trunk: a pair of tweaks from gentoo systems.

2008-03-14 14:55:34 +00:00 · 2008-03-14 14:55:34 +00:00 · 91d6c92160
commit 91d6c92160
parent 47333d8246
2 changed files with 4 additions and 11 deletions
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@ -1,5 +1,5 @@
-policy_module(selinux,1.5.0)
+policy_module(selinux,1.5.1)
 ########################################
 #
@ -21,6 +21,7 @@ fs_type(security_t)
 mls_trusted_object(security_t)
 sid security gen_context(system_u:object_r:security_t,mls_systemhigh)
 genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
 genfscon securityfs / gen_context(system_u:object_r:security_t,s0)
 neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
 neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@ -1,5 +1,5 @@
-policy_module(getty,1.5.1)
+policy_module(getty,1.5.2)
 ########################################
 #
@ -103,15 +103,7 @@ miscfiles_read_localization(getty_t)
 ifdef(`distro_gentoo',`
 	# Gentoo default /etc/issue makes agetty
 	# do a DNS lookup for the hostname
-	dontaudit getty_t self:udp_socket create_socket_perms;
+	sysnet_dns_name_resolve(getty_t)
 	corenet_dontaudit_all_recvfrom_unlabeled(getty_t)
 	corenet_dontaudit_udp_sendrecv_generic_if(getty_t)
 	corenet_dontaudit_udp_sendrecv_all_nodes(getty_t)
 	corenet_dontaudit_udp_sendrecv_dns_port(getty_t)
 	corenet_dontaudit_sendrecv_dns_client_packets(getty_t)
 	sysnet_dontaudit_read_config(getty_t)
 ')
 ifdef(`distro_redhat',`