[selinux-policy: 1169/3172] renaming from 20060131 interface review, round 2
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:46:02 UTC 2010
commit 445522dcb0e67bce8e20ae9ece2058d25543169a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jan 31 16:49:43 2006 +0000
renaming from 20060131 interface review, round 2
refpolicy/policy/modules/admin/acct.te | 2 +-
refpolicy/policy/modules/admin/amanda.te | 8 +-
refpolicy/policy/modules/admin/ddcprobe.te | 2 +-
refpolicy/policy/modules/admin/dmesg.te | 2 +-
refpolicy/policy/modules/admin/firstboot.te | 2 +-
refpolicy/policy/modules/admin/kudzu.te | 6 +-
refpolicy/policy/modules/admin/logrotate.te | 2 +-
refpolicy/policy/modules/admin/logwatch.te | 4 +-
refpolicy/policy/modules/admin/portage.if | 4 +-
refpolicy/policy/modules/admin/portage.te | 4 +-
refpolicy/policy/modules/admin/quota.te | 2 +-
refpolicy/policy/modules/admin/readahead.te | 4 +-
refpolicy/policy/modules/admin/rpm.te | 4 +-
refpolicy/policy/modules/admin/su.if | 4 +-
refpolicy/policy/modules/admin/sudo.if | 2 +-
refpolicy/policy/modules/admin/updfstab.te | 2 +-
refpolicy/policy/modules/admin/usermanage.te | 8 +-
refpolicy/policy/modules/admin/vpn.te | 4 +-
refpolicy/policy/modules/apps/java.if | 2 +-
refpolicy/policy/modules/apps/screen.if | 2 +-
refpolicy/policy/modules/apps/userhelper.if | 2 +-
refpolicy/policy/modules/apps/usernetctl.te | 2 +-
refpolicy/policy/modules/apps/webalizer.te | 2 +-
refpolicy/policy/modules/kernel/bootloader.te | 4 +-
refpolicy/policy/modules/kernel/kernel.if | 75 ++++++++++----------
refpolicy/policy/modules/services/apache.te | 6 +-
refpolicy/policy/modules/services/apm.te | 4 +-
refpolicy/policy/modules/services/arpwatch.te | 2 +-
refpolicy/policy/modules/services/automount.te | 4 +-
refpolicy/policy/modules/services/avahi.te | 2 +-
refpolicy/policy/modules/services/bind.te | 6 +-
refpolicy/policy/modules/services/bluetooth.te | 4 +-
refpolicy/policy/modules/services/canna.te | 2 +-
refpolicy/policy/modules/services/comsat.te | 2 +-
refpolicy/policy/modules/services/cpucontrol.te | 4 +-
refpolicy/policy/modules/services/cron.if | 2 +-
refpolicy/policy/modules/services/cron.te | 4 +-
refpolicy/policy/modules/services/cups.te | 10 ++--
refpolicy/policy/modules/services/cvs.te | 2 +-
refpolicy/policy/modules/services/cyrus.te | 4 +-
refpolicy/policy/modules/services/dbskk.te | 2 +-
refpolicy/policy/modules/services/dbus.if | 2 +-
refpolicy/policy/modules/services/dbus.te | 2 +-
refpolicy/policy/modules/services/dhcp.te | 2 +-
refpolicy/policy/modules/services/dictd.te | 2 +-
refpolicy/policy/modules/services/distcc.te | 2 +-
refpolicy/policy/modules/services/dovecot.te | 4 +-
refpolicy/policy/modules/services/fetchmail.te | 2 +-
refpolicy/policy/modules/services/finger.te | 2 +-
refpolicy/policy/modules/services/ftp.te | 2 +-
refpolicy/policy/modules/services/gpm.te | 2 +-
refpolicy/policy/modules/services/hal.te | 6 +-
refpolicy/policy/modules/services/howl.te | 2 +-
refpolicy/policy/modules/services/i18n_input.te | 2 +-
refpolicy/policy/modules/services/inetd.te | 4 +-
refpolicy/policy/modules/services/inn.te | 2 +-
refpolicy/policy/modules/services/irqbalance.te | 4 +-
refpolicy/policy/modules/services/kerberos.te | 4 +-
refpolicy/policy/modules/services/ktalk.te | 2 +-
refpolicy/policy/modules/services/ldap.te | 2 +-
refpolicy/policy/modules/services/lpd.te | 2 +-
refpolicy/policy/modules/services/mailman.if | 2 +-
refpolicy/policy/modules/services/mta.if | 2 +-
refpolicy/policy/modules/services/mysql.te | 2 +-
.../policy/modules/services/networkmanager.te | 2 +-
refpolicy/policy/modules/services/nis.te | 6 +-
refpolicy/policy/modules/services/nscd.te | 2 +-
refpolicy/policy/modules/services/ntp.te | 2 +-
refpolicy/policy/modules/services/openct.te | 2 +-
refpolicy/policy/modules/services/pegasus.te | 4 +-
refpolicy/policy/modules/services/portmap.te | 2 +-
refpolicy/policy/modules/services/postfix.if | 2 +-
refpolicy/policy/modules/services/postfix.te | 4 +-
refpolicy/policy/modules/services/postgresql.te | 4 +-
refpolicy/policy/modules/services/ppp.te | 7 +-
refpolicy/policy/modules/services/privoxy.te | 2 +-
refpolicy/policy/modules/services/procmail.te | 2 +-
refpolicy/policy/modules/services/radius.te | 2 +-
refpolicy/policy/modules/services/radvd.te | 4 +-
refpolicy/policy/modules/services/rdisc.te | 2 +-
refpolicy/policy/modules/services/remotelogin.te | 2 +-
refpolicy/policy/modules/services/rlogin.te | 2 +-
refpolicy/policy/modules/services/roundup.te | 2 +-
refpolicy/policy/modules/services/rpc.if | 4 +-
refpolicy/policy/modules/services/rshd.te | 2 +-
refpolicy/policy/modules/services/rsync.te | 2 +-
refpolicy/policy/modules/services/samba.te | 12 ++--
refpolicy/policy/modules/services/sasl.te | 2 +-
refpolicy/policy/modules/services/sendmail.te | 2 +-
refpolicy/policy/modules/services/slrnpull.te | 2 +-
refpolicy/policy/modules/services/smartmon.te | 2 +-
refpolicy/policy/modules/services/snmp.te | 4 +-
refpolicy/policy/modules/services/spamassassin.if | 4 +-
refpolicy/policy/modules/services/spamassassin.te | 2 +-
refpolicy/policy/modules/services/squid.te | 2 +-
refpolicy/policy/modules/services/ssh.if | 6 +-
refpolicy/policy/modules/services/ssh.te | 2 +-
refpolicy/policy/modules/services/stunnel.te | 2 +-
refpolicy/policy/modules/services/sysstat.te | 6 +-
refpolicy/policy/modules/services/telnet.te | 2 +-
refpolicy/policy/modules/services/tftp.te | 2 +-
refpolicy/policy/modules/services/timidity.te | 2 +-
refpolicy/policy/modules/services/uucp.te | 2 +-
refpolicy/policy/modules/services/xfs.te | 2 +-
refpolicy/policy/modules/services/xserver.if | 6 +-
refpolicy/policy/modules/services/xserver.te | 2 +-
refpolicy/policy/modules/services/zebra.te | 4 +-
refpolicy/policy/modules/system/authlogin.te | 2 +-
refpolicy/policy/modules/system/clock.te | 2 +-
refpolicy/policy/modules/system/fstools.te | 6 +-
refpolicy/policy/modules/system/hotplug.te | 4 +-
refpolicy/policy/modules/system/init.te | 6 +-
refpolicy/policy/modules/system/ipsec.te | 10 ++--
refpolicy/policy/modules/system/iptables.te | 4 +-
refpolicy/policy/modules/system/locallogin.te | 2 +-
refpolicy/policy/modules/system/logging.te | 8 +-
refpolicy/policy/modules/system/lvm.te | 8 +-
refpolicy/policy/modules/system/modutils.te | 6 +-
refpolicy/policy/modules/system/pcmcia.te | 2 +-
refpolicy/policy/modules/system/raid.te | 2 +-
refpolicy/policy/modules/system/selinuxutil.te | 4 +-
refpolicy/policy/modules/system/sysnetwork.te | 2 +-
refpolicy/policy/modules/system/udev.te | 16 ++--
refpolicy/policy/modules/system/userdomain.if | 14 ++--
124 files changed, 252 insertions(+), 252 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/acct.te b/refpolicy/policy/modules/admin/acct.te
index e632a4a..37e9256 100644
--- a/refpolicy/policy/modules/admin/acct.te
+++ b/refpolicy/policy/modules/admin/acct.te
@@ -34,7 +34,7 @@ can_exec(acct_t,acct_exec_t)
kernel_list_proc(acct_t)
kernel_read_system_state(acct_t)
-kernel_read_kernel_sysctl(acct_t)
+kernel_read_kernel_sysctls(acct_t)
dev_read_sysfs(acct_t)
# for SSP
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 046cf69..367ec24 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -123,9 +123,9 @@ allow amanda_t amanda_tmp_t:file create_file_perms;
files_filetrans_tmp(amanda_t, amanda_tmp_t, { file dir })
kernel_read_system_state(amanda_t)
-kernel_read_kernel_sysctl(amanda_t)
-kernel_dontaudit_getattr_unlabeled_file(amanda_t)
-kernel_dontaudit_read_proc_symlink(amanda_t)
+kernel_read_kernel_sysctls(amanda_t)
+kernel_dontaudit_getattr_unlabeled_files(amanda_t)
+kernel_dontaudit_read_proc_symlinks(amanda_t)
# Added for targeted policy
term_use_unallocated_tty(amanda_t)
@@ -216,7 +216,7 @@ allow amanda_recover_t amanda_tmp_t:fifo_file create_file_perms;
files_filetrans_tmp(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file })
kernel_read_system_state(amanda_recover_t)
-kernel_read_kernel_sysctl(amanda_recover_t)
+kernel_read_kernel_sysctls(amanda_recover_t)
corenet_tcp_sendrecv_all_if(amanda_recover_t)
corenet_udp_sendrecv_all_if(amanda_recover_t)
diff --git a/refpolicy/policy/modules/admin/ddcprobe.te b/refpolicy/policy/modules/admin/ddcprobe.te
index 80b4766..8d3e83e 100644
--- a/refpolicy/policy/modules/admin/ddcprobe.te
+++ b/refpolicy/policy/modules/admin/ddcprobe.te
@@ -21,7 +21,7 @@ allow ddcprobe_t self:capability { sys_rawio sys_admin };
allow ddcprobe_t self:process execmem;
kernel_read_system_state(ddcprobe_t)
-kernel_read_kernel_sysctl(ddcprobe_t)
+kernel_read_kernel_sysctls(ddcprobe_t)
kernel_change_ring_buffer_level(ddcprobe_t)
bootloader_search_kernel_modules(ddcprobe_t)
diff --git a/refpolicy/policy/modules/admin/dmesg.te b/refpolicy/policy/modules/admin/dmesg.te
index 047571a..6aa6d26 100644
--- a/refpolicy/policy/modules/admin/dmesg.te
+++ b/refpolicy/policy/modules/admin/dmesg.te
@@ -31,7 +31,7 @@ ifdef(`strict_policy',`
allow dmesg_t self:process signal_perms;
- kernel_read_kernel_sysctl(dmesg_t)
+ kernel_read_kernel_sysctls(dmesg_t)
kernel_read_ring_buffer(dmesg_t)
kernel_clear_ring_buffer(dmesg_t)
kernel_change_ring_buffer_level(dmesg_t)
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index 511c65f..3df58b1 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -46,7 +46,7 @@ files_filetrans_etc(firstboot_t,firstboot_rw_t,file)
unconfined_domain_template(firstboot_t)
kernel_read_system_state(firstboot_t)
-kernel_read_kernel_sysctl(firstboot_t)
+kernel_read_kernel_sysctls(firstboot_t)
corenet_tcp_sendrecv_all_if(firstboot_t)
corenet_raw_sendrecv_all_if(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/kudzu.te b/refpolicy/policy/modules/admin/kudzu.te
index 7b9647a..09d472e 100644
--- a/refpolicy/policy/modules/admin/kudzu.te
+++ b/refpolicy/policy/modules/admin/kudzu.te
@@ -40,12 +40,12 @@ files_filetrans_pid(kudzu_t,kudzu_var_run_t)
kernel_change_ring_buffer_level(kudzu_t)
kernel_list_proc(kudzu_t)
-kernel_read_device_sysctl(kudzu_t)
-kernel_read_kernel_sysctl(kudzu_t)
+kernel_read_device_sysctls(kudzu_t)
+kernel_read_kernel_sysctls(kudzu_t)
kernel_read_proc_symlinks(kudzu_t)
kernel_read_network_state(kudzu_t)
kernel_read_system_state(kudzu_t)
-kernel_rw_hotplug_sysctl(kudzu_t)
+kernel_rw_hotplug_sysctls(kudzu_t)
kernel_rw_kernel_sysctl(kudzu_t)
bootloader_read_kernel_modules(kudzu_t)
diff --git a/refpolicy/policy/modules/admin/logrotate.te b/refpolicy/policy/modules/admin/logrotate.te
index 686dd57..7ea0fd5 100644
--- a/refpolicy/policy/modules/admin/logrotate.te
+++ b/refpolicy/policy/modules/admin/logrotate.te
@@ -65,7 +65,7 @@ allow logrotate_t logrotate_var_lib_t:file create_file_perms;
files_filetrans_var_lib(logrotate_t, logrotate_var_lib_t)
kernel_read_system_state(logrotate_t)
-kernel_read_kernel_sysctl(logrotate_t)
+kernel_read_kernel_sysctls(logrotate_t)
dev_read_urand(logrotate_t)
diff --git a/refpolicy/policy/modules/admin/logwatch.te b/refpolicy/policy/modules/admin/logwatch.te
