From 91d6c921603ba58c2f082dd97e05754cdf2c2e81 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 14 Mar 2008 14:55:34 +0000 Subject: [PATCH] trunk: a pair of tweaks from gentoo systems. --- policy/modules/kernel/selinux.te | 3 ++- policy/modules/system/getty.te | 12 ++---------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te index 6daba32e..e9cf9d46 100644 --- a/policy/modules/kernel/selinux.te +++ b/policy/modules/kernel/selinux.te @@ -1,5 +1,5 @@ -policy_module(selinux,1.5.0) +policy_module(selinux,1.5.1) ######################################## # @@ -21,6 +21,7 @@ fs_type(security_t) mls_trusted_object(security_t) sid security gen_context(system_u:object_r:security_t,mls_systemhigh) genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0) +genfscon securityfs / gen_context(system_u:object_r:security_t,s0) neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy; neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce; diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te index 395d0d6c..a43f4a71 100644 --- a/policy/modules/system/getty.te +++ b/policy/modules/system/getty.te @@ -1,5 +1,5 @@ -policy_module(getty,1.5.1) +policy_module(getty,1.5.2) ######################################## # @@ -103,15 +103,7 @@ miscfiles_read_localization(getty_t) ifdef(`distro_gentoo',` # Gentoo default /etc/issue makes agetty # do a DNS lookup for the hostname - dontaudit getty_t self:udp_socket create_socket_perms; - - corenet_dontaudit_all_recvfrom_unlabeled(getty_t) - corenet_dontaudit_udp_sendrecv_generic_if(getty_t) - corenet_dontaudit_udp_sendrecv_all_nodes(getty_t) - corenet_dontaudit_udp_sendrecv_dns_port(getty_t) - corenet_dontaudit_sendrecv_dns_client_packets(getty_t) - - sysnet_dontaudit_read_config(getty_t) + sysnet_dns_name_resolve(getty_t) ') ifdef(`distro_redhat',`