cleanup

2005-05-24 22:22:26 +00:00 · 2005-05-24 22:22:26 +00:00 · cbeef67c1c
parent 3b3bf871a7
commit cbeef67c1c
2 changed files with 14 additions and 7 deletions
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@ -75,6 +75,7 @@ files_create_daemon_runtime_data(init_t,init_var_run_t)
 allow init_t initrc_t:process transition;
 allow init_t initrc_exec_t:file { getattr read execute };
 type_transition init_t initrc_exec_t:process initrc_t;
+dontaudit init_t initrc_t:process { noatsecure siginh rlimitinh };

 allow init_t self:fifo_file { read write ioctl };

@ -93,28 +94,31 @@ kernel_share_state(init_t)

 terminal_use_all_terminals(init_t)

+corecommands_chroot(init_t)
+corecommands_execute_general_programs(init_t)
+corecommands_execute_system_programs(init_t)
+
 domain_signal_all_domains(init_t)
 domain_kill_all_domains(init_t)

 files_modify_system_runtime_data(init_t)
-
-# file descriptors inherited from the rootfs.
+# file descriptors inherited from the rootfs:
 files_ignore_modify_rootfs_file(init_t)
 files_ignore_modify_rootfs_device(init_t)

 libraries_use_dynamic_loader(init_t)
 libraries_use_shared_libraries(init_t)

-corecommands_chroot(init_t)
-corecommands_execute_general_programs(init_t)
-corecommands_execute_system_programs(init_t)
-
 logging_send_system_log_message(init_t)

 selinux_read_config(init_t)

 miscfiles_read_localization(init_t)

+tunable_policy(`distro_redhat',`
+filesystem_use_tmpfs_character_devices(init_t)
+')
+
 ########################################
 #
 # the following seem questionable
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@ -12,9 +12,9 @@ type udev_exec_t;
 type udev_helper_exec_t;
 kernel_make_userland_entrypoint(udev_t,udev_exec_t)
 kernel_make_object_identity_change_constraint_exception(udev_t)
-init_make_daemon_domain(udev_t,udev_exec_t)
 domain_make_entrypoint_file(udev_t,udev_helper_exec_t)
 domain_make_file_descriptors_widely_inheritable(udev_t)
+init_make_daemon_domain(udev_t,udev_exec_t)

 type udev_etc_t alias etc_udev_t;
 files_make_file(udev_etc_t)
@ -99,6 +99,9 @@ selinux_restorecon_transition(udev_t)

 modutils_insmod_transition(udev_t)

+libraries_use_dynamic_loader(udev_t)
+libraries_use_shared_libraries(udev_t)
+
 logging_send_system_log_message(udev_t)

 sysnetwork_ifconfig_transition(udev_t)