rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

hold off on improving

Browse Source
This commit is contained in:
Chris PeBenito 2005-04-19 13:46:06 +00:00
parent 1ea98d0407
commit 7f89c7efc6
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
refpolicy/policy/modules/kernel/kernel.te
View File

@ -11,7 +11,7 @@ terminal_use_console(kernel_t)
domain_signal_all_domains(kernel_t) domain_signal_all_domains(kernel_t)
# Use capabilities. need to investigate which capabilities are actually used # Use capabilities. need to investigate which capabilities are actually used
#allow kernel_t self:capability *; allow kernel_t self:capability *;
# Mount root file system. Used when loading a policy # Mount root file system. Used when loading a policy
# from initrd, then mounting the root filesystem # from initrd, then mounting the root filesystem

3
refpolicy/policy/modules/system/init.te
View File

@ -79,14 +79,13 @@ authlogin_modify_login_records(init_t)
logging_modify_system_logs(init_t) logging_modify_system_logs(init_t)
# Use capabilities. old rule: # Use capabilities. old rule:
#allow init_t self:capability ~sys_module; allow init_t self:capability ~sys_module;
# is ~sys_module really needed? observed: # is ~sys_module really needed? observed:
# sys_boot # sys_boot
# sys_tty_config # sys_tty_config
# kill: now provided by domain_kill_all_domains() # kill: now provided by domain_kill_all_domains()
# setuid (from /sbin/shutdown) # setuid (from /sbin/shutdown)
# sys_chroot (from /usr/bin/chroot): now provided by corecommands_chroot() # sys_chroot (from /usr/bin/chroot): now provided by corecommands_chroot()
allow init_t self:capability { sys_boot sys_tty_config setuid };
# Modify utmp. # Modify utmp.
allow init_t initrc_var_run_t:file { getattr read write setattr }; allow init_t initrc_var_run_t:file { getattr read write setattr };