Consoletype patch from Dan Walsh.

I am sick of every app in the known universe leaking socket descriptors. Dontaudit by default consoletype is handed a write for hal log on resume from hibernate.
2010-06-17 08:23:20 -04:00 · 2010-06-17 08:23:20 -04:00 · 0e30bca6d9
commit 0e30bca6d9
parent 88a574d373
2 changed files with 6 additions and 1 deletions
--- a/policy/modules/admin/consoletype.if
+++ b/policy/modules/admin/consoletype.if
@ -19,6 +19,10 @@ interface(`consoletype_domtrans',`

 	corecmd_search_bin($1)
 	domtrans_pattern($1, consoletype_exec_t, consoletype_t)
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit consoletype_t $1:socket_class_set { read write };
+	')
 ')

 ########################################
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@ -1,4 +1,4 @@
-policy_module(consoletype, 1.9.0)
+policy_module(consoletype, 1.9.1)

 ########################################
 #
@ -84,6 +84,7 @@ optional_policy(`
 	hal_dontaudit_use_fds(consoletype_t)
 	hal_dontaudit_rw_pipes(consoletype_t)
 	hal_dontaudit_rw_dgram_sockets(consoletype_t)
+	hal_dontaudit_write_log(consoletype_t)
 ')

 optional_policy(`