add back stray file descriptors dontaudit for rhel4

This commit is contained in:
Chris PeBenito 2006-05-19 19:52:18 +00:00
parent c55b6f28ee
commit 8fa4943032

View File

@ -32,6 +32,16 @@ interface(`init_domain',`
allow init_t $1:fd use;
allow $1 init_t:fifo_file rw_file_perms;
allow $1 init_t:process sigchld;
ifdef(`hide_broken_symptoms',`
# RHEL4 systems seem to have a stray
# fds open from the initrd
ifdef(`distro_rhel4',`
kernel_dontaudit_use_fd($1)
storage_dontaudit_read_fixed_disk($1)
files_dontaudit_read_root_file($1)
')
')
')
########################################
@ -75,6 +85,16 @@ interface(`init_daemon_domain',`
typeattribute $2 direct_init_entry;
')
ifdef(`hide_broken_symptoms',`
# RHEL4 systems seem to have a stray
# fds open from the initrd
ifdef(`distro_rhel4',`
kernel_dontaudit_use_fd($1)
storage_dontaudit_read_fixed_disk($1)
files_dontaudit_read_root_file($1)
')
')
ifdef(`targeted_policy',`
# this regex is a hack, since it assumes there is a
# _t at the end of the domain type. If there is no _t
@ -141,6 +161,16 @@ interface(`init_system_domain',`
allow $1 initrc_t:fd use;
allow $1 initrc_t:fifo_file rw_file_perms;
allow $1 initrc_t:process sigchld;
ifdef(`hide_broken_symptoms',`
# RHEL4 systems seem to have a stray
# fds open from the initrd
ifdef(`distro_rhel4',`
kernel_dontaudit_use_fd($1)
storage_dontaudit_read_fixed_disk($1)
files_dontaudit_read_root_file($1)
')
')
')
########################################