trunk: a pair of tweaks from gentoo systems.

This commit is contained in:
Chris PeBenito 2008-03-14 14:55:34 +00:00
parent 47333d8246
commit 91d6c92160
2 changed files with 4 additions and 11 deletions

View File

@ -1,5 +1,5 @@
policy_module(selinux,1.5.0) policy_module(selinux,1.5.1)
######################################## ########################################
# #
@ -21,6 +21,7 @@ fs_type(security_t)
mls_trusted_object(security_t) mls_trusted_object(security_t)
sid security gen_context(system_u:object_r:security_t,mls_systemhigh) sid security gen_context(system_u:object_r:security_t,mls_systemhigh)
genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0) genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
genfscon securityfs / gen_context(system_u:object_r:security_t,s0)
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy; neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce; neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;

View File

@ -1,5 +1,5 @@
policy_module(getty,1.5.1) policy_module(getty,1.5.2)
######################################## ########################################
# #
@ -103,15 +103,7 @@ miscfiles_read_localization(getty_t)
ifdef(`distro_gentoo',` ifdef(`distro_gentoo',`
# Gentoo default /etc/issue makes agetty # Gentoo default /etc/issue makes agetty
# do a DNS lookup for the hostname # do a DNS lookup for the hostname
dontaudit getty_t self:udp_socket create_socket_perms; sysnet_dns_name_resolve(getty_t)
corenet_dontaudit_all_recvfrom_unlabeled(getty_t)
corenet_dontaudit_udp_sendrecv_generic_if(getty_t)
corenet_dontaudit_udp_sendrecv_all_nodes(getty_t)
corenet_dontaudit_udp_sendrecv_dns_port(getty_t)
corenet_dontaudit_sendrecv_dns_client_packets(getty_t)
sysnet_dontaudit_read_config(getty_t)
') ')
ifdef(`distro_redhat',` ifdef(`distro_redhat',`