index 6a39b5c..28856ea 100644
--- a/refpolicy/policy/modules/admin/logwatch.te
+++ b/refpolicy/policy/modules/admin/logwatch.te
@@ -34,8 +34,8 @@ allow logwatch_t logwatch_tmp_t:dir create_dir_perms;
allow logwatch_t logwatch_tmp_t:file create_file_perms;
files_filetrans_tmp(logwatch_t, logwatch_tmp_t, { file dir })
-kernel_read_fs_sysctl(logwatch_t)
-kernel_read_kernel_sysctl(logwatch_t)
+kernel_read_fs_sysctls(logwatch_t)
+kernel_read_kernel_sysctls(logwatch_t)
kernel_read_system_state(logwatch_t)
corecmd_read_sbin_symlink(logwatch_t)
diff --git a/refpolicy/policy/modules/admin/portage.if b/refpolicy/policy/modules/admin/portage.if
index d5adc90..363ee67 100644
--- a/refpolicy/policy/modules/admin/portage.if
+++ b/refpolicy/policy/modules/admin/portage.if
@@ -135,9 +135,9 @@ template(`portage_compile_domain_template',`
kernel_read_system_state($1_t)
kernel_read_network_state($1_t)
kernel_read_software_raid_state($1_t)
- kernel_getattr_core($1_t)
+ kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
- kernel_read_kernel_sysctl($1_t)
+ kernel_read_kernel_sysctls($1_t)
corecmd_exec_bin($1_t)
corecmd_exec_sbin($1_t)
diff --git a/refpolicy/policy/modules/admin/portage.te b/refpolicy/policy/modules/admin/portage.te
index a73ab9e..e98ff14 100644
--- a/refpolicy/policy/modules/admin/portage.te
+++ b/refpolicy/policy/modules/admin/portage.te
@@ -68,7 +68,7 @@ allow portage_sandbox_t portage_t:process sigchld;
can_exec(portage_t,portage_tmp_t)
# merging baselayout will need this:
-kernel_write_proc_file(portage_t)
+kernel_write_proc_files(portage_t)
domain_dontaudit_read_all_domains_state(portage_t)
@@ -133,7 +133,7 @@ files_filetrans_tmp(portage_fetch_t, portage_fetch_tmp_t, { file dir })
dontaudit portage_fetch_t portage_tmp_t:dir search_dir_perms;
kernel_read_system_state(portage_fetch_t)
-kernel_read_kernel_sysctl(portage_fetch_t)
+kernel_read_kernel_sysctls(portage_fetch_t)
corecmd_exec_bin(portage_fetch_t)
corecmd_exec_sbin(portage_fetch_t)
diff --git a/refpolicy/policy/modules/admin/quota.te b/refpolicy/policy/modules/admin/quota.te
index 2ef2881..2d76768 100644
--- a/refpolicy/policy/modules/admin/quota.te
+++ b/refpolicy/policy/modules/admin/quota.te
@@ -25,7 +25,7 @@ allow quota_t quota_db_t:file { read write quotaon };
kernel_list_proc(quota_t)
kernel_read_proc_symlinks(quota_t)
-kernel_read_kernel_sysctl(quota_t)
+kernel_read_kernel_sysctls(quota_t)
dev_read_sysfs(quota_t)
dev_getattr_all_blk_files(quota_t)
diff --git a/refpolicy/policy/modules/admin/readahead.te b/refpolicy/policy/modules/admin/readahead.te
index 5a53646..dba1942 100644
--- a/refpolicy/policy/modules/admin/readahead.te
+++ b/refpolicy/policy/modules/admin/readahead.te
@@ -25,9 +25,9 @@ allow readahead_t readahead_var_run_t:file create_file_perms;
allow readahead_t readahead_var_run_t:dir rw_dir_perms;
files_filetrans_pid(readahead_t,readahead_var_run_t)
-kernel_read_kernel_sysctl(readahead_t)
+kernel_read_kernel_sysctls(readahead_t)
kernel_read_system_state(readahead_t)
-kernel_dontaudit_getattr_core(readahead_t)
+kernel_dontaudit_getattr_core_if(readahead_t)
dev_read_sysfs(readahead_t)
dev_getattr_generic_chr_files(readahead_t)
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 8ebe034..2a56ed8 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -88,7 +88,7 @@ allow rpm_t rpm_var_lib_t:dir rw_dir_perms;
files_filetrans_var_lib(rpm_t,rpm_var_lib_t,dir)
kernel_read_system_state(rpm_t)
-kernel_read_kernel_sysctl(rpm_t)
+kernel_read_kernel_sysctls(rpm_t)
corenet_tcp_sendrecv_all_if(rpm_t)
corenet_raw_sendrecv_all_if(rpm_t)
@@ -254,7 +254,7 @@ allow rpm_script_t rpm_t:fd use;
allow rpm_script_t rpm_t:fifo_file rw_file_perms;
allow rpm_script_t rpm_t:process sigchld;
-kernel_read_kernel_sysctl(rpm_script_t)
+kernel_read_kernel_sysctls(rpm_script_t)
kernel_read_system_state(rpm_script_t)
dev_list_sysfs(rpm_script_t)
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index c04e59e..f77cf95 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -35,7 +35,7 @@ template(`su_restricted_domain_template', `
allow $1_su_t $2:process sigchld;
kernel_read_system_state($1_su_t)
- kernel_read_kernel_sysctl($1_su_t)
+ kernel_read_kernel_sysctls($1_su_t)
# for SSP
dev_read_urand($1_su_t)
@@ -143,7 +143,7 @@ template(`su_per_userdomain_template',`
allow $1_su_t $2:process sigchld;
kernel_read_system_state($1_su_t)
- kernel_read_kernel_sysctl($1_su_t)
+ kernel_read_kernel_sysctls($1_su_t)
# for SSP
dev_read_urand($1_su_t)
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index 49b17e7..da50571 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -80,7 +80,7 @@ template(`sudo_per_userdomain_template',`
allow $1_sudo_t $2:fifo_file rw_file_perms;
allow $1_sudo_t $2:process sigchld;
- kernel_read_kernel_sysctl($1_sudo_t)
+ kernel_read_kernel_sysctls($1_sudo_t)
kernel_read_system_state($1_sudo_t)
dev_read_urand($1_sudo_t)
diff --git a/refpolicy/policy/modules/admin/updfstab.te b/refpolicy/policy/modules/admin/updfstab.te
index 1dfe289..83b4daf 100644
--- a/refpolicy/policy/modules/admin/updfstab.te
+++ b/refpolicy/policy/modules/admin/updfstab.te
@@ -21,7 +21,7 @@ allow updfstab_t self:process signal_perms;
allow updfstab_t self:fifo_file { getattr read write ioctl };
kernel_use_fd(updfstab_t)
-kernel_read_kernel_sysctl(updfstab_t)
+kernel_read_kernel_sysctls(updfstab_t)
kernel_dontaudit_write_kernel_sysctl(updfstab_t)
# for /proc/partitions
kernel_read_system_state(updfstab_t)
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 8250da7..86c9366 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -80,7 +80,7 @@ allow chfn_t self:unix_dgram_socket sendto;
allow chfn_t self:unix_stream_socket connectto;
kernel_read_system_state(chfn_t)
-kernel_read_kernel_sysctl(chfn_t)
+kernel_read_kernel_sysctls(chfn_t)
selinux_get_fs_mount(chfn_t)
selinux_validate_context(chfn_t)
@@ -285,7 +285,7 @@ allow passwd_t self:msg { send receive };
allow passwd_t crack_db_t:dir r_dir_perms;
allow passwd_t crack_db_t:file r_file_perms;
-kernel_read_kernel_sysctl(passwd_t)
+kernel_read_kernel_sysctls(passwd_t)
# for SSP
dev_read_urand(passwd_t)
@@ -372,7 +372,7 @@ allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
files_filetrans_tmp(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
files_search_var(sysadm_passwd_t)
-kernel_read_kernel_sysctl(sysadm_passwd_t)
+kernel_read_kernel_sysctls(sysadm_passwd_t)
# for /proc/meminfo
kernel_read_system_state(sysadm_passwd_t)
@@ -461,7 +461,7 @@ selinux_compute_create_context(useradd_t)
selinux_compute_relabel_context(useradd_t)
selinux_compute_user_contexts(useradd_t)
# for getting the number of groups
-kernel_read_kernel_sysctl(useradd_t)
+kernel_read_kernel_sysctls(useradd_t)
fs_search_auto_mountpoints(useradd_t)
fs_getattr_xattr_fs(useradd_t)
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index cd23712..f266f9e 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -45,8 +45,8 @@ files_filetrans_pid(vpnc_t,vpnc_var_run_t)
kernel_read_system_state(vpnc_t)
kernel_read_network_state(vpnc_t)
-kernel_read_kernel_sysctl(vpnc_t)
-kernel_rw_net_sysctl(vpnc_t)
+kernel_read_kernel_sysctls(vpnc_t)
+kernel_rw_net_sysctls(vpnc_t)
corenet_tcp_sendrecv_all_if(vpnc_t)
corenet_udp_sendrecv_all_if(vpnc_t)
diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if
index e0e0e26..2088080 100644
--- a/refpolicy/policy/modules/apps/java.if
+++ b/refpolicy/policy/modules/apps/java.if
@@ -75,7 +75,7 @@ template(`java_per_userdomain_template',`
allow $2 $1_javaplugin_t:process { noatsecure siginh rlimitinh };
allow $1_javaplugin_t $2:process signull;
- kernel_read_all_sysctl($1_javaplugin_t)
+ kernel_read_all_sysctls($1_javaplugin_t)
kernel_search_vm_sysctl($1_javaplugin_t)
kernel_read_network_state($1_javaplugin_t)
kernel_read_system_state($1_javaplugin_t)
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index 1f8137b..07b8052 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -94,7 +94,7 @@ template(`screen_per_userdomain_template',`
allow $2 $1_screen_ro_home_t:{ dir file lnk_file } { relabelfrom relabelto };
kernel_read_system_state($1_screen_t)
- kernel_read_kernel_sysctl($1_screen_t)
+ kernel_read_kernel_sysctls($1_screen_t)
corecmd_list_bin($1_screen_t)
corecmd_read_bin_file($1_screen_t)
diff --git a/refpolicy/policy/modules/apps/userhelper.if b/refpolicy/policy/modules/apps/userhelper.if
index 0ba786c..67abfd2 100644
--- a/refpolicy/policy/modules/apps/userhelper.if
+++ b/refpolicy/policy/modules/apps/userhelper.if
@@ -78,7 +78,7 @@ template(`userhelper_per_userdomain_template',`
dontaudit $2 $1_userhelper_t:process signal;
- kernel_read_all_sysctl($1_userhelper_t)
+ kernel_read_all_sysctls($1_userhelper_t)
kernel_getattr_debugfs($1_userhelper_t)
kernel_read_system_state($1_userhelper_t)
diff --git a/refpolicy/policy/modules/apps/usernetctl.te b/refpolicy/policy/modules/apps/usernetctl.te
index ec38a72..4bb7741 100644
--- a/refpolicy/policy/modules/apps/usernetctl.te
+++ b/refpolicy/policy/modules/apps/usernetctl.te
@@ -33,7 +33,7 @@ allow usernetctl_t self:unix_stream_socket connectto;
can_exec(usernetctl_t,usernetctl_exec_t)
kernel_read_system_state(usernetctl_t)
-kernel_read_kernel_sysctl(usernetctl_t)
+kernel_read_kernel_sysctls(usernetctl_t)
corecmd_list_bin(usernetctl_t)
corecmd_exec_bin(usernetctl_t)
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index ffbfbc5..6107487 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -56,7 +56,7 @@ allow webalizer_t webalizer_var_lib_t:file create_file_perms;
allow webalizer_t webalizer_var_lib_t:dir rw_dir_perms;
files_filetrans_var_lib(webalizer_t,webalizer_var_lib_t)
-kernel_read_kernel_sysctl(webalizer_t)
+kernel_read_kernel_sysctls(webalizer_t)
kernel_read_system_state(webalizer_t)
corenet_tcp_sendrecv_all_if(webalizer_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 3f81d4c..c52c8aa 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -95,10 +95,10 @@ allow bootloader_t modules_object_t:dir r_dir_perms;
allow bootloader_t modules_object_t:file r_file_perms;
allow bootloader_t modules_object_t:lnk_file r_file_perms;
-kernel_getattr_core(bootloader_t)
+kernel_getattr_core_if(bootloader_t)
kernel_read_system_state(bootloader_t)
kernel_read_software_raid_state(bootloader_t)
-kernel_read_kernel_sysctl(bootloader_t)
+kernel_read_kernel_sysctls(bootloader_t)
storage_raw_read_fixed_disk(bootloader_t)
storage_raw_write_fixed_disk(bootloader_t)
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index b512d8e..9278bb4 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -158,7 +158,7 @@ interface(`kernel_dontaudit_use_fd',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_pipe',`
+interface(`kernel_rw_pipes',`
gen_require(`
type kernel_t;
')
@@ -174,7 +174,7 @@ interface(`kernel_rw_pipe',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_unix_dgram_socket',`
+interface(`kernel_rw_unix_dgram_sockets',`
gen_require(`
type kernel_t;
')
