[selinux-policy: 2741/3172] Su patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:03:55 UTC 2010
commit f7e3410aed53fa1d7b0d32921e81acecf28c2af9
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Jun 18 14:32:17 2010 -0400
Su patch from Dan Walsh.
dontaudit leaked sockets
policy/modules/admin/su.if | 10 ++++++++++
policy/modules/admin/su.te | 2 +-
2 files changed, 11 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index cce9b37..a0aa8c5 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -118,6 +118,11 @@ template(`su_restricted_domain_template', `
userdom_spec_domtrans_unpriv_users($1_su_t)
')
+ ifdef(`hide_broken_symptoms',`
+ # dontaudit leaked sockets from parent
+ dontaudit $1_su_t $2:socket_class_set { read write };
+ ')
+
optional_policy(`
cron_read_pipes($1_su_t)
')
@@ -276,6 +281,11 @@ template(`su_role_template',`
')
')
+ ifdef(`hide_broken_symptoms',`
+ # dontaudit leaked sockets from parent
+ dontaudit $1_su_t $3:socket_class_set { read write };
+ ')
+
tunable_policy(`allow_polyinstantiation',`
fs_mount_xattr_fs($1_su_t)
fs_unmount_xattr_fs($1_su_t)
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
index c320580..b62353a 100644
--- a/policy/modules/admin/su.te
+++ b/policy/modules/admin/su.te
@@ -1,4 +1,4 @@
-policy_module(su, 1.10.0)
+policy_module(su, 1.10.1)
########################################
#
More information about the scm-commits
mailing list