[selinux-policy: 2734/3172] Consoletype patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:03:17 UTC 2010
commit 0e30bca6d9843f02791848ec8ccd724116fd2928
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 17 08:23:20 2010 -0400
Consoletype patch from Dan Walsh.
I am sick of every app in the known universe leaking socket descriptors.
Dontaudit by default
consoletype is handed a write for hal log on resume from hibernate.
policy/modules/admin/consoletype.if | 4 ++++
policy/modules/admin/consoletype.te | 3 ++-
2 files changed, 6 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/admin/consoletype.if b/policy/modules/admin/consoletype.if
index bd8c9c9..52d7a7e 100644
--- a/policy/modules/admin/consoletype.if
+++ b/policy/modules/admin/consoletype.if
@@ -19,6 +19,10 @@ interface(`consoletype_domtrans',`
corecmd_search_bin($1)
domtrans_pattern($1, consoletype_exec_t, consoletype_t)
+
+ ifdef(`hide_broken_symptoms', `
+ dontaudit consoletype_t $1:socket_class_set { read write };
+ ')
')
########################################
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index ae53368..2b12a37 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -1,4 +1,4 @@
-policy_module(consoletype, 1.9.0)
+policy_module(consoletype, 1.9.1)
########################################
#
@@ -84,6 +84,7 @@ optional_policy(`
hal_dontaudit_use_fds(consoletype_t)
hal_dontaudit_rw_pipes(consoletype_t)
hal_dontaudit_rw_dgram_sockets(consoletype_t)
+ hal_dontaudit_write_log(consoletype_t)
')
optional_policy(`
More information about the scm-commits
mailing list