@@ -190,7 +190,7 @@ interface(`kernel_rw_unix_dgram_socket',`
## Domain allowed access.
## </param>
#
-interface(`kernel_sendto_unix_dgram_socket',`
+interface(`kernel_sendto_unix_dgram_sockets',`
gen_require(`
type kernel_t;
')
@@ -571,7 +571,7 @@ interface(`kernel_read_system_state',`
# file thats writable in proc should really
# have its own label.
#
-interface(`kernel_write_proc_file',`
+interface(`kernel_write_proc_files',`
gen_require(`
type proc_t;
')
@@ -606,7 +606,7 @@ interface(`kernel_dontaudit_read_system_state',`
## The process type not to audit.
## </param>
#
-interface(`kernel_dontaudit_read_proc_symlink',`
+interface(`kernel_dontaudit_read_proc_symlinks',`
gen_require(`
type proc_t;
')
@@ -656,7 +656,7 @@ interface(`kernel_rw_software_raid_state',`
## The process type getting the attibutes.
## </param>
#
-interface(`kernel_getattr_core',`
+interface(`kernel_getattr_core_if',`
gen_require(`
type proc_t, proc_kcore_t;
')
@@ -674,7 +674,7 @@ interface(`kernel_getattr_core',`
## The process type to not audit.
## </param>
#
-interface(`kernel_dontaudit_getattr_core',`
+interface(`kernel_dontaudit_getattr_core_if',`
gen_require(`
type proc_kcore_t;
')
@@ -854,7 +854,7 @@ interface(`kernel_read_sysctl',`
## The process type to allow to read the device sysctls.
## </param>
#
-interface(`kernel_read_device_sysctl',`
+interface(`kernel_read_device_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
')
@@ -873,7 +873,7 @@ interface(`kernel_read_device_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_device_sysctl',`
+interface(`kernel_rw_device_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_dev_t;
')
@@ -909,7 +909,7 @@ interface(`kernel_search_vm_sysctl',`
## </param>
##
#
-interface(`kernel_read_vm_sysctl',`
+interface(`kernel_read_vm_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
')
@@ -927,7 +927,7 @@ interface(`kernel_read_vm_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_vm_sysctl',`
+interface(`kernel_rw_vm_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_vm_t;
')
@@ -978,7 +978,7 @@ interface(`kernel_dontaudit_search_network_sysctl',`
## </param>
##
#
-interface(`kernel_read_net_sysctl',`
+interface(`kernel_read_net_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
')
@@ -997,7 +997,7 @@ interface(`kernel_read_net_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_net_sysctl',`
+interface(`kernel_rw_net_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t;
')
@@ -1017,7 +1017,7 @@ interface(`kernel_rw_net_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_unix_sysctl',`
+interface(`kernel_read_unix_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
')
@@ -1037,7 +1037,7 @@ interface(`kernel_read_unix_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_unix_sysctl',`
+interface(`kernel_rw_unix_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
')
@@ -1056,7 +1056,7 @@ interface(`kernel_rw_unix_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_hotplug_sysctl',`
+interface(`kernel_read_hotplug_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
')
@@ -1075,7 +1075,7 @@ interface(`kernel_read_hotplug_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_hotplug_sysctl',`
+interface(`kernel_rw_hotplug_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
')
@@ -1094,7 +1094,7 @@ interface(`kernel_rw_hotplug_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_modprobe_sysctl',`
+interface(`kernel_read_modprobe_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
')
@@ -1113,7 +1113,7 @@ interface(`kernel_read_modprobe_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_modprobe_sysctl',`
+interface(`kernel_rw_modprobe_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
')
@@ -1148,7 +1148,7 @@ interface(`kernel_dontaudit_search_kernel_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_kernel_sysctl',`
+interface(`kernel_read_kernel_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_kernel_t;
')
@@ -1202,7 +1202,7 @@ interface(`kernel_rw_kernel_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_fs_sysctl',`
+interface(`kernel_read_fs_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
')
@@ -1221,7 +1221,7 @@ interface(`kernel_read_fs_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_fs_sysctl',`
+interface(`kernel_rw_fs_sysctls',`
gen_require(`
type proc_t, sysctl_t, sysctl_fs_t;
')
@@ -1240,7 +1240,7 @@ interface(`kernel_rw_fs_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_irq_sysctl',`
+interface(`kernel_read_irq_sysctls',`
gen_require(`
type proc_t, sysctl_irq_t;
')
@@ -1259,7 +1259,7 @@ interface(`kernel_read_irq_sysctl',`
## </param>
##
#
-interface(`kernel_rw_irq_sysctl',`
+interface(`kernel_rw_irq_sysctls',`
gen_require(`
type proc_t, sysctl_irq_t;
')
@@ -1271,9 +1271,9 @@ interface(`kernel_rw_irq_sysctl',`
########################################
#
-# kernel_read_rpc_sysctl(domain)
+# kernel_read_rpc_sysctls(domain)
#
-interface(`kernel_read_rpc_sysctl',`
+interface(`kernel_read_rpc_sysctls',`
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
')
@@ -1286,9 +1286,9 @@ interface(`kernel_read_rpc_sysctl',`
########################################
#
-# kernel_rw_rpc_sysctl(domain)
+# kernel_rw_rpc_sysctls(domain)
#
-interface(`kernel_rw_rpc_sysctl',`
+interface(`kernel_rw_rpc_sysctls',`
gen_require(`
type proc_t, proc_net_t, sysctl_rpc_t;
')
@@ -1307,7 +1307,7 @@ interface(`kernel_rw_rpc_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_read_all_sysctl',`
+interface(`kernel_read_all_sysctls',`
gen_require(`
attribute sysctl_type;
type proc_t, proc_net_t;
@@ -1328,7 +1328,7 @@ interface(`kernel_read_all_sysctl',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_all_sysctl',`
+interface(`kernel_rw_all_sysctls',`
gen_require(`
attribute sysctl_type;
type proc_t, proc_net_t;
@@ -1461,7 +1461,7 @@ interface(`kernel_dontaudit_list_unlabeled',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_unlabeled_dir',`
+interface(`kernel_rw_unlabeled_dirs',`
gen_require(`
type unlabeled_t;
')
@@ -1478,7 +1478,7 @@ interface(`kernel_rw_unlabeled_dir',`
## The process type not to audit.
## </param>
#
-interface(`kernel_dontaudit_getattr_unlabeled_file',`
+interface(`kernel_dontaudit_getattr_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
@@ -1495,7 +1495,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_file',`
## Domain to not audit.
## </param>
#
-interface(`kernel_dontaudit_read_unlabeled_file',`
+interface(`kernel_dontaudit_read_unlabeled_files',`
gen_require(`
type unlabeled_t;
')
@@ -1563,7 +1563,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_sockets',`
## The process type not to audit.
## </param>
#
-interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
+interface(`kernel_dontaudit_getattr_unlabeled_blk_files',`
gen_require(`
type unlabeled_t;
')
@@ -1579,7 +1579,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
## Domain allowed access.
## </param>
#
-interface(`kernel_rw_unlabeled_blk_dev',`
+interface(`kernel_rw_unlabeled_blk_files',`
gen_require(`
type unlabeled_t;
')
@@ -1596,7 +1596,7 @@ interface(`kernel_rw_unlabeled_blk_dev',`
## The process type not to audit.
## </param>
#
-interface(`kernel_dontaudit_getattr_unlabeled_chr_dev',`
+interface(`kernel_dontaudit_getattr_unlabeled_chr_files',`
gen_require(`
type unlabeled_t;
')
@@ -1615,7 +1615,6 @@ interface(`kernel_dontaudit_getattr_unlabeled_chr_dev',`
interface(`kernel_relabel_unlabeled',`
gen_require(`
type unlabeled_t;
- gen_require_set({ getattr relabelfrom },dir_file_class_set)
')
kernel_list_unlabeled($1)
@@ -1682,5 +1681,5 @@ interface(`kernel_unconfined',`
typeattribute $1 can_load_kernmodule, can_receive_kernel_messages;
typeattribute $1 kern_unconfined;
- kernel_rw_all_sysctl($1)
+ kernel_rw_all_sysctls($1)
')
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index f111502..e97e8df 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -212,7 +212,7 @@ allow httpd_t squirrelmail_spool_t:dir create_dir_perms;
allow httpd_t squirrelmail_spool_t:file create_file_perms;
allow httpd_t squirrelmail_spool_t:lnk_file create_lnk_perms;
-kernel_read_kernel_sysctl(httpd_t)
+kernel_read_kernel_sysctls(httpd_t)
kernel_tcp_recvfrom(httpd_t)
# for modules that want to access /proc/meminfo
kernel_read_system_state(httpd_t)
@@ -541,7 +541,7 @@ allow httpd_suexec_t httpd_suexec_tmp_t:dir create_dir_perms;
allow httpd_suexec_t httpd_suexec_tmp_t:file create_file_perms;
files_filetrans_tmp(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
-kernel_read_kernel_sysctl(httpd_suexec_t)
+kernel_read_kernel_sysctls(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
kernel_read_proc_symlinks(httpd_suexec_t)
@@ -663,7 +663,7 @@ allow httpd_sys_script_t squirrelmail_spool_t:dir r_dir_perms;
allow httpd_sys_script_t squirrelmail_spool_t:file r_file_perms;
allow httpd_sys_script_t squirrelmail_spool_t:lnk_file { getattr read };
-kernel_read_kernel_sysctl(httpd_sys_script_t)
+kernel_read_kernel_sysctls(httpd_sys_script_t)
files_search_var_lib(httpd_sys_script_t)
files_search_spool(httpd_sys_script_t)
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index 980ce25..969d0e6 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -83,8 +83,8 @@ allow apmd_t apmd_var_run_t:file create_file_perms;
allow apmd_t apmd_var_run_t:sock_file create_file_perms;
files_filetrans_pid(apmd_t, apmd_var_run_t, { file sock_file })
-kernel_read_kernel_sysctl(apmd_t)
-kernel_rw_all_sysctl(apmd_t)
+kernel_read_kernel_sysctls(apmd_t)
+kernel_rw_all_sysctls(apmd_t)
kernel_read_system_state(apmd_t)
dev_read_realtime_clock(apmd_t)
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index 30994a6..3a8cc40 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -45,7 +45,7 @@ allow arpwatch_t arpwatch_var_run_t:file create_file_perms;
allow arpwatch_t arpwatch_var_run_t:dir rw_dir_perms;
files_filetrans_pid(arpwatch_t,arpwatch_var_run_t)
-kernel_read_kernel_sysctl(arpwatch_t)
+kernel_read_kernel_sysctls(arpwatch_t)
kernel_list_proc(arpwatch_t)
kernel_read_proc_symlinks(arpwatch_t)
diff --git a/refpolicy/policy/modules/services/automount.te b/refpolicy/policy/modules/services/automount.te
index 91cb8e2..861ccef 100644
--- a/refpolicy/policy/modules/services/automount.te
+++ b/refpolicy/policy/modules/services/automount.te
@@ -57,8 +57,8 @@ allow automount_t automount_var_run_t:file create_file_perms;
allow automount_t automount_var_run_t:dir rw_dir_perms;
files_filetrans_pid(automount_t,automount_var_run_t)
-kernel_read_kernel_sysctl(automount_t)
-kernel_read_fs_sysctl(automount_t)
+kernel_read_kernel_sysctls(automount_t)
+kernel_read_fs_sysctls(automount_t)
kernel_read_proc_symlinks(automount_t)
kernel_read_system_state(automount_t)
kernel_list_proc(automount_t)
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index 436c6c9..687be8f 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -33,7 +33,7 @@ allow avahi_t avahi_var_run_t:file create_file_perms;
allow avahi_t avahi_var_run_t:dir { rw_dir_perms setattr };
files_filetrans_pid(avahi_t,avahi_var_run_t)
-kernel_read_kernel_sysctl(avahi_t)
+kernel_read_kernel_sysctls(avahi_t)
kernel_list_proc(avahi_t)
kernel_read_proc_symlinks(avahi_t)
