system_crond_t)
init_use_script_pty(system_crond_t)
- init_read_script_pid(system_crond_t)
- init_dontaudit_rw_script_pid(system_crond_t)
+ init_read_utmp(system_crond_t)
+ init_dontaudit_rw_utmp(system_crond_t)
# prelink tells init to restart it self, we either need to allow or dontaudit
init_write_initctl(system_crond_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 823a61f..68dc0f2 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -99,7 +99,7 @@ files_dontaudit_list_default(dovecot_t)
init_use_fd(dovecot_t)
init_use_script_pty(dovecot_t)
-init_getattr_script_pids(dovecot_t)
+init_getattr_utmp(dovecot_t)
libs_use_ld_so(dovecot_t)
libs_use_shared_libs(dovecot_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 825d418..e8baa56 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -81,8 +81,8 @@ files_search_home(fingerd_t)
files_read_etc_files(fingerd_t)
files_read_etc_runtime_files(fingerd_t)
-init_read_script_pid(fingerd_t)
-init_dontaudit_write_script_pid(fingerd_t)
+init_read_utmp(fingerd_t)
+init_dontaudit_write_utmp(fingerd_t)
init_use_fd(fingerd_t)
init_use_script_pty(fingerd_t)
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index 3b3f1a2..4380f73 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -62,7 +62,7 @@ files_read_etc_files(howl_t)
init_use_fd(howl_t)
init_use_script_pty(howl_t)
-init_rw_script_pid(howl_t)
+init_rw_utmp(howl_t)
libs_use_ld_so(howl_t)
libs_use_shared_libs(howl_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 0f301e5..f0bff54 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -80,7 +80,7 @@ files_read_usr_files(NetworkManager_t)
init_use_fd(NetworkManager_t)
init_use_script_pty(NetworkManager_t)
-init_read_script_pid(NetworkManager_t)
+init_read_utmp(NetworkManager_t)
init_domtrans_script(NetworkManager_t)
libs_use_ld_so(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index daa26b2..6827c71 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -99,7 +99,7 @@ files_read_var_lib_symlinks(pegasus_t)
init_use_fd(pegasus_t)
init_use_script_pty(pegasus_t)
-init_rw_script_pid(pegasus_t)
+init_rw_utmp(pegasus_t)
libs_use_ld_so(pegasus_t)
libs_use_shared_libs(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 87f6ba5..96bcc65 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -187,7 +187,7 @@ domain_dontaudit_use_wide_inherit_fd(portmap_helper_t)
files_read_etc_files(portmap_helper_t)
files_rw_generic_pids(portmap_helper_t)
-init_rw_script_pid(portmap_helper_t)
+init_rw_utmp(portmap_helper_t)
libs_use_ld_so(portmap_helper_t)
libs_use_shared_libs(portmap_helper_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index ca0f3cc..2ddd3fe 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -121,7 +121,7 @@ files_search_etc(postgresql_t)
files_read_etc_runtime_files(postgresql_t)
files_read_usr_files(postgresql_t)
-init_read_script_pid(postgresql_t)
+init_read_utmp(postgresql_t)
init_use_fd(postgresql_t)
init_use_script_pty(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 9ae3a2a..78e63ae 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -153,8 +153,8 @@ files_read_etc_runtime_files(pppd_t)
# for scripts
files_read_etc_files(pppd_t)
-init_read_script_pid(pppd_t)
-init_dontaudit_write_script_pid(pppd_t)
+init_read_utmp(pppd_t)
+init_dontaudit_write_utmp(pppd_t)
init_use_fd(pppd_t)
init_use_script_pty(pppd_t)
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index c31f6cb..759a478 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -99,7 +99,7 @@ files_list_mnt(remote_login_t)
# for when /var/mail is a sym-link
files_read_var_symlink(remote_login_t)
-init_rw_script_pid(remote_login_t)
+init_rw_utmp(remote_login_t)
libs_use_ld_so(remote_login_t)
libs_use_shared_libs(remote_login_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index d019255..6a15af9 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -75,7 +75,7 @@ files_read_etc_runtime_files(rlogind_t)
files_search_home(rlogind_t)
files_search_default(rlogind_t)
-init_rw_script_pid(rlogind_t)
+init_rw_utmp(rlogind_t)
