more broken symptoms

This commit is contained in:
Chris PeBenito 2005-11-11 22:21:32 +00:00
parent af86646bfe
commit 15c235f75c
4 changed files with 27 additions and 13 deletions

View File

@ -322,14 +322,14 @@ seutil_domtrans_restorecon(rpm_script_t)
userdom_use_all_user_fd(rpm_script_t) userdom_use_all_user_fd(rpm_script_t)
ifdef(`distro_redhat',` ifdef(`targeted_policy',`
unconfined_domain_template(rpm_script_t)
',`
ifdef(`distro_redhat',`
optional_policy(`mta.te',` optional_policy(`mta.te',`
mta_send_mail(rpm_script_t) mta_send_mail(rpm_script_t)
') ')
') ')
ifdef(`targeted_policy',`
unconfined_domain_template(rpm_script_t)
') ')
tunable_policy(`allow_execmem',` tunable_policy(`allow_execmem',`

View File

@ -130,8 +130,6 @@ miscfiles_read_localization(crond_t)
userdom_use_unpriv_users_fd(crond_t) userdom_use_unpriv_users_fd(crond_t)
mta_send_mail(crond_t)
ifdef(`distro_redhat', ` ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files # Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out. # via redirection of standard out.
@ -164,6 +162,8 @@ ifdef(`targeted_policy',`
allow crond_t crond_tmp_t:dir create_dir_perms; allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms; allow crond_t crond_tmp_t:file create_file_perms;
files_create_tmp_files(crond_t, crond_tmp_t, { file dir }) files_create_tmp_files(crond_t, crond_tmp_t, { file dir })
mta_send_mail(crond_t)
') ')
tunable_policy(`fcron_crond', ` tunable_policy(`fcron_crond', `

View File

@ -105,6 +105,15 @@ sysnet_dns_name_resolve(system_mail_t)
userdom_use_sysadm_terms(system_mail_t) userdom_use_sysadm_terms(system_mail_t)
ifdef(`hide_broken_symptoms',`
# Red Hat systems seem to have a stray
# fds open from the initrd
ifdef(`distro_redhat',`
kernel_dontaudit_use_fd(system_mail_t)
storage_dontaudit_read_fixed_disk(system_mail_t)
')
')
ifdef(`targeted_policy',` ifdef(`targeted_policy',`
typealias system_mail_t alias sysadm_mail_t; typealias system_mail_t alias sysadm_mail_t;

View File

@ -32,12 +32,17 @@ interface(`init_domain',`
allow $1 init_t:fifo_file rw_file_perms; allow $1 init_t:fifo_file rw_file_perms;
allow $1 init_t:process sigchld; allow $1 init_t:process sigchld;
# Red Hat systems seem to have stray
# fds open from the initrd
ifdef(`hide_broken_symptoms',`
# Red Hat systems seem to have a stray # Red Hat systems seem to have a stray
# fd open from the initrd # fds open from the initrd
optional_policy(`distro_redhat',` ifdef(`distro_redhat',`
kernel_dontaudit_use_fd($1) kernel_dontaudit_use_fd($1)
storage_dontaudit_read_fixed_disk($1)
files_dontaudit_read_root_file($1) files_dontaudit_read_root_file($1)
') ')
')
') ')
######################################## ########################################