kernel_read_network_state(avahi_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index a3662b9..269857f 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -94,7 +94,7 @@ allow named_t named_zone_t:lnk_file r_file_perms;
allow named_t ndc_t:tcp_socket { acceptfrom recvfrom };
-kernel_read_kernel_sysctl(named_t)
+kernel_read_kernel_sysctls(named_t)
kernel_read_system_state(named_t)
kernel_read_network_state(named_t)
kernel_tcp_recvfrom(named_t)
@@ -236,7 +236,7 @@ allow ndc_t named_var_run_t:sock_file rw_file_perms;
allow ndc_t named_zone_t:dir search;
-kernel_read_kernel_sysctl(ndc_t)
+kernel_read_kernel_sysctls(ndc_t)
kernel_tcp_recvfrom(ndc_t)
corenet_tcp_sendrecv_all_if(ndc_t)
@@ -274,7 +274,7 @@ ifdef(`distro_redhat',`
')
ifdef(`targeted_policy',`
- kernel_dontaudit_read_unlabeled_file(ndc_t)
+ kernel_dontaudit_read_unlabeled_files(ndc_t)
term_use_unallocated_tty(ndc_t)
term_use_generic_pty(ndc_t)
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 1c30d28..6bb985f 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -84,7 +84,7 @@ allow bluetooth_t bluetooth_var_run_t:file create_file_perms;
allow bluetooth_t bluetooth_var_run_t:sock_file create_file_perms;
files_filetrans_pid(bluetooth_t, bluetooth_var_run_t, { file sock_file })
-kernel_read_kernel_sysctl(bluetooth_t)
+kernel_read_kernel_sysctls(bluetooth_t)
kernel_read_system_state(bluetooth_t)
corenet_tcp_sendrecv_all_if(bluetooth_t)
@@ -177,7 +177,7 @@ allow bluetooth_helper_t bluetooth_helper_tmp_t:file create_file_perms;
files_filetrans_tmp(bluetooth_helper_t, bluetooth_helper_tmp_t, { file dir })
kernel_read_system_state(bluetooth_helper_t)
-kernel_read_kernel_sysctl(bluetooth_helper_t)
+kernel_read_kernel_sysctls(bluetooth_helper_t)
dev_read_urand(bluetooth_helper_t)
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index 4215b63..2990814 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -45,7 +45,7 @@ allow canna_t canna_var_run_t:file create_file_perms;
allow canna_t canna_var_run_t:sock_file create_file_perms;
files_filetrans_pid(canna_t, canna_var_run_t, { file sock_file })
-kernel_read_kernel_sysctl(canna_t)
+kernel_read_kernel_sysctls(canna_t)
kernel_read_system_state(canna_t)
corenet_tcp_sendrecv_all_if(canna_t)
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 27097e9..7c99d09 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -39,7 +39,7 @@ allow comsat_t comsat_var_run_t:file create_file_perms;
allow comsat_t comsat_var_run_t:dir rw_dir_perms;
files_filetrans_pid(comsat_t,comsat_var_run_t)
-kernel_read_kernel_sysctl(comsat_t)
+kernel_read_kernel_sysctls(comsat_t)
kernel_read_network_state(comsat_t)
kernel_read_system_state(comsat_t)
diff --git a/refpolicy/policy/modules/services/cpucontrol.te b/refpolicy/policy/modules/services/cpucontrol.te
index f3b3617..cc2819d 100644
--- a/refpolicy/policy/modules/services/cpucontrol.te
+++ b/refpolicy/policy/modules/services/cpucontrol.te
@@ -32,7 +32,7 @@ allow cpucontrol_t cpucontrol_conf_t:lnk_file { getattr read };
kernel_list_proc(cpucontrol_t)
kernel_read_proc_symlinks(cpucontrol_t)
-kernel_read_kernel_sysctl(cpucontrol_t)
+kernel_read_kernel_sysctls(cpucontrol_t)
dev_read_sysfs(cpucontrol_t)
dev_rw_cpu_microcode(cpucontrol_t)
@@ -83,7 +83,7 @@ allow cpuspeed_t self:process { signal_perms setsched };
allow cpuspeed_t self:unix_dgram_socket create_socket_perms;
kernel_read_system_state(cpuspeed_t)
-kernel_read_kernel_sysctl(cpuspeed_t)
+kernel_read_kernel_sysctls(cpuspeed_t)
dev_rw_sysfs(cpuspeed_t)
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index c7a097f..a919d79 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -80,7 +80,7 @@ template(`cron_per_userdomain_template',`
allow $1_crond_t crond_t:process sigchld;
kernel_read_system_state($1_crond_t)
- kernel_read_kernel_sysctl($1_crond_t)
+ kernel_read_kernel_sysctls($1_crond_t)
# ps does not need to access /boot when run from cron
bootloader_dontaudit_search_boot($1_crond_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 6577ab3..ea29b8f 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -87,7 +87,7 @@ allow crond_t cron_spool_t:file r_file_perms;
allow crond_t system_cron_spool_t:dir r_dir_perms;
allow crond_t system_cron_spool_t:file r_file_perms;
-kernel_read_kernel_sysctl(crond_t)
+kernel_read_kernel_sysctls(crond_t)
dev_read_sysfs(crond_t)
selinux_get_fs_mount(crond_t)
selinux_validate_context(crond_t)
@@ -275,7 +275,7 @@ ifdef(`targeted_policy',`
allow system_crond_t cron_spool_t:dir r_dir_perms;
allow system_crond_t cron_spool_t:file r_file_perms;
- kernel_read_kernel_sysctl(system_crond_t)
+ kernel_read_kernel_sysctls(system_crond_t)
kernel_read_system_state(system_crond_t)
kernel_read_software_raid_state(system_crond_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 39f0aa0..2705899 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -119,7 +119,7 @@ allow cupsd_t ptal_var_run_t:sock_file { write setattr };
allow cupsd_t ptal_t:unix_stream_socket connectto;
kernel_read_system_state(cupsd_t)
-kernel_read_all_sysctl(cupsd_t)
+kernel_read_all_sysctls(cupsd_t)
kernel_tcp_recvfrom(cupsd_t)
corenet_tcp_sendrecv_all_if(cupsd_t)
@@ -305,7 +305,7 @@ allow ptal_t ptal_var_run_t:file create_file_perms;
allow ptal_t ptal_var_run_t:dir rw_dir_perms;
files_filetrans_pid(ptal_t,ptal_var_run_t)
-kernel_read_kernel_sysctl(ptal_t)
+kernel_read_kernel_sysctls(ptal_t)
kernel_list_proc(ptal_t)
kernel_read_proc_symlinks(ptal_t)
@@ -393,7 +393,7 @@ allow hplip_t hplip_var_run_t:dir rw_dir_perms;
files_filetrans_pid(hplip_t,hplip_var_run_t)
kernel_read_system_state(hplip_t)
-kernel_read_kernel_sysctl(hplip_t)
+kernel_read_kernel_sysctls(hplip_t)
corenet_tcp_sendrecv_all_if(hplip_t)
corenet_udp_sendrecv_all_if(hplip_t)
@@ -516,7 +516,7 @@ files_filetrans_var(cupsd_config_t,cupsd_rw_etc_t)
allow cupsd_config_t cupsd_var_run_t:file { getattr read };
kernel_read_system_state(cupsd_config_t)
-kernel_read_kernel_sysctl(cupsd_config_t)
+kernel_read_kernel_sysctls(cupsd_config_t)
kernel_tcp_recvfrom(cupsd_config_t)
corenet_tcp_sendrecv_all_if(cupsd_config_t)
@@ -688,7 +688,7 @@ allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
allow cupsd_lpd_t cupsd_rw_etc_t:file r_file_perms;
allow cupsd_lpd_t cupsd_rw_etc_t:lnk_file { getattr read };
-kernel_read_kernel_sysctl(cupsd_lpd_t)
+kernel_read_kernel_sysctls(cupsd_lpd_t)
kernel_read_system_state(cupsd_lpd_t)
kernel_read_network_state(cupsd_lpd_t)
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index 3cd03dc..60165e9 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -44,7 +44,7 @@ allow cvs_t cvs_var_run_t:file create_file_perms;
allow cvs_t cvs_var_run_t:dir rw_dir_perms;
files_filetrans_pid(cvs_t,cvs_var_run_t)
-kernel_read_kernel_sysctl(cvs_t)
+kernel_read_kernel_sysctls(cvs_t)
kernel_read_system_state(cvs_t)
kernel_read_network_state(cvs_t)
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 57f5b65..87648db 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -55,9 +55,9 @@ allow cyrus_t cyrus_var_run_t:sock_file create_file_perms;
allow cyrus_t cyrus_var_run_t:file create_file_perms;
files_filetrans_pid(cyrus_t,cyrus_var_run_t,{ file sock_file })
-kernel_read_kernel_sysctl(cyrus_t)
+kernel_read_kernel_sysctls(cyrus_t)
kernel_read_system_state(cyrus_t)
-kernel_read_all_sysctl(cyrus_t)
+kernel_read_all_sysctls(cyrus_t)
corenet_tcp_sendrecv_all_if(cyrus_t)
corenet_udp_sendrecv_all_if(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index fc4017d..cd28ad7 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -45,7 +45,7 @@ allow dbskkd_t dbskkd_var_run_t:file create_file_perms;
allow dbskkd_t dbskkd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(dbskkd_t,dbskkd_var_run_t)
-kernel_read_kernel_sysctl(dbskkd_t)
+kernel_read_kernel_sysctls(dbskkd_t)
kernel_read_system_state(dbskkd_t)
kernel_read_network_state(dbskkd_t)
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index 2db8946..a7475ed 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -100,7 +100,7 @@ template(`dbus_per_userdomain_template',`
allow $2 $1_dbusd_t:process { sigkill signal };
kernel_read_system_state($1_dbusd_t)
- kernel_read_kernel_sysctl($1_dbusd_t)
+ kernel_read_kernel_sysctls($1_dbusd_t)
corenet_tcp_sendrecv_all_if($1_dbusd_t)
corenet_raw_sendrecv_all_if($1_dbusd_t)
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index a208e3c..07ab4fd 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -55,7 +55,7 @@ allow system_dbusd_t system_dbusd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(system_dbusd_t,system_dbusd_var_run_t)
kernel_read_system_state(system_dbusd_t)
-kernel_read_kernel_sysctl(system_dbusd_t)
+kernel_read_kernel_sysctls(system_dbusd_t)
dev_read_urand(system_dbusd_t)
dev_read_sysfs(system_dbusd_t)
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index 294d420..161750b 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -52,7 +52,7 @@ allow dhcpd_t dhcpd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(dhcpd_t,dhcpd_var_run_t)
kernel_read_system_state(dhcpd_t)
-kernel_read_kernel_sysctl(dhcpd_t)
+kernel_read_kernel_sysctls(dhcpd_t)
corenet_tcp_sendrecv_all_if(dhcpd_t)
corenet_udp_sendrecv_all_if(dhcpd_t)
diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te
index 1a4d9ec..d35f0e1 100644
--- a/refpolicy/policy/modules/services/dictd.te
+++ b/refpolicy/policy/modules/services/dictd.te
@@ -35,7 +35,7 @@ allow dictd_t dictd_var_lib_t:dir r_dir_perms;
allow dictd_t dictd_var_lib_t:file r_file_perms;
kernel_read_system_state(dictd_t)
-kernel_read_kernel_sysctl(dictd_t)
+kernel_read_kernel_sysctls(dictd_t)
kernel_tcp_recvfrom(dictd_t)
corenet_tcp_sendrecv_all_if(dictd_t)
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index 0af1681..6adf88d 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -43,7 +43,7 @@ allow distccd_t distccd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(distccd_t,distccd_var_run_t)
kernel_read_system_state(distccd_t)
-kernel_read_kernel_sysctl(distccd_t)
+kernel_read_kernel_sysctls(distccd_t)
corenet_tcp_sendrecv_all_if(distccd_t)
corenet_udp_sendrecv_all_if(distccd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 68dc0f2..c02c30d 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -67,7 +67,7 @@ allow dovecot_t dovecot_var_run_t:sock_file create_file_perms;
allow dovecot_t dovecot_var_run_t:dir rw_dir_perms;
files_filetrans_pid(dovecot_t,dovecot_var_run_t)
-kernel_read_kernel_sysctl(dovecot_t)
+kernel_read_kernel_sysctls(dovecot_t)
kernel_read_system_state(dovecot_t)
corenet_tcp_sendrecv_all_if(dovecot_t)
@@ -157,7 +157,7 @@ allow dovecot_auth_t dovecot_passwd_t:file { getattr read };
allow dovecot_auth_t dovecot_var_run_t:dir r_dir_perms;
-kernel_read_all_sysctl(dovecot_auth_t)
+kernel_read_all_sysctls(dovecot_auth_t)
kernel_read_system_state(dovecot_auth_t)
dev_read_urand(dovecot_auth_t)
diff --git a/refpolicy/policy/modules/services/fetchmail.te b/refpolicy/policy/modules/services/fetchmail.te
index d1f3a03..1c624e0 100644
--- a/refpolicy/policy/modules/services/fetchmail.te
+++ b/refpolicy/policy/modules/services/fetchmail.te
@@ -40,7 +40,7 @@ allow fetchmail_t fetchmail_var_run_t:file create_file_perms;
allow fetchmail_t fetchmail_var_run_t:dir rw_dir_perms;
