[selinux-policy: 2967/3172] Access to get attributes of target accountsd_t domain is included with ps_process_pattern.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:24:09 UTC 2010
commit dcbbeeada390736c2e3b956012c6559f32bc1113
Author: Dominick Grift <domg472 at gmail.com>
Date: Wed Sep 15 10:23:24 2010 +0200
Access to get attributes of target accountsd_t domain is included with ps_process_pattern.
Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern.
Access to get attributes of target asterisk_t domain is included with ps_process_pattern.
Permission to get attributes of target automount_t domain is included with ps_process_pattern.
Access to get attributes of target ntpd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
policy/modules/services/accountsd.if | 2 +-
policy/modules/services/arpwatch.if | 2 +-
policy/modules/services/asterisk.if | 2 +-
policy/modules/services/automount.if | 2 +-
policy/modules/services/ntp.if | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/policy/modules/services/accountsd.if b/policy/modules/services/accountsd.if
index c0f858d..b46f76f 100644
--- a/policy/modules/services/accountsd.if
+++ b/policy/modules/services/accountsd.if
@@ -138,7 +138,7 @@ interface(`accountsd_admin',`
type accountsd_t;
')
- allow $1 accountsd_t:process { ptrace signal_perms getattr };
+ allow $1 accountsd_t:process { ptrace signal_perms };
ps_process_pattern($1, accountsd_t)
accountsd_manage_lib_files($1)
diff --git a/policy/modules/services/arpwatch.if b/policy/modules/services/arpwatch.if
index c804110..bdefbe1 100644
--- a/policy/modules/services/arpwatch.if
+++ b/policy/modules/services/arpwatch.if
@@ -137,7 +137,7 @@ interface(`arpwatch_admin',`
type arpwatch_initrc_exec_t;
')
- allow $1 arpwatch_t:process { ptrace signal_perms getattr };
+ allow $1 arpwatch_t:process { ptrace signal_perms };
ps_process_pattern($1, arpwatch_t)
arpwatch_initrc_domtrans($1)
diff --git a/policy/modules/services/asterisk.if b/policy/modules/services/asterisk.if
index 8b8143e..c1a2b96 100644
--- a/policy/modules/services/asterisk.if
+++ b/policy/modules/services/asterisk.if
@@ -64,7 +64,7 @@ interface(`asterisk_admin',`
type asterisk_initrc_exec_t;
')
- allow $1 asterisk_t:process { ptrace signal_perms getattr };
+ allow $1 asterisk_t:process { ptrace signal_perms };
ps_process_pattern($1, asterisk_t)
init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
diff --git a/policy/modules/services/automount.if b/policy/modules/services/automount.if
index bba047d..f384848 100644
--- a/policy/modules/services/automount.if
+++ b/policy/modules/services/automount.if
@@ -150,7 +150,7 @@ interface(`automount_admin',`
type automount_var_run_t, automount_initrc_exec_t;
')
- allow $1 automount_t:process { ptrace signal_perms getattr };
+ allow $1 automount_t:process { ptrace signal_perms };
ps_process_pattern($1, automount_t)
init_labeled_script_domtrans($1, automount_initrc_exec_t)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
index e80f8c0..6b240d9 100644
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@@ -144,7 +144,7 @@ interface(`ntp_admin',`
type ntpd_initrc_exec_t;
')
- allow $1 ntpd_t:process { ptrace signal_perms getattr };
+ allow $1 ntpd_t:process { ptrace signal_perms };
ps_process_pattern($1, ntpd_t)
init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
More information about the scm-commits
mailing list