libs_use_ld_so(rlogind_t)
libs_use_shared_libs(rlogind_t)
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 8f23256..9bf1ce3 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -76,8 +76,8 @@ files_read_etc_runtime_files(sendmail_t)
init_use_fd(sendmail_t)
init_use_script_pty(sendmail_t)
# sendmail wants to read /var/run/utmp if the controlling tty is /dev/console
-init_read_script_pid(sendmail_t)
-init_dontaudit_write_script_pid(sendmail_t)
+init_read_utmp(sendmail_t)
+init_dontaudit_write_utmp(sendmail_t)
libs_use_ld_so(sendmail_t)
libs_use_shared_libs(sendmail_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index e27fcbe..373955f 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -97,10 +97,10 @@ storage_dontaudit_read_removable_device(snmpd_t)
term_dontaudit_use_console(snmpd_t)
-init_read_script_pid(snmpd_t)
+init_read_utmp(snmpd_t)
init_use_fd(snmpd_t)
init_use_script_pty(snmpd_t)
-init_dontaudit_write_script_pid(snmpd_t)
+init_dontaudit_write_utmp(snmpd_t)
libs_use_ld_so(snmpd_t)
libs_use_shared_libs(snmpd_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index 1e82f45..853391c 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -99,7 +99,7 @@ files_read_etc_runtime_files(spamd_t)
init_use_fd(spamd_t)
init_use_script_pty(spamd_t)
-init_dontaudit_rw_script_pid(spamd_t)
+init_dontaudit_rw_utmp(spamd_t)
libs_use_ld_so(spamd_t)
libs_use_shared_libs(spamd_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 0da952e..fccc997 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -473,7 +473,7 @@ template(`ssh_server_template', `
files_read_etc_files($1_t)
files_read_etc_runtime_files($1_t)
- init_rw_script_pid($1_t)
+ init_rw_utmp($1_t)
libs_use_ld_so($1_t)
libs_use_shared_libs($1_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 30526a8..8f3c80e 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -74,7 +74,7 @@ files_read_etc_runtime_files(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules?
files_search_home(telnetd_t)
-init_rw_script_pid(telnetd_t)
+init_rw_utmp(telnetd_t)
libs_use_ld_so(telnetd_t)
libs_use_shared_libs(telnetd_t)
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 5911429..7772fc8 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -105,7 +105,7 @@ fs_search_auto_mountpoints(pam_t)
term_use_all_user_ttys(pam_t)
term_use_all_user_ptys(pam_t)
-init_dontaudit_rw_script_pid(pam_t)
+init_dontaudit_rw_utmp(pam_t)
files_read_etc_files(pam_t)
files_list_pids(pam_t)
@@ -289,7 +289,7 @@ term_dontaudit_use_all_user_ttys(utempter_t)
term_dontaudit_use_all_user_ptys(utempter_t)
term_dontaudit_use_ptmx(utempter_t)
-init_rw_script_pid(utempter_t)
+init_rw_utmp(utempter_t)
files_read_etc_files(utempter_t)
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 9c6b1e0..cf2f19d 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -89,7 +89,7 @@ files_rw_generic_pids(getty_t)
files_read_etc_runtime_files(getty_t)
files_read_etc_files(getty_t)
-init_rw_script_pid(getty_t)
+init_rw_utmp(getty_t)
init_use_script_pty(getty_t)
init_dontaudit_use_script_pty(getty_t)
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 081d273..cff6c0f 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -774,7 +774,7 @@ interface(`init_filetrans_script_tmp',`
## Domain allowed access.
## </param>
#
-interface(`init_getattr_script_pids',`
+interface(`init_getattr_utmp',`
gen_require(`
type initrc_var_run_t;
class file getattr;
@@ -785,9 +785,9 @@ interface(`init_getattr_script_pids',`
########################################
#
-# init_read_script_pid(domain)
+# init_read_utmp(domain)
#
-interface(`init_read_script_pid',`
+interface(`init_read_utmp',`
gen_require(`
type initrc_var_run_t;
class file r_file_perms;
@@ -799,9 +799,9 @@ interface(`init_read_script_pid',`
########################################
#
-# init_dontaudit_write_script_pid(domain)
+# init_dontaudit_write_utmp(domain)
#
-interface(`init_dontaudit_write_script_pid',`
+interface(`init_dontaudit_write_utmp',`
gen_require(`
type initrc_var_run_t;
class file { write lock };