files_filetrans_pid(fetchmail_t,fetchmail_var_run_t)
-kernel_read_kernel_sysctl(fetchmail_t)
+kernel_read_kernel_sysctls(fetchmail_t)
kernel_list_proc(fetchmail_t)
kernel_getattr_proc_files(fetchmail_t)
kernel_read_proc_symlinks(fetchmail_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index e8baa56..c564a85 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -43,7 +43,7 @@ allow fingerd_t fingerd_etc_t:lnk_file { getattr read };
allow fingerd_t fingerd_log_t:file create_file_perms;
logging_filetrans_log(fingerd_t,fingerd_log_t)
-kernel_read_kernel_sysctl(fingerd_t)
+kernel_read_kernel_sysctls(fingerd_t)
kernel_read_system_state(fingerd_t)
kernel_tcp_recvfrom(fingerd_t)
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index a3c6673..840969e 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -65,7 +65,7 @@ files_filetrans_pid(ftpd_t,ftpd_var_run_t)
allow ftpd_t xferlog_t:file create_file_perms;
logging_filetrans_log(ftpd_t,xferlog_t)
-kernel_read_kernel_sysctl(ftpd_t)
+kernel_read_kernel_sysctls(ftpd_t)
kernel_read_system_state(ftpd_t)
dev_read_sysfs(ftpd_t)
diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te
index d254885..7113bf9 100644
--- a/refpolicy/policy/modules/services/gpm.te
+++ b/refpolicy/policy/modules/services/gpm.te
@@ -48,7 +48,7 @@ dev_filetrans_dev(gpm_t,gpmctl_t,{ sock_file fifo_file })
# cjp: this has no effect
allow gpm_t gpmctl_t:unix_stream_socket name_bind;
-kernel_read_kernel_sysctl(gpm_t)
+kernel_read_kernel_sysctls(gpm_t)
kernel_list_proc(gpm_t)
kernel_read_proc_symlinks(gpm_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 1a609e8..382fca3 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -46,9 +46,9 @@ files_filetrans_pid(hald_t,hald_var_run_t)
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
-kernel_read_kernel_sysctl(hald_t)
-kernel_read_fs_sysctl(hald_t)
-kernel_write_proc_file(hald_t)
+kernel_read_kernel_sysctls(hald_t)
+kernel_read_fs_sysctls(hald_t)
+kernel_write_proc_files(hald_t)
bootloader_getattr_boot_dir(hald_t)
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index 4380f73..b798d93 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -30,7 +30,7 @@ allow howl_t howl_var_run_t:dir rw_dir_perms;
files_filetrans_pid(howl_t,howl_var_run_t)
kernel_read_network_state(howl_t)
-kernel_read_kernel_sysctl(howl_t)
+kernel_read_kernel_sysctls(howl_t)
kernel_load_module(howl_t)
kernel_list_proc(howl_t)
kernel_read_proc_symlinks(howl_t)
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index 433d098..dcf18e2 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -34,7 +34,7 @@ files_filetrans_pid(i18n_input_t,i18n_input_var_run_t)
can_exec(i18n_input_t, i18n_input_exec_t)
-kernel_read_kernel_sysctl(i18n_input_t)
+kernel_read_kernel_sysctls(i18n_input_t)
kernel_read_system_state(i18n_input_t)
kernel_tcp_recvfrom(i18n_input_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 32cb8a0..4ad06e2 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -52,7 +52,7 @@ files_filetrans_tmp(inetd_t, inetd_tmp_t, { file dir })
allow inetd_t inetd_var_run_t:file create_file_perms;
files_filetrans_pid(inetd_t,inetd_var_run_t)
-kernel_read_kernel_sysctl(inetd_t)
+kernel_read_kernel_sysctls(inetd_t)
kernel_list_proc(inetd_t)
kernel_read_proc_symlinks(inetd_t)
kernel_tcp_recvfrom(inetd_t)
@@ -181,7 +181,7 @@ allow inetd_child_t inetd_child_var_run_t:file create_file_perms;
allow inetd_child_t inetd_child_var_run_t:dir rw_dir_perms;
files_filetrans_pid(inetd_child_t,inetd_child_var_run_t)
-kernel_read_kernel_sysctl(inetd_child_t)
+kernel_read_kernel_sysctls(inetd_child_t)
kernel_read_system_state(inetd_child_t)
kernel_read_network_state(inetd_child_t)
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index 0fa2227..202eedd 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -60,7 +60,7 @@ allow innd_t news_spool_t:dir create_dir_perms;
allow innd_t news_spool_t:file create_file_perms;
allow innd_t news_spool_t:lnk_file create_lnk_perms;
-kernel_read_kernel_sysctl(innd_t)
+kernel_read_kernel_sysctls(innd_t)
kernel_read_system_state(innd_t)
corenet_raw_sendrecv_all_if(innd_t)
diff --git a/refpolicy/policy/modules/services/irqbalance.te b/refpolicy/policy/modules/services/irqbalance.te
index 8118845..0368165 100644
--- a/refpolicy/policy/modules/services/irqbalance.te
+++ b/refpolicy/policy/modules/services/irqbalance.te
@@ -26,8 +26,8 @@ allow irqbalance_t irqbalance_var_run_t:dir rw_dir_perms;
files_filetrans_pid(irqbalance_t,irqbalance_var_run_t)
kernel_read_system_state(irqbalance_t)
-kernel_read_kernel_sysctl(irqbalance_t)
-kernel_rw_irq_sysctl(irqbalance_t)
+kernel_read_kernel_sysctls(irqbalance_t)
+kernel_rw_irq_sysctls(irqbalance_t)
dev_read_sysfs(irqbalance_t)
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index dd8042a..f21527c 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -83,7 +83,7 @@ allow kadmind_t kadmind_var_run_t:file create_file_perms;
allow kadmind_t kadmind_var_run_t:dir rw_dir_perms;
files_filetrans_pid(kadmind_t,kadmind_var_run_t)
-kernel_read_kernel_sysctl(kadmind_t)
+kernel_read_kernel_sysctls(kadmind_t)
kernel_list_proc(kadmind_t)
kernel_read_proc_symlinks(kadmind_t)
@@ -186,7 +186,7 @@ allow krb5kdc_t krb5kdc_var_run_t:dir rw_dir_perms;
files_filetrans_pid(krb5kdc_t,krb5kdc_var_run_t)
kernel_read_system_state(krb5kdc_t)
-kernel_read_kernel_sysctl(krb5kdc_t)
+kernel_read_kernel_sysctls(krb5kdc_t)
kernel_list_proc(krb5kdc_t)
kernel_read_proc_symlinks(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index 00167ed..65864b9 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -46,7 +46,7 @@ allow ktalkd_t ktalkd_var_run_t:file create_file_perms;
allow ktalkd_t ktalkd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(ktalkd_t,ktalkd_var_run_t)
-kernel_read_kernel_sysctl(ktalkd_t)
+kernel_read_kernel_sysctls(ktalkd_t)
kernel_read_system_state(ktalkd_t)
kernel_read_network_state(ktalkd_t)
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index 26e3a23..6998bb5 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -75,7 +75,7 @@ allow slapd_t slapd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(slapd_t,slapd_var_run_t)
kernel_read_system_state(slapd_t)
-kernel_read_kernel_sysctl(slapd_t)
+kernel_read_kernel_sysctls(slapd_t)
kernel_tcp_recvfrom(slapd_t)
corenet_tcp_sendrecv_all_if(slapd_t)
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index cd58cc5..bda1eeb 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -154,7 +154,7 @@ dev_filetrans_dev(lpd_t,printer_t,lnk_file)
allow lpd_t printer_t:unix_stream_socket name_bind;
allow lpd_t printer_t:unix_dgram_socket name_bind;
-kernel_read_kernel_sysctl(lpd_t)
+kernel_read_kernel_sysctls(lpd_t)
kernel_tcp_recvfrom(lpd_t)
# bash wants access to /proc/meminfo
kernel_read_system_state(lpd_t)
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 753d7f1..372e84b 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -45,7 +45,7 @@ template(`mailman_domain_template', `
allow mailman_$1_t mailman_$1_tmp_t:file create_file_perms;
files_filetrans_tmp(mailman_$1_t, mailman_$1_tmp_t, { file dir })
- kernel_read_kernel_sysctl(mailman_$1_t)
+ kernel_read_kernel_sysctls(mailman_$1_t)
kernel_read_system_state(mailman_$1_t)
corenet_tcp_sendrecv_all_if(mailman_$1_t)
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index f20330b..6d77382 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -66,7 +66,7 @@ template(`mta_base_mail_template',`
can_exec($1_mail_t, sendmail_exec_t)
allow $1_mail_t sendmail_exec_t:lnk_file r_file_perms;
- kernel_read_kernel_sysctl($1_mail_t)
+ kernel_read_kernel_sysctls($1_mail_t)
corenet_tcp_sendrecv_all_if($1_mail_t)
corenet_raw_sendrecv_all_if($1_mail_t)
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index b84c2ab..4f09d20 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -61,7 +61,7 @@ allow mysqld_t mysqld_var_run_t:file create_file_perms;
files_filetrans_pid(mysqld_t,mysqld_var_run_t)
kernel_list_proc(mysqld_t)
-kernel_read_kernel_sysctl(mysqld_t)
+kernel_read_kernel_sysctls(mysqld_t)
kernel_read_proc_symlinks(mysqld_t)
kernel_read_system_state(mysqld_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index f0bff54..d95c42b 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -35,7 +35,7 @@ files_filetrans_pid(NetworkManager_t,NetworkManager_var_run_t)
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
-kernel_read_kernel_sysctl(NetworkManager_t)
+kernel_read_kernel_sysctls(NetworkManager_t)
kernel_load_module(NetworkManager_t)
corenet_tcp_sendrecv_all_if(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 2ae303f..d109781 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -63,7 +63,7 @@ files_filetrans_pid(ypbind_t,ypbind_var_run_t)
allow ypbind_t var_yp_t:dir rw_dir_perms;
allow ypbind_t var_yp_t:file create_file_perms;
-kernel_read_kernel_sysctl(ypbind_t)
+kernel_read_kernel_sysctls(ypbind_t)
kernel_list_proc(ypbind_t)
kernel_read_proc_symlinks(ypbind_t)
kernel_tcp_recvfrom(ypbind_t)
@@ -160,7 +160,7 @@ allow yppasswdd_t var_yp_t:lnk_file create_lnk_perms;
kernel_list_proc(yppasswdd_t)
kernel_read_proc_symlinks(yppasswdd_t)
kernel_getattr_proc_files(yppasswdd_t)
-kernel_read_kernel_sysctl(yppasswdd_t)
+kernel_read_kernel_sysctls(yppasswdd_t)
corenet_tcp_sendrecv_generic_if(yppasswdd_t)
corenet_udp_sendrecv_generic_if(yppasswdd_t)
@@ -262,7 +262,7 @@ allow ypserv_t ypserv_var_run_t:dir rw_dir_perms;
allow ypserv_t ypserv_var_run_t:file manage_file_perms;
files_filetrans_pid(ypserv_t,ypserv_var_run_t)
-kernel_read_kernel_sysctl(ypserv_t)
+kernel_read_kernel_sysctls(ypserv_t)
kernel_list_proc(ypserv_t)
kernel_read_proc_symlinks(ypserv_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index e87e669..088dc7d 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -52,7 +52,7 @@ allow nscd_t nscd_var_run_t:sock_file create_file_perms;
allow nscd_t nscd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(nscd_t,nscd_var_run_t,{ file sock_file })
-kernel_read_kernel_sysctl(nscd_t)
+kernel_read_kernel_sysctls(nscd_t)
kernel_list_proc(nscd_t)
kernel_read_proc_symlinks(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 530dfe7..018d6af 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -60,7 +60,7 @@ allow ntpd_t ntpd_var_run_t:file create_file_perms;
allow ntpd_t ntpd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(ntpd_t,ntpd_var_run_t)
-kernel_read_kernel_sysctl(ntpd_t)
+kernel_read_kernel_sysctls(ntpd_t)
kernel_read_system_state(ntpd_t)
corenet_tcp_sendrecv_all_if(ntpd_t)
diff --git a/refpolicy/policy/modules/services/openct.te b/refpolicy/policy/modules/services/openct.te
index b36f450..8887143 100644
--- a/refpolicy/policy/modules/services/openct.te
+++ b/refpolicy/policy/modules/services/openct.te
@@ -25,7 +25,7 @@ allow openct_t openct_var_run_t:file create_file_perms;
allow openct_t openct_var_run_t:dir rw_dir_perms;
files_filetrans_pid(openct_t,openct_var_run_t)
-kernel_read_kernel_sysctl(openct_t)
+kernel_read_kernel_sysctls(openct_t)
kernel_list_proc(openct_t)
kernel_read_proc_symlinks(openct_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index 6827c71..f21e8f8 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -61,8 +61,8 @@ allow pegasus_t pegasus_var_run_t:sock_file { create setattr unlink };
