[selinux-policy: 1458/3172] add back stray file descriptors dontaudit for rhel4
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:11:24 UTC 2010
commit 8fa49430327194039d04be0764dcfed5b0dfbb94
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri May 19 19:52:18 2006 +0000
add back stray file descriptors dontaudit for rhel4
refpolicy/policy/modules/system/init.if | 30 ++++++++++++++++++++++++++++++
1 files changed, 30 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 00e8994..2b54658 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -32,6 +32,16 @@ interface(`init_domain',`
allow init_t $1:fd use;
allow $1 init_t:fifo_file rw_file_perms;
allow $1 init_t:process sigchld;
+
+ ifdef(`hide_broken_symptoms',`
+ # RHEL4 systems seem to have a stray
+ # fds open from the initrd
+ ifdef(`distro_rhel4',`
+ kernel_dontaudit_use_fd($1)
+ storage_dontaudit_read_fixed_disk($1)
+ files_dontaudit_read_root_file($1)
+ ')
+ ')
')
########################################
@@ -75,6 +85,16 @@ interface(`init_daemon_domain',`
typeattribute $2 direct_init_entry;
')
+ ifdef(`hide_broken_symptoms',`
+ # RHEL4 systems seem to have a stray
+ # fds open from the initrd
+ ifdef(`distro_rhel4',`
+ kernel_dontaudit_use_fd($1)
+ storage_dontaudit_read_fixed_disk($1)
+ files_dontaudit_read_root_file($1)
+ ')
+ ')
+
ifdef(`targeted_policy',`
# this regex is a hack, since it assumes there is a
# _t at the end of the domain type. If there is no _t
@@ -141,6 +161,16 @@ interface(`init_system_domain',`
allow $1 initrc_t:fd use;
allow $1 initrc_t:fifo_file rw_file_perms;
allow $1 initrc_t:process sigchld;
+
+ ifdef(`hide_broken_symptoms',`
+ # RHEL4 systems seem to have a stray
+ # fds open from the initrd
+ ifdef(`distro_rhel4',`
+ kernel_dontaudit_use_fd($1)
+ storage_dontaudit_read_fixed_disk($1)
+ files_dontaudit_read_root_file($1)
+ ')
+ ')
')
########################################
More information about the scm-commits
mailing list