[selinux-policy: 1458/3172] add back stray file descriptors dontaudit for rhel4

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:11:24 UTC 2010 

commit 8fa49430327194039d04be0764dcfed5b0dfbb94
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 19 19:52:18 2006 +0000

    add back stray file descriptors dontaudit for rhel4

 refpolicy/policy/modules/system/init.if |   30 ++++++++++++++++++++++++++++++
 1 files changed, 30 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 00e8994..2b54658 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -32,6 +32,16 @@ interface(`init_domain',`
 	allow init_t $1:fd use;
 	allow $1 init_t:fifo_file rw_file_perms;
 	allow $1 init_t:process sigchld;
+
+	ifdef(`hide_broken_symptoms',`
+		# RHEL4 systems seem to have a stray
+		# fds open from the initrd
+		ifdef(`distro_rhel4',`
+			kernel_dontaudit_use_fd($1)
+			storage_dontaudit_read_fixed_disk($1)
+			files_dontaudit_read_root_file($1)
+		')
+	')
 ')
 
 ########################################
@@ -75,6 +85,16 @@ interface(`init_daemon_domain',`
 		typeattribute $2 direct_init_entry;
 	')
 
+	ifdef(`hide_broken_symptoms',`
+		# RHEL4 systems seem to have a stray
+		# fds open from the initrd
+		ifdef(`distro_rhel4',`
+			kernel_dontaudit_use_fd($1)
+			storage_dontaudit_read_fixed_disk($1)
+			files_dontaudit_read_root_file($1)
+		')
+	')
+
 	ifdef(`targeted_policy',`
 		# this regex is a hack, since it assumes there is a
 		# _t at the end of the domain type.  If there is no _t
@@ -141,6 +161,16 @@ interface(`init_system_domain',`
 	allow $1 initrc_t:fd use;
 	allow $1 initrc_t:fifo_file rw_file_perms;
 	allow $1 initrc_t:process sigchld;
+
+	ifdef(`hide_broken_symptoms',`
+		# RHEL4 systems seem to have a stray
+		# fds open from the initrd
+		ifdef(`distro_rhel4',`
+			kernel_dontaudit_use_fd($1)
+			storage_dontaudit_read_fixed_disk($1)
+			files_dontaudit_read_root_file($1)
+		')
+	')
 ')
 
 ########################################

More information about the scm-commits mailing list