allow pegasus_t pegasus_var_run_t:dir rw_dir_perms;
files_filetrans_pid(pegasus_t,pegasus_var_run_t)
-kernel_read_kernel_sysctl(pegasus_t)
-kernel_read_fs_sysctl(pegasus_t)
+kernel_read_kernel_sysctls(pegasus_t)
+kernel_read_fs_sysctls(pegasus_t)
kernel_read_system_state(pegasus_t)
kernel_search_vm_sysctl(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index d0ecdbd..bc5969b 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -42,7 +42,7 @@ allow portmap_t portmap_var_run_t:file create_file_perms;
allow portmap_t portmap_var_run_t:dir rw_dir_perms;
files_filetrans_pid(portmap_t,portmap_var_run_t)
-kernel_read_kernel_sysctl(portmap_t)
+kernel_read_kernel_sysctls(portmap_t)
kernel_list_proc(portmap_t)
kernel_read_proc_symlinks(portmap_t)
kernel_tcp_recvfrom(portmap_t)
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index a749e8e..003c7e0 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -47,7 +47,7 @@ template(`postfix_domain_template',`
kernel_read_system_state(postfix_$1_t)
kernel_read_network_state(postfix_$1_t)
- kernel_read_all_sysctl(postfix_$1_t)
+ kernel_read_all_sysctls(postfix_$1_t)
dev_read_sysfs(postfix_$1_t)
dev_read_rand(postfix_$1_t)
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index 4c85ccb..3450bc7 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -132,7 +132,7 @@ allow postfix_master_t postfix_spool_flush_t:lnk_file create_lnk_perms;
allow postfix_master_t postfix_spool_maildrop_t:dir rw_dir_perms;
allow postfix_master_t postfix_spool_maildrop_t:file { unlink rename getattr };
-kernel_read_all_sysctl(postfix_master_t)
+kernel_read_all_sysctls(postfix_master_t)
corenet_tcp_sendrecv_all_if(postfix_master_t)
corenet_udp_sendrecv_all_if(postfix_master_t)
@@ -301,7 +301,7 @@ allow postfix_map_t postfix_map_tmp_t:dir create_dir_perms;
allow postfix_map_t postfix_map_tmp_t:file create_file_perms;
files_filetrans_tmp(postfix_map_t, postfix_map_tmp_t, { file dir })
-kernel_read_kernel_sysctl(postfix_map_t)
+kernel_read_kernel_sysctls(postfix_map_t)
kernel_dontaudit_list_proc(postfix_map_t)
corenet_tcp_sendrecv_all_if(postfix_map_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index 2ddd3fe..e6cf8d9 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -77,10 +77,10 @@ allow postgresql_t postgresql_var_run_t:file create_file_perms;
allow postgresql_t postgresql_var_run_t:sock_file create_file_perms;
files_filetrans_pid(postgresql_t,postgresql_var_run_t)
-kernel_read_kernel_sysctl(postgresql_t)
+kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
kernel_list_proc(postgresql_t)
-kernel_read_all_sysctl(postgresql_t)
+kernel_read_all_sysctls(postgresql_t)
kernel_read_proc_symlinks(postgresql_t)
kernel_tcp_recvfrom(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 78e63ae..0cef95f 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -107,9 +107,9 @@ allow pppd_t pppd_secret_t:file r_file_perms;
# Automatically label newly created files under /etc/ppp with this type
type_transition pppd_t pppd_etc_t:file pppd_etc_rw_t;
-kernel_read_kernel_sysctl(pppd_t)
+kernel_read_kernel_sysctls(pppd_t)
kernel_read_system_state(pppd_t)
-kernel_read_net_sysctl(pppd_t)
+kernel_read_net_sysctls(pppd_t)
kernel_read_network_state(pppd_t)
kernel_load_module(pppd_t)
@@ -256,7 +256,7 @@ allow pptp_t pptp_var_run_t:sock_file create_file_perms;
files_filetrans_pid(pptp_t,pptp_var_run_t)
kernel_list_proc(pptp_t)
-kernel_read_kernel_sysctl(pptp_t)
+kernel_read_kernel_sysctls(pptp_t)
kernel_read_proc_symlinks(pptp_t)
dev_read_sysfs(pptp_t)
@@ -322,6 +322,7 @@ optional_policy(`postfix',`
postfix_read_config(pppd_t)
')
+# FIXME:
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
allow pppd_t initrc_t:fd use;
allow initrc_t pppd_t:fd use;
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index ea69c43..f95456c 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -38,7 +38,7 @@ allow privoxy_t privoxy_var_run_t:file create_file_perms;
allow privoxy_t privoxy_var_run_t:dir rw_dir_perms;
files_filetrans_pid(privoxy_t,privoxy_var_run_t)
-kernel_read_kernel_sysctl(privoxy_t)
+kernel_read_kernel_sysctls(privoxy_t)
kernel_list_proc(privoxy_t)
kernel_read_proc_symlinks(privoxy_t)
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
index 258a8ea..2471486 100644
--- a/refpolicy/policy/modules/services/procmail.te
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -26,7 +26,7 @@ allow procmail_t self:tcp_socket create_stream_socket_perms;
allow procmail_t self:udp_socket create_socket_perms;
kernel_read_system_state(procmail_t)
-kernel_read_kernel_sysctl(procmail_t)
+kernel_read_kernel_sysctls(procmail_t)
corenet_tcp_sendrecv_all_if(procmail_t)
corenet_raw_sendrecv_all_if(procmail_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index 0b49f23..5cbd243 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -47,7 +47,7 @@ allow radiusd_t radiusd_var_run_t:file create_file_perms;
allow radiusd_t radiusd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(radiusd_t,radiusd_var_run_t)
-kernel_read_kernel_sysctl(radiusd_t)
+kernel_read_kernel_sysctls(radiusd_t)
kernel_read_system_state(radiusd_t)
corenet_tcp_sendrecv_all_if(radiusd_t)
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index 0cb9893..23c0502 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -34,8 +34,8 @@ allow radvd_t radvd_var_run_t:file create_file_perms;
allow radvd_t radvd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(radvd_t,radvd_var_run_t)
-kernel_read_kernel_sysctl(radvd_t)
-kernel_read_net_sysctl(radvd_t)
+kernel_read_kernel_sysctls(radvd_t)
+kernel_read_net_sysctls(radvd_t)
kernel_read_network_state(radvd_t)
kernel_read_system_state(radvd_t)
diff --git a/refpolicy/policy/modules/services/rdisc.te b/refpolicy/policy/modules/services/rdisc.te
index 596f77d..d7e522c 100644
--- a/refpolicy/policy/modules/services/rdisc.te
+++ b/refpolicy/policy/modules/services/rdisc.te
@@ -24,7 +24,7 @@ allow rdisc_t self:rawip_socket create_socket_perms;
kernel_list_proc(rdisc_t)
kernel_read_proc_symlinks(rdisc_t)
-kernel_read_kernel_sysctl(rdisc_t)
+kernel_read_kernel_sysctls(rdisc_t)
corenet_udp_sendrecv_generic_if(rdisc_t)
corenet_raw_sendrecv_generic_if(rdisc_t)
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index 1e76716..8116894 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -43,7 +43,7 @@ allow remote_login_t remote_login_tmp_t:file create_file_perms;
files_filetrans_tmp(remote_login_t, remote_login_tmp_t, { file dir })
kernel_read_system_state(remote_login_t)
-kernel_read_kernel_sysctl(remote_login_t)
+kernel_read_kernel_sysctls(remote_login_t)
dev_getattr_mouse_dev(remote_login_t)
dev_setattr_mouse_dev(remote_login_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index 6a15af9..da68a2c 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -47,7 +47,7 @@ allow rlogind_t rlogind_var_run_t:file create_file_perms;
allow rlogind_t rlogind_var_run_t:dir rw_dir_perms;
files_filetrans_pid(rlogind_t,rlogind_var_run_t)
-kernel_read_kernel_sysctl(rlogind_t)
+kernel_read_kernel_sysctls(rlogind_t)
kernel_read_system_state(rlogind_t)
kernel_read_network_state(rlogind_t)
diff --git a/refpolicy/policy/modules/services/roundup.te b/refpolicy/policy/modules/services/roundup.te
index a7cedb4..4019879 100644
--- a/refpolicy/policy/modules/services/roundup.te
+++ b/refpolicy/policy/modules/services/roundup.te
@@ -36,7 +36,7 @@ allow roundup_t roundup_var_lib_t:file create_file_perms;
allow roundup_t roundup_var_lib_t:dir rw_dir_perms;
files_filetrans_var_lib(roundup_t,roundup_var_lib_t)
-kernel_read_kernel_sysctl(roundup_t)
+kernel_read_kernel_sysctls(roundup_t)
kernel_list_proc(roundup_t)
kernel_read_proc_symlinks(roundup_t)
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index eeb169f..a06f4d9 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -44,9 +44,9 @@ template(`rpc_domain_template', `
kernel_list_proc($1_t)
kernel_read_proc_symlinks($1_t)
- kernel_read_kernel_sysctl($1_t)
+ kernel_read_kernel_sysctls($1_t)
# bind to arbitary unused ports
- kernel_rw_rpc_sysctl($1_t)
+ kernel_rw_rpc_sysctls($1_t)
dev_read_sysfs($1_t)
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index 8c776b8..55d562e 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -21,7 +21,7 @@ allow rshd_t self:process { signal_perms fork setsched setpgid setexec };
allow rshd_t self:fifo_file rw_file_perms;
allow rshd_t self:tcp_socket create_stream_socket_perms;
-kernel_read_kernel_sysctl(rshd_t)
+kernel_read_kernel_sysctls(rshd_t)
corenet_tcp_sendrecv_generic_if(rshd_t)
corenet_udp_sendrecv_generic_if(rshd_t)
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 303b86c..94db6d0 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -50,7 +50,7 @@ allow rsync_t rsync_var_run_t:file create_file_perms;
allow rsync_t rsync_var_run_t:dir rw_dir_perms;
files_filetrans_pid(rsync_t,rsync_var_run_t)
-kernel_read_kernel_sysctl(rsync_t)
+kernel_read_kernel_sysctls(rsync_t)
kernel_read_system_state(rsync_t)
kernel_read_network_state(rsync_t)
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index ee36494..b0fdc60 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -223,10 +223,10 @@ files_filetrans_pid(smbd_t,smbd_var_run_t)
allow smbd_t winbind_var_run_t:sock_file { read write getattr };
-kernel_getattr_core(smbd_t)
+kernel_getattr_core_if(smbd_t)
kernel_getattr_message_if(smbd_t)
kernel_read_network_state(smbd_t)
-kernel_read_kernel_sysctl(smbd_t)
+kernel_read_kernel_sysctls(smbd_t)
kernel_read_software_raid_state(smbd_t)
kernel_read_system_state(smbd_t)
@@ -369,9 +369,9 @@ allow nmbd_t samba_var_t:file { lock unlink create write setattr read getattr re
allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
-kernel_getattr_core(nmbd_t)
+kernel_getattr_core_if(nmbd_t)
kernel_getattr_message_if(nmbd_t)
-kernel_read_kernel_sysctl(nmbd_t)
+kernel_read_kernel_sysctls(nmbd_t)
kernel_read_network_state(nmbd_t)
kernel_read_software_raid_state(nmbd_t)
kernel_read_system_state(nmbd_t)
@@ -567,7 +567,7 @@ files_filetrans_pid(swat_t,swat_var_run_t)
allow swat_t winbind_exec_t:file execute;
-kernel_read_kernel_sysctl(swat_t)
+kernel_read_kernel_sysctls(swat_t)
kernel_read_system_state(swat_t)
kernel_read_network_state(swat_t)
@@ -663,7 +663,7 @@ allow winbind_t winbind_var_run_t:sock_file create_file_perms;
allow winbind_t winbind_var_run_t:dir rw_dir_perms;
files_filetrans_pid(winbind_t,winbind_var_run_t)
-kernel_read_kernel_sysctl(winbind_t)
+kernel_read_kernel_sysctls(winbind_t)
kernel_list_proc(winbind_t)
kernel_read_proc_symlinks(winbind_t)
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index cd6b15e..065726e 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -31,7 +31,7 @@ allow saslauthd_t saslauthd_var_run_t:sock_file create_file_perms;
allow saslauthd_t saslauthd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(saslauthd_t,saslauthd_var_run_t)
-kernel_read_kernel_sysctl(saslauthd_t)
+kernel_read_kernel_sysctls(saslauthd_t)
kernel_read_system_state(saslauthd_t)
corenet_tcp_sendrecv_all_if(saslauthd_t)
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 9bf1ce3..fd16c09 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -37,7 +37,7 @@ allow sendmail_t sendmail_log_t:file create_file_perms;
allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
logging_filetrans_log(sendmail_t,sendmail_log_t,{ file dir })
-kernel_read_kernel_sysctl(sendmail_t)
+kernel_read_kernel_sysctls(sendmail_t)
# for piping mail to a command
kernel_read_system_state(sendmail_t)
diff --git a/refpolicy/policy/modules/services/slrnpull.te b/refpolicy/policy/modules/services/slrnpull.te
index f27268d..c3462c8 100644
--- a/refpolicy/policy/modules/services/slrnpull.te
+++ b/refpolicy/policy/modules/services/slrnpull.te
@@ -41,7 +41,7 @@ allow slrnpull_t slrnpull_var_run_t:dir rw_dir_perms;
files_filetrans_pid(slrnpull_t,slrnpull_var_run_t)
kernel_list_proc(slrnpull_t)
-kernel_read_kernel_sysctl(slrnpull_t)
+kernel_read_kernel_sysctls(slrnpull_t)
kernel_read_proc_symlinks(slrnpull_t)
dev_read_sysfs(slrnpull_t)
diff --git a/refpolicy/policy/modules/services/smartmon.te b/refpolicy/policy/modules/services/smartmon.te
index 321fc97..7980227 100644
--- a/refpolicy/policy/modules/services/smartmon.te
+++ b/refpolicy/policy/modules/services/smartmon.te
@@ -37,7 +37,7 @@ allow fsdaemon_t fsdaemon_var_run_t:file create_file_perms;
allow fsdaemon_t fsdaemon_var_run_t:dir rw_dir_perms;
files_filetrans_pid(fsdaemon_t,fsdaemon_var_run_t)
-kernel_read_kernel_sysctl(fsdaemon_t)
+kernel_read_kernel_sysctls(fsdaemon_t)
kernel_read_software_raid_state(fsdaemon_t)
kernel_read_system_state(fsdaemon_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index 373955f..9d2a499 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -49,8 +49,8 @@ allow snmpd_t snmpd_var_run_t:file create_file_perms;
allow snmpd_t snmpd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(snmpd_t,snmpd_var_run_t)
-kernel_read_kernel_sysctl(snmpd_t)
-kernel_read_net_sysctl(snmpd_t)
+kernel_read_kernel_sysctls(snmpd_t)
+kernel_read_net_sysctls(snmpd_t)
kernel_read_proc_symlinks(snmpd_t)
kernel_read_system_state(snmpd_t)
kernel_read_network_state(snmpd_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index 0046187..6d3ac33 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -89,7 +89,7 @@ template(`spamassassin_per_userdomain_template',`
allow $1_spamc_t $2:fifo_file rw_file_perms;
allow $1_spamc_t $2:process sigchld;
- kernel_read_kernel_sysctl($1_spamc_t)
+ kernel_read_kernel_sysctls($1_spamc_t)
kernel_tcp_recvfrom($1_spamc_t)
corenet_tcp_sendrecv_generic_if($1_spamc_t)
@@ -217,7 +217,7 @@ template(`spamassassin_per_userdomain_template',`
allow spamd_t $1_spamassassin_home_t:fifo_file create_file_perms;
userdom_create_user_home($1,spamd_t,{ dir file lnk_file sock_file fifo_file },$1_spamassassin_home_t)
- kernel_read_kernel_sysctl($1_spamassassin_t)
+ kernel_read_kernel_sysctls($1_spamassassin_t)
dev_read_urand($1_spamassassin_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index 853391c..099adda 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -57,7 +57,7 @@ allow spamd_t spamd_var_run_t:file create_file_perms;
allow spamd_t spamd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(spamd_t,spamd_var_run_t)
-kernel_read_all_sysctl(spamd_t)
+kernel_read_all_sysctls(spamd_t)
kernel_read_system_state(spamd_t)
kernel_tcp_recvfrom(spamd_t)
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index 60f6bc4..74dd8fc 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -64,7 +64,7 @@ allow squid_t squid_var_run_t:file create_file_perms;
allow squid_t squid_var_run_t:dir rw_dir_perms;
files_filetrans_pid(squid_t,squid_var_run_t)
-kernel_read_kernel_sysctl(squid_t)
+kernel_read_kernel_sysctls(squid_t)
kernel_read_system_state(squid_t)
kernel_tcp_recvfrom(squid_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 938d34e..d51727a 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -118,7 +118,7 @@ template(`ssh_per_userdomain_template',`
allow ssh_server $1_home_ssh_t:lnk_file r_file_perms;
allow ssh_server $1_home_ssh_t:file r_file_perms;
- kernel_read_kernel_sysctl($1_ssh_t)
+ kernel_read_kernel_sysctls($1_ssh_t)
corenet_tcp_sendrecv_all_if($1_ssh_t)
corenet_raw_sendrecv_all_if($1_ssh_t)
@@ -291,7 +291,7 @@ template(`ssh_per_userdomain_template',`
allow $1_ssh_agent_t $2:fifo_file rw_file_perms;
allow $1_ssh_agent_t $2:process sigchld;
- kernel_read_kernel_sysctl($1_ssh_agent_t)
+ kernel_read_kernel_sysctls($1_ssh_agent_t)
dev_read_urand($1_ssh_agent_t)
dev_read_rand($1_ssh_agent_t)
@@ -434,7 +434,7 @@ template(`ssh_server_template', `
# Access key files
allow $1_t sshd_key_t:file { getattr read };
- kernel_read_kernel_sysctl($1_t)
+ kernel_read_kernel_sysctls($1_t)
corenet_tcp_sendrecv_all_if($1_t)
corenet_udp_sendrecv_all_if($1_t)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 7f20b44..2f4f84d 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -219,7 +219,7 @@ ifdef(`targeted_policy',`',`
allow ssh_keygen_t sshd_key_t:file create_file_perms;
files_filetrans_etc(ssh_keygen_t,sshd_key_t,file)
- kernel_read_kernel_sysctl(ssh_keygen_t)
+ kernel_read_kernel_sysctls(ssh_keygen_t)
fs_search_auto_mountpoints(ssh_keygen_t)
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index 07f2551..c0f9920 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -51,7 +51,7 @@ allow stunnel_t stunnel_var_run_t:file create_file_perms;
allow stunnel_t stunnel_var_run_t:dir rw_dir_perms;
files_filetrans_pid(stunnel_t,stunnel_var_run_t)
-kernel_read_kernel_sysctl(stunnel_t)
+kernel_read_kernel_sysctls(stunnel_t)
kernel_read_system_state(stunnel_t)
kernel_read_network_state(stunnel_t)
diff --git a/refpolicy/policy/modules/services/sysstat.te b/refpolicy/policy/modules/services/sysstat.te
index 09dbf0b..5bfdc8f 100644
--- a/refpolicy/policy/modules/services/sysstat.te
+++ b/refpolicy/policy/modules/services/sysstat.te
@@ -32,9 +32,9 @@ logging_filetrans_log(sysstat_t,sysstat_log_t,{ file dir })
# get info from /proc
kernel_read_system_state(sysstat_t)
kernel_read_network_state(sysstat_t)
-kernel_read_kernel_sysctl(sysstat_t)
-kernel_read_fs_sysctl(sysstat_t)
-kernel_read_rpc_sysctl(sysstat_t)
+kernel_read_kernel_sysctls(sysstat_t)
+kernel_read_fs_sysctls(sysstat_t)
+kernel_read_rpc_sysctls(sysstat_t)
corecmd_dontaudit_search_sbin(sysstat_t)
corecmd_exec_bin(sysstat_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 8f3c80e..ad044f5 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -45,7 +45,7 @@ allow telnetd_t telnetd_var_run_t:file create_file_perms;
allow telnetd_t telnetd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(telnetd_t,telnetd_var_run_t)
-kernel_read_kernel_sysctl(telnetd_t)
+kernel_read_kernel_sysctls(telnetd_t)
kernel_read_system_state(telnetd_t)
kernel_read_network_state(telnetd_t)
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index 682a604..44fb415 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -37,7 +37,7 @@ allow tftpd_t tftpd_var_run_t:file create_file_perms;
allow tftpd_t tftpd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(tftpd_t,tftpd_var_run_t)
-kernel_read_kernel_sysctl(tftpd_t)
+kernel_read_kernel_sysctls(tftpd_t)
kernel_list_proc(tftpd_t)
kernel_read_proc_symlinks(tftpd_t)
diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te
index a6ca08f..b66b5db 100644
--- a/refpolicy/policy/modules/services/timidity.te
+++ b/refpolicy/policy/modules/services/timidity.te
@@ -35,7 +35,7 @@ allow timidity_t timidity_tmpfs_t:sock_file create_file_perms;
allow timidity_t timidity_tmpfs_t:fifo_file create_file_perms;
fs_filetrans_tmpfs(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-kernel_read_kernel_sysctl(timidity_t)
+kernel_read_kernel_sysctls(timidity_t)
# read /proc/cpuinfo
kernel_read_system_state(timidity_t)
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 3e47d75..56aca2f 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -63,7 +63,7 @@ allow uucpd_t uucpd_var_run_t:file create_file_perms;
allow uucpd_t uucpd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(uucpd_t,uucpd_var_run_t)
-kernel_read_kernel_sysctl(uucpd_t)
+kernel_read_kernel_sysctls(uucpd_t)
kernel_read_system_state(uucpd_t)
kernel_read_network_state(uucpd_t)
diff --git a/refpolicy/policy/modules/services/xfs.te b/refpolicy/policy/modules/services/xfs.te
index b703f3b..fb806d9 100644
--- a/refpolicy/policy/modules/services/xfs.te
+++ b/refpolicy/policy/modules/services/xfs.te
@@ -39,7 +39,7 @@ files_filetrans_pid(xfs_t,xfs_var_run_t)
# cjp: I do not believe this has an effect.
allow xfs_t xfs_tmp_t:unix_stream_socket name_bind;
-kernel_read_kernel_sysctl(xfs_t)
+kernel_read_kernel_sysctls(xfs_t)
kernel_read_system_state(xfs_t)
dev_read_sysfs(xfs_t)
diff --git a/refpolicy/policy/modules/services/xserver.if b/refpolicy/policy/modules/services/xserver.if
index c088991..be61ef3 100644
--- a/refpolicy/policy/modules/services/xserver.if
+++ b/refpolicy/policy/modules/services/xserver.if
@@ -70,10 +70,10 @@ template(`xserver_common_domain_template',`
logging_filetrans_log($1_xserver_t,xserver_log_t,file)
kernel_read_system_state($1_xserver_t)
- kernel_read_device_sysctl($1_xserver_t)
- kernel_read_modprobe_sysctl($1_xserver_t)
+ kernel_read_device_sysctls($1_xserver_t)
+ kernel_read_modprobe_sysctls($1_xserver_t)
# Xorg wants to check if kernel is tainted
- kernel_read_kernel_sysctl($1_xserver_t)
+ kernel_read_kernel_sysctls($1_xserver_t)
# Run helper programs in $1_xserver_t.
corecmd_search_sbin($1_xserver_t)
diff --git a/refpolicy/policy/modules/services/xserver.te b/refpolicy/policy/modules/services/xserver.te
index d089091..d43696c 100644
--- a/refpolicy/policy/modules/services/xserver.te
+++ b/refpolicy/policy/modules/services/xserver.te
@@ -93,7 +93,7 @@ allow xdm_t xdm_rw_etc_t:dir rw_dir_perms;
allow xdm_t xdm_rw_etc_t:file create_file_perms;
kernel_read_system_state(xdm_t)
-kernel_read_kernel_sysctl(xdm_t)
+kernel_read_kernel_sysctls(xdm_t)
corecmd_exec_shell(xdm_t)
corecmd_exec_bin(xdm_t)
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index c493c45..85c5834 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -57,9 +57,9 @@ allow zebra_t zebra_var_run_t:dir rw_dir_perms;
files_filetrans_pid(zebra_t,zebra_var_run_t, { file sock_file })
kernel_read_system_state(zebra_t)
-kernel_read_kernel_sysctl(zebra_t)
+kernel_read_kernel_sysctls(zebra_t)
kernel_tcp_recvfrom(zebra_t)
-kernel_rw_net_sysctl(zebra_t)
+kernel_rw_net_sysctls(zebra_t)
corenet_tcp_sendrecv_all_if(zebra_t)
corenet_udp_sendrecv_all_if(zebra_t)
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index a734e22..f9c4fc0 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -145,7 +145,7 @@ allow pam_console_t pam_var_console_t:file r_file_perms;
dontaudit pam_console_t pam_var_console_t:file write;
allow pam_console_t pam_var_console_t:lnk_file { getattr read };
-kernel_read_kernel_sysctl(pam_console_t)
+kernel_read_kernel_sysctls(pam_console_t)
kernel_use_fd(pam_console_t)
# Read /proc/meminfo
kernel_read_system_state(pam_console_t)
diff --git a/refpolicy/policy/modules/system/clock.te b/refpolicy/policy/modules/system/clock.te
index cff1a93..fac03e2 100644
--- a/refpolicy/policy/modules/system/clock.te
+++ b/refpolicy/policy/modules/system/clock.te
@@ -30,7 +30,7 @@ allow hwclock_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_re
