From 819518c27304d52b66403a30023359ebbc43ebc3 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Thu, 16 Sep 2010 08:40:52 +0200
Subject: [PATCH] The ps_process_pattern includes permission to get attributes
 of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

Signed-off-by: Dominick Grift <domg472@gmail.com>

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.

The ps_process_pattern includes permission to get attributes of target domain.
---
 policy/modules/services/samba.if    | 2 +-
 policy/modules/services/sasl.if     | 2 +-
 policy/modules/services/sendmail.if | 4 ++--
 policy/modules/services/smartmon.if | 2 +-
 policy/modules/services/snmp.if     | 2 +-
 policy/modules/services/sssd.if     | 2 +-
 policy/modules/services/tftp.if     | 2 +-
 policy/modules/services/tor.if      | 2 +-
 policy/modules/services/uucp.if     | 2 +-
 9 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/policy/modules/services/samba.if b/policy/modules/services/samba.if
index 50cc6130..20a1f782 100644
--- a/policy/modules/services/samba.if
+++ b/policy/modules/services/samba.if
@@ -775,7 +775,7 @@ interface(`samba_admin',`
 	allow $1 nmbd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, nmbd_t)
 
-	allow $1 samba_unconfined_script_t:process { ptrace signal_perms getattr };
+	allow $1 samba_unconfined_script_t:process { ptrace signal_perms };
 	read_files_pattern($1, samba_unconfined_script_t, samba_unconfined_script_t)
 
 	samba_run_smbcontrol($1, $2, $3)
diff --git a/policy/modules/services/sasl.if b/policy/modules/services/sasl.if
index f1aea88a..c3ffa9d7 100644
--- a/policy/modules/services/sasl.if
+++ b/policy/modules/services/sasl.if
@@ -42,7 +42,7 @@ interface(`sasl_admin',`
 		type saslauthd_initrc_exec_t;
 	')
 
-	allow $1 saslauthd_t:process { ptrace signal_perms getattr };
+	allow $1 saslauthd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, saslauthd_t)
 
 	init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 4fc41acc..b0c2f3ba 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -334,10 +334,10 @@ interface(`sendmail_admin',`
 		type mail_spool_t;
 	')
 
-	allow $1 sendmail_t:process { ptrace signal_perms getattr };
+	allow $1 sendmail_t:process { ptrace signal_perms };
 	read_files_pattern($1, sendmail_t, sendmail_t)
 
-	allow $1 unconfined_sendmail_t:process { ptrace signal_perms getattr };
+	allow $1 unconfined_sendmail_t:process { ptrace signal_perms };
 	read_files_pattern($1, unconfined_sendmail_t, unconfined_sendmail_t)
 
 	sendmail_initrc_domtrans($1)
diff --git a/policy/modules/services/smartmon.if b/policy/modules/services/smartmon.if
index a35509f7..d5b2d934 100644
--- a/policy/modules/services/smartmon.if
+++ b/policy/modules/services/smartmon.if
@@ -42,7 +42,7 @@ interface(`smartmon_admin',`
 		type fsdaemon_initrc_exec_t;
 	')
 
-	allow $1 fsdaemon_t:process { ptrace signal_perms getattr };
+	allow $1 fsdaemon_t:process { ptrace signal_perms };
 	ps_process_pattern($1, fsdaemon_t)
 
 	init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
index cbe0584b..6aa68d80 100644
--- a/policy/modules/services/snmp.if
+++ b/policy/modules/services/snmp.if
@@ -130,7 +130,7 @@ interface(`snmp_admin',`
 		type snmpd_initrc_exec_t;
 	')
 
-	allow $1 snmpd_t:process { ptrace signal_perms getattr };
+	allow $1 snmpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, snmpd_t)
 
 	init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if
index d33bae08..7e44f26e 100644
--- a/policy/modules/services/sssd.if
+++ b/policy/modules/services/sssd.if
@@ -233,7 +233,7 @@ interface(`sssd_admin',`
 		type sssd_initrc_exec_t;
 	')
 
-	allow $1 sssd_t:process { ptrace signal_perms getattr };
+	allow $1 sssd_t:process { ptrace signal_perms };
 	read_files_pattern($1, sssd_t, sssd_t)
 
 	# Allow sssd_t to restart the apache service
diff --git a/policy/modules/services/tftp.if b/policy/modules/services/tftp.if
index b17d182a..1427b54b 100644
--- a/policy/modules/services/tftp.if
+++ b/policy/modules/services/tftp.if
@@ -105,7 +105,7 @@ interface(`tftp_admin',`
 		type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
 	')
 
-	allow $1 tftpd_t:process { ptrace signal_perms getattr };
+	allow $1 tftpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, tftpd_t)
 
 	files_list_var_lib($1)
diff --git a/policy/modules/services/tor.if b/policy/modules/services/tor.if
index 904f13e1..464347fe 100644
--- a/policy/modules/services/tor.if
+++ b/policy/modules/services/tor.if
@@ -42,7 +42,7 @@ interface(`tor_admin',`
 		type tor_initrc_exec_t;
 	')
 
-	allow $1 tor_t:process { ptrace signal_perms getattr };
+	allow $1 tor_t:process { ptrace signal_perms };
 	ps_process_pattern($1, tor_t)
 
 	init_labeled_script_domtrans($1, tor_initrc_exec_t)
diff --git a/policy/modules/services/uucp.if b/policy/modules/services/uucp.if
index 0e4774c8..a717e2d6 100644
--- a/policy/modules/services/uucp.if
+++ b/policy/modules/services/uucp.if
@@ -99,7 +99,7 @@ interface(`uucp_admin',`
 		type uucpd_var_run_t;
 	')
 
-	allow $1 uucpd_t:process { ptrace signal_perms getattr };
+	allow $1 uucpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, uucpd_t)
 
 	logging_list_logs($1)