add back stray file descriptors dontaudit for rhel4
This commit is contained in:
parent
c55b6f28ee
commit
8fa4943032
@ -32,6 +32,16 @@ interface(`init_domain',`
|
||||
allow init_t $1:fd use;
|
||||
allow $1 init_t:fifo_file rw_file_perms;
|
||||
allow $1 init_t:process sigchld;
|
||||
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
# RHEL4 systems seem to have a stray
|
||||
# fds open from the initrd
|
||||
ifdef(`distro_rhel4',`
|
||||
kernel_dontaudit_use_fd($1)
|
||||
storage_dontaudit_read_fixed_disk($1)
|
||||
files_dontaudit_read_root_file($1)
|
||||
')
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -75,6 +85,16 @@ interface(`init_daemon_domain',`
|
||||
typeattribute $2 direct_init_entry;
|
||||
')
|
||||
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
# RHEL4 systems seem to have a stray
|
||||
# fds open from the initrd
|
||||
ifdef(`distro_rhel4',`
|
||||
kernel_dontaudit_use_fd($1)
|
||||
storage_dontaudit_read_fixed_disk($1)
|
||||
files_dontaudit_read_root_file($1)
|
||||
')
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
# this regex is a hack, since it assumes there is a
|
||||
# _t at the end of the domain type. If there is no _t
|
||||
@ -141,6 +161,16 @@ interface(`init_system_domain',`
|
||||
allow $1 initrc_t:fd use;
|
||||
allow $1 initrc_t:fifo_file rw_file_perms;
|
||||
allow $1 initrc_t:process sigchld;
|
||||
|
||||
ifdef(`hide_broken_symptoms',`
|
||||
# RHEL4 systems seem to have a stray
|
||||
# fds open from the initrd
|
||||
ifdef(`distro_rhel4',`
|
||||
kernel_dontaudit_use_fd($1)
|
||||
storage_dontaudit_read_fixed_disk($1)
|
||||
files_dontaudit_read_root_file($1)
|
||||
')
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
|
Loading…
Reference in New Issue
Block a user