# Allow hwclock to store & retrieve correction factors.
allow hwclock_t adjtime_t:file { setattr ioctl read getattr lock write append };
-kernel_read_kernel_sysctl(hwclock_t)
+kernel_read_kernel_sysctls(hwclock_t)
kernel_list_proc(hwclock_t)
kernel_read_proc_symlinks(hwclock_t)
diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te
index 070e38e..354fbd3 100644
--- a/refpolicy/policy/modules/system/fstools.te
+++ b/refpolicy/policy/modules/system/fstools.te
@@ -48,14 +48,14 @@ files_filetrans_tmp(fsadm_t, fsadm_tmp_t, { file dir })
allow fsadm_t swapfile_t:file { getattr swapon };
kernel_read_system_state(fsadm_t)
-kernel_read_kernel_sysctl(fsadm_t)
+kernel_read_kernel_sysctls(fsadm_t)
# Allow console log change (updfstab)
kernel_change_ring_buffer_level(fsadm_t)
# mkreiserfs needs this
kernel_getattr_proc(fsadm_t)
# Access to /initrd devices
-kernel_rw_unlabeled_dir(fsadm_t)
-kernel_rw_unlabeled_blk_dev(fsadm_t)
+kernel_rw_unlabeled_dirs(fsadm_t)
+kernel_rw_unlabeled_blk_files(fsadm_t)
dev_getattr_all_chr_files(fsadm_t)
# mkreiserfs and other programs need this for UUID
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index c0ed117..04e5d89 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -47,8 +47,8 @@ files_filetrans_pid(hotplug_t,hotplug_var_run_t)
kernel_sigchld(hotplug_t)
kernel_setpgid(hotplug_t)
kernel_read_system_state(hotplug_t)
-kernel_read_kernel_sysctl(hotplug_t)
-kernel_read_net_sysctl(hotplug_t)
+kernel_read_kernel_sysctls(hotplug_t)
+kernel_read_net_sysctls(hotplug_t)
bootloader_read_kernel_modules(hotplug_t)
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 07b7198..230a10b 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -236,8 +236,8 @@ kernel_read_ring_buffer(initrc_t)
kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
-kernel_read_all_sysctl(initrc_t)
-kernel_rw_all_sysctl(initrc_t)
+kernel_read_all_sysctls(initrc_t)
+kernel_rw_all_sysctls(initrc_t)
# for lsof which is used by alsa shutdown:
kernel_dontaudit_getattr_message_if(initrc_t)
@@ -637,7 +637,7 @@ optional_policy(`rhgb',`
optional_policy(`rpm',`
# bash tries to access a block device in the initrd
- kernel_dontaudit_getattr_unlabeled_blk_dev(initrc_t)
+ kernel_dontaudit_getattr_unlabeled_blk_files(initrc_t)
# for a bug in rm
files_dontaudit_write_all_pids(initrc_t)
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index acdcab8..36f4a19 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -71,14 +71,14 @@ allow ipsec_mgmt_t ipsec_t:fd use;
allow ipsec_mgmt_t ipsec_t:fifo_file rw_file_perms;
allow ipsec_mgmt_t ipsec_t:process sigchld;
-kernel_read_kernel_sysctl(ipsec_t)
+kernel_read_kernel_sysctls(ipsec_t)
kernel_list_proc(ipsec_t)
kernel_read_proc_symlinks(ipsec_t)
# allow pluto to access /proc/net/ipsec_eroute;
kernel_read_system_state(ipsec_t)
kernel_read_network_state(ipsec_t)
kernel_read_software_raid_state(ipsec_t)
-kernel_getattr_core(ipsec_t)
+kernel_getattr_core_if(ipsec_t)
kernel_getattr_message_if(ipsec_t)
# Pluto needs network access
@@ -198,13 +198,13 @@ allow ipsec_t ipsec_mgmt_t:fd use;
allow ipsec_t ipsec_mgmt_t:fifo_file rw_file_perms;
allow ipsec_t ipsec_mgmt_t:process sigchld;
-kernel_rw_net_sysctl(ipsec_mgmt_t)
+kernel_rw_net_sysctls(ipsec_mgmt_t)
# allow pluto to access /proc/net/ipsec_eroute;
kernel_read_system_state(ipsec_mgmt_t)
kernel_read_network_state(ipsec_mgmt_t)
kernel_read_software_raid_state(ipsec_mgmt_t)
-kernel_read_kernel_sysctl(ipsec_mgmt_t)
-kernel_getattr_core(ipsec_mgmt_t)
+kernel_read_kernel_sysctls(ipsec_mgmt_t)
+kernel_getattr_core_if(ipsec_mgmt_t)
kernel_getattr_message_if(ipsec_mgmt_t)
bootloader_read_kernel_symbol_table(ipsec_mgmt_t)
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index c2fd556..9f8860f 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -39,8 +39,8 @@ allow iptables_t self:rawip_socket create_socket_perms;
kernel_read_system_state(iptables_t)
kernel_read_network_state(iptables_t)
-kernel_read_kernel_sysctl(iptables_t)
-kernel_read_modprobe_sysctl(iptables_t)
+kernel_read_kernel_sysctls(iptables_t)
+kernel_read_modprobe_sysctls(iptables_t)
kernel_use_fd(iptables_t)
dev_read_sysfs(iptables_t)
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index 1b53bc8..ab4111a 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -59,7 +59,7 @@ allow local_login_t local_login_tmp_t:file create_file_perms;
files_filetrans_tmp(local_login_t, local_login_tmp_t, { file dir })
kernel_read_system_state(local_login_t)
-kernel_read_kernel_sysctl(local_login_t)
+kernel_read_kernel_sysctls(local_login_t)
dev_setattr_mouse_dev(local_login_t)
dev_getattr_mouse_dev(local_login_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 6c6795f..27b922e 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -72,7 +72,7 @@ allow auditctl_t etc_t:file { getattr read };
allow auditctl_t auditd_etc_t:file r_file_perms;
-kernel_read_kernel_sysctl(auditctl_t)
+kernel_read_kernel_sysctls(auditctl_t)
kernel_read_proc_symlinks(auditctl_t)
domain_read_all_domains_state(auditctl_t)
@@ -131,7 +131,7 @@ allow auditd_t auditd_var_run_t:file create_file_perms;
allow auditd_t auditd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(auditd_t,auditd_var_run_t)
-kernel_read_kernel_sysctl(auditd_t)
+kernel_read_kernel_sysctls(auditd_t)
kernel_list_proc(auditd_t)
kernel_read_proc_symlinks(auditd_t)
@@ -205,7 +205,7 @@ files_filetrans_pid(klogd_t,klogd_var_run_t)
kernel_read_system_state(klogd_t)
kernel_read_messages(klogd_t)
-kernel_read_kernel_sysctl(klogd_t)
+kernel_read_kernel_sysctls(klogd_t)
# Control syslog and console logging
kernel_clear_ring_buffer(klogd_t)
kernel_change_ring_buffer_level(klogd_t)
@@ -294,7 +294,7 @@ allow syslogd_t syslogd_var_run_t:file create_file_perms;
allow syslogd_t syslogd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(syslogd_t,syslogd_var_run_t)
-kernel_read_kernel_sysctl(syslogd_t)
+kernel_read_kernel_sysctls(syslogd_t)
kernel_read_proc_symlinks(syslogd_t)
# Allow access to /proc/kmsg for syslog-ng
kernel_read_messages(syslogd_t)
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index b72beaf..47dcf51 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -53,7 +53,7 @@ allow clvmd_t clvmd_var_run_t:file create_file_perms;
allow clvmd_t clvmd_var_run_t:dir rw_dir_perms;
files_filetrans_pid(clvmd_t,clvmd_var_run_t)
-kernel_read_kernel_sysctl(clvmd_t)
+kernel_read_kernel_sysctls(clvmd_t)
kernel_list_proc(clvmd_t)
kernel_read_proc_symlinks(clvmd_t)
@@ -163,11 +163,11 @@ type_transition lvm_t lvm_etc_t:file lvm_metadata_t;
files_filetrans_etc(lvm_t,lvm_metadata_t,file)
kernel_read_system_state(lvm_t)
-kernel_read_kernel_sysctl(lvm_t)
+kernel_read_kernel_sysctls(lvm_t)
# Read system variables in /proc/sys
-kernel_read_kernel_sysctl(lvm_t)
+kernel_read_kernel_sysctls(lvm_t)
# it has no reason to need this
-kernel_dontaudit_getattr_core(lvm_t)
+kernel_dontaudit_getattr_core_if(lvm_t)
selinux_get_fs_mount(lvm_t)
selinux_validate_context(lvm_t)
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index deb0179..fd42f00 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -62,9 +62,9 @@ kernel_read_system_state(insmod_t)
kernel_mount_debugfs(insmod_t)
kernel_read_debugfs(insmod_t)
# Rules for /proc/sys/kernel/tainted
-kernel_read_kernel_sysctl(insmod_t)
+kernel_read_kernel_sysctls(insmod_t)
kernel_rw_kernel_sysctl(insmod_t)
-kernel_read_hotplug_sysctl(insmod_t)
+kernel_read_hotplug_sysctls(insmod_t)
bootloader_read_kernel_modules(insmod_t)
# for locking: (cjp: ????)
@@ -242,7 +242,7 @@ allow update_modules_t update_modules_tmp_t:dir create_dir_perms;
allow update_modules_t update_modules_tmp_t:file create_file_perms;
files_filetrans_tmp(update_modules_t, update_modules_tmp_t, { file dir })
-kernel_read_kernel_sysctl(update_modules_t)
+kernel_read_kernel_sysctls(update_modules_t)
kernel_read_system_state(update_modules_t)
dev_read_urand(update_modules_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index d9299a7..41c2805 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -49,7 +49,7 @@ allow cardmgr_t cardmgr_var_run_t:file create_file_perms;
files_filetrans_pid(cardmgr_t,cardmgr_var_run_t)
kernel_read_system_state(cardmgr_t)
-kernel_read_kernel_sysctl(cardmgr_t)
+kernel_read_kernel_sysctls(cardmgr_t)
kernel_dontaudit_getattr_message_if(cardmgr_t)
bootloader_search_kernel_modules(cardmgr_t)
diff --git a/refpolicy/policy/modules/system/raid.te b/refpolicy/policy/modules/system/raid.te
index cd1841c..f700da6 100644
--- a/refpolicy/policy/modules/system/raid.te
+++ b/refpolicy/policy/modules/system/raid.te
@@ -27,7 +27,7 @@ allow mdadm_t mdadm_var_run_t:file create_file_perms;
files_filetrans_pid(mdadm_t,mdadm_var_run_t)
kernel_read_system_state(mdadm_t)
-kernel_read_kernel_sysctl(mdadm_t)
+kernel_read_kernel_sysctls(mdadm_t)
kernel_rw_software_raid_state(mdadm_t)
dev_read_sysfs(mdadm_t)
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 56af088..5854cbc 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -225,7 +225,7 @@ allow newrole_t { selinux_config_t default_context_t }:file r_file_perms;
allow newrole_t { selinux_config_t default_context_t }:lnk_file r_file_perms;
kernel_read_system_state(newrole_t)
-kernel_read_kernel_sysctl(newrole_t)
+kernel_read_kernel_sysctls(newrole_t)
dev_read_urand(newrole_t)
@@ -319,7 +319,7 @@ allow restorecon_t { policy_src_t policy_config_t file_context_t selinux_config_
allow restorecon_t { policy_src_t policy_config_t file_context_t selinux_config_t default_context_t }:lnk_file r_file_perms;
kernel_use_fd(restorecon_t)
-kernel_rw_pipe(restorecon_t)
+kernel_rw_pipes(restorecon_t)
kernel_read_system_state(restorecon_t)
# cjp: why is this needed?
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 38bf6bb..6dde0b3 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -88,7 +88,7 @@ allow ifconfig_t dhcpc_t:process sigchld;
kernel_read_system_state(dhcpc_t)
kernel_read_network_state(dhcpc_t)
-kernel_read_kernel_sysctl(dhcpc_t)
+kernel_read_kernel_sysctls(dhcpc_t)
kernel_use_fd(dhcpc_t)
corenet_tcp_sendrecv_all_if(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index da2d3d8..9cd4157 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -73,15 +73,15 @@ allow udev_t udev_var_run_t:dir rw_dir_perms;
files_filetrans_pid(udev_t,udev_var_run_t)
kernel_read_system_state(udev_t)
-kernel_getattr_core(udev_t)
+kernel_getattr_core_if(udev_t)
kernel_use_fd(udev_t)
-kernel_read_device_sysctl(udev_t)
-kernel_read_hotplug_sysctl(udev_t)
-kernel_read_modprobe_sysctl(udev_t)
-kernel_read_kernel_sysctl(udev_t)
-kernel_rw_hotplug_sysctl(udev_t)
-kernel_rw_unix_dgram_socket(udev_t)
-kernel_sendto_unix_dgram_socket(udev_t)
+kernel_read_device_sysctls(udev_t)
+kernel_read_hotplug_sysctls(udev_t)
+kernel_read_modprobe_sysctls(udev_t)
+kernel_read_kernel_sysctls(udev_t)
+kernel_rw_hotplug_sysctls(udev_t)
+kernel_rw_unix_dgram_sockets(udev_t)
+kernel_sendto_unix_dgram_sockets(udev_t)
kernel_signal(udev_t)
dev_rw_sysfs(udev_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index b04ca52..469fdac 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -142,18 +142,18 @@ template(`base_user_template',`
allow $1_t unpriv_userdomain:fd use;
- kernel_read_kernel_sysctl($1_t)
+ kernel_read_kernel_sysctls($1_t)
kernel_dontaudit_list_unlabeled($1_t)
- kernel_dontaudit_getattr_unlabeled_file($1_t)
+ kernel_dontaudit_getattr_unlabeled_files($1_t)
kernel_dontaudit_getattr_unlabeled_symlinks($1_t)
kernel_dontaudit_getattr_unlabeled_pipes($1_t)
kernel_dontaudit_getattr_unlabeled_sockets($1_t)
- kernel_dontaudit_getattr_unlabeled_blk_dev($1_t)
- kernel_dontaudit_getattr_unlabeled_chr_dev($1_t)
+ kernel_dontaudit_getattr_unlabeled_blk_files($1_t)
+ kernel_dontaudit_getattr_unlabeled_chr_files($1_t)
# Very permissive allowing every domain to see every type:
kernel_get_sysvipc_info($1_t)
# Find CDROM devices:
- kernel_read_device_sysctl($1_t)
+ kernel_read_device_sysctls($1_t)
dev_rw_power_management($1_t)
# GNOME checks for usb and other devices:
@@ -818,13 +818,13 @@ template(`admin_user_template',`
kernel_read_system_state($1_t)
kernel_read_network_state($1_t)
kernel_read_software_raid_state($1_t)
- kernel_getattr_core($1_t)
+ kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
kernel_change_ring_buffer_level($1_t)
kernel_clear_ring_buffer($1_t)
kernel_read_ring_buffer($1_t)
kernel_get_sysvipc_info($1_t)
- kernel_rw_all_sysctl($1_t)
+ kernel_rw_all_sysctls($1_t)
# signal unlabeled processes:
kernel_kill_unlabeled($1_t)
kernel_signal_unlabeled($1_t)
More information about the scm-commits
mailing list