@@ -819,7 +819,7 @@ interface(`init_dontaudit_write_script_pid',`
## Domain allowed access.
## </param>
#
-interface(`init_dontaudit_lock_pid',`
+interface(`init_dontaudit_lock_utmp',`
gen_require(`
type initrc_var_run_t;
')
@@ -829,9 +829,9 @@ interface(`init_dontaudit_lock_pid',`
########################################
#
-# init_rw_script_pid(domain)
+# init_rw_utmp(domain)
#
-interface(`init_rw_script_pid',`
+interface(`init_rw_utmp',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
@@ -843,9 +843,9 @@ interface(`init_rw_script_pid',`
########################################
#
-# init_dontaudit_rw_script_pid(domain)
+# init_dontaudit_rw_utmp(domain)
#
-interface(`init_dontaudit_rw_script_pid',`
+interface(`init_dontaudit_rw_utmp',`
gen_require(`
type initrc_var_run_t;
class file rw_file_perms;
@@ -856,7 +856,7 @@ interface(`init_dontaudit_rw_script_pid',`
########################################
## <summary>
-## Manage init files like utmp.
+## Create, read, write, and delete utmp.
## </summary>
## <param name="domain">
## Domain access allowed.
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index e56ea74..bef9e09 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -142,7 +142,7 @@ files_read_world_readable_sockets(local_login_t)
# for when /var/mail is a symlink
files_read_var_symlink(local_login_t)
-init_rw_script_pid(local_login_t)
+init_rw_utmp(local_login_t)
init_dontaudit_use_fd(local_login_t)
libs_use_ld_so(local_login_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 789c9f9..b59549e 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -313,8 +313,8 @@ term_dontaudit_use_console(syslogd_t)
term_write_unallocated_ttys(syslogd_t)
# for sending messages to logged in users
-init_read_script_pid(syslogd_t)
-init_dontaudit_write_script_pid(syslogd_t)
+init_read_utmp(syslogd_t)
+init_dontaudit_write_utmp(syslogd_t)
term_write_all_user_ttys(syslogd_t)
corenet_raw_sendrecv_all_if(syslogd_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 3511922..6cb043e 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -264,7 +264,7 @@ domain_use_wide_inherit_fd(newrole_t)
domain_sigchld_wide_inherit_fd(newrole_t)
# Write to utmp.
-init_rw_script_pid(newrole_t)
+init_rw_utmp(newrole_t)
files_read_etc_files(newrole_t)
files_read_var_files(newrole_t)
@@ -439,7 +439,7 @@ ifdef(`targeted_policy',`',`
init_domtrans_script(run_init_t)
# for utmp
- init_rw_script_pid(run_init_t)
+ init_rw_utmp(run_init_t)
libs_use_ld_so(run_init_t)
libs_use_shared_libs(run_init_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 7189997..38bf6bb 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -133,7 +133,7 @@ files_dontaudit_search_locks(dhcpc_t)
init_use_fd(dhcpc_t)
init_use_script_pty(dhcpc_t)
-init_rw_script_pid(dhcpc_t)
+init_rw_utmp(dhcpc_t)
logging_send_syslog_msg(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 1354cc2..7089cdb 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -115,8 +115,8 @@ files_getattr_generic_locks(udev_t)
files_search_mnt(udev_t)
init_use_fd(udev_t)
-init_read_script_pid(udev_t)
-init_dontaudit_write_script_pid(udev_t)
+init_read_utmp(udev_t)
+init_dontaudit_write_utmp(udev_t)
libs_use_ld_so(udev_t)
libs_use_shared_libs(udev_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 3109ce5..92e377a 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -588,10 +588,10 @@ template(`unpriv_user_template', `
files_read_world_readable_pipes($1_t)
files_read_world_readable_sockets($1_t)
- init_read_script_pid($1_t)
+ init_read_utmp($1_t)
# The library functions always try to open read-write first,
# then fall back to read-only if it fails.
- init_dontaudit_write_script_pid($1_t)
+ init_dontaudit_write_utmp($1_t)
# Stop warnings about access to /dev/console
init_dontaudit_use_fd($1_t)
init_dontaudit_use_script_fd($1_t)
More information about the scm-commits
mailing list