rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

cleanup

Browse Source
This commit is contained in:
Chris PeBenito 2005-05-24 22:22:26 +00:00
parent 3b3bf871a7
commit cbeef67c1c
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
refpolicy/policy/modules/system/init.te
View File

@ -75,6 +75,7 @@ files_create_daemon_runtime_data(init_t,init_var_run_t)
allow init_t initrc_t:process transition; allow init_t initrc_t:process transition;
allow init_t initrc_exec_t:file { getattr read execute }; allow init_t initrc_exec_t:file { getattr read execute };
type_transition init_t initrc_exec_t:process initrc_t; type_transition init_t initrc_exec_t:process initrc_t;
dontaudit init_t initrc_t:process { noatsecure siginh rlimitinh };
allow init_t self:fifo_file { read write ioctl }; allow init_t self:fifo_file { read write ioctl };
@ -93,28 +94,31 @@ kernel_share_state(init_t)
terminal_use_all_terminals(init_t) terminal_use_all_terminals(init_t)
corecommands_chroot(init_t)
corecommands_execute_general_programs(init_t)
corecommands_execute_system_programs(init_t)
domain_signal_all_domains(init_t) domain_signal_all_domains(init_t)
domain_kill_all_domains(init_t) domain_kill_all_domains(init_t)
files_modify_system_runtime_data(init_t) files_modify_system_runtime_data(init_t)
# file descriptors inherited from the rootfs:
# file descriptors inherited from the rootfs.
files_ignore_modify_rootfs_file(init_t) files_ignore_modify_rootfs_file(init_t)
files_ignore_modify_rootfs_device(init_t) files_ignore_modify_rootfs_device(init_t)
libraries_use_dynamic_loader(init_t) libraries_use_dynamic_loader(init_t)
libraries_use_shared_libraries(init_t) libraries_use_shared_libraries(init_t)
corecommands_chroot(init_t)
corecommands_execute_general_programs(init_t)
corecommands_execute_system_programs(init_t)
logging_send_system_log_message(init_t) logging_send_system_log_message(init_t)
selinux_read_config(init_t) selinux_read_config(init_t)
miscfiles_read_localization(init_t) miscfiles_read_localization(init_t)
tunable_policy(`distro_redhat',`
filesystem_use_tmpfs_character_devices(init_t)
')
######################################## ########################################
# #
# the following seem questionable # the following seem questionable

5
refpolicy/policy/modules/system/udev.te
View File

@ -12,9 +12,9 @@ type udev_exec_t;
type udev_helper_exec_t; type udev_helper_exec_t;
kernel_make_userland_entrypoint(udev_t,udev_exec_t) kernel_make_userland_entrypoint(udev_t,udev_exec_t)
kernel_make_object_identity_change_constraint_exception(udev_t) kernel_make_object_identity_change_constraint_exception(udev_t)
init_make_daemon_domain(udev_t,udev_exec_t)
domain_make_entrypoint_file(udev_t,udev_helper_exec_t) domain_make_entrypoint_file(udev_t,udev_helper_exec_t)
domain_make_file_descriptors_widely_inheritable(udev_t) domain_make_file_descriptors_widely_inheritable(udev_t)
init_make_daemon_domain(udev_t,udev_exec_t)
type udev_etc_t alias etc_udev_t; type udev_etc_t alias etc_udev_t;
files_make_file(udev_etc_t) files_make_file(udev_etc_t)
@ -99,6 +99,9 @@ selinux_restorecon_transition(udev_t)
modutils_insmod_transition(udev_t) modutils_insmod_transition(udev_t)
libraries_use_dynamic_loader(udev_t)
libraries_use_shared_libraries(udev_t)
logging_send_system_log_message(udev_t) logging_send_system_log_message(udev_t)
sysnetwork_ifconfig_transition(udev_t) sysnetwork_ifconfig_transition(udev_t)