Consoletype patch from Dan Walsh.
I am sick of every app in the known universe leaking socket descriptors. Dontaudit by default consoletype is handed a write for hal log on resume from hibernate.
This commit is contained in:
parent
88a574d373
commit
0e30bca6d9
@ -19,6 +19,10 @@ interface(`consoletype_domtrans',`
|
|||||||
|
|
||||||
corecmd_search_bin($1)
|
corecmd_search_bin($1)
|
||||||
domtrans_pattern($1, consoletype_exec_t, consoletype_t)
|
domtrans_pattern($1, consoletype_exec_t, consoletype_t)
|
||||||
|
|
||||||
|
ifdef(`hide_broken_symptoms', `
|
||||||
|
dontaudit consoletype_t $1:socket_class_set { read write };
|
||||||
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(consoletype, 1.9.0)
|
policy_module(consoletype, 1.9.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -84,6 +84,7 @@ optional_policy(`
|
|||||||
hal_dontaudit_use_fds(consoletype_t)
|
hal_dontaudit_use_fds(consoletype_t)
|
||||||
hal_dontaudit_rw_pipes(consoletype_t)
|
hal_dontaudit_rw_pipes(consoletype_t)
|
||||||
hal_dontaudit_rw_dgram_sockets(consoletype_t)
|
hal_dontaudit_rw_dgram_sockets(consoletype_t)
|
||||||
|
hal_dontaudit_write_log(consoletype_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
Loading…
Reference in New Issue
Block a user