[selinux-policy: 2841/3172] Dontaudit socket leaks when running semanage code
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:12:55 UTC 2010
commit 8c8a10fcbe62ac57d9a9c2d8755a777abd7ad249
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 30 11:37:02 2010 -0400
Dontaudit socket leaks when running semanage code
policy/modules/system/selinuxutil.if | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index b0ee958..bbaa8cf 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -85,6 +85,10 @@ interface(`seutil_domtrans_loadpolicy',`
corecmd_search_bin($1)
domtrans_pattern($1, load_policy_exec_t, load_policy_t)
+
+ ifdef(`hide_broken_symptoms', `
+ dontaudit load_policy_t $1:socket_class_set { read write };
+ ')
')
########################################
@@ -537,7 +541,7 @@ interface(`seutil_domtrans_setfiles',`
domtrans_pattern($1, setfiles_exec_t, setfiles_t)
ifdef(`hide_broken_symptoms', `
- dontaudit consoletype_t $1:socket_class_set { read write };
+ dontaudit setfiles_t $1:socket_class_set { read write };
')
')
@@ -1078,6 +1082,10 @@ interface(`seutil_domtrans_semanage',`
files_search_usr($1)
corecmd_search_bin($1)
domtrans_pattern($1, semanage_exec_t, semanage_t)
+
+ ifdef(`hide_broken_symptoms', `
+ dontaudit semanage_t $1:socket_class_set { read write };
+ ')
')
########################################
More information about the scm-commits
mailing list