Access to get attributes of target accountsd_t domain is included with ps_process_pattern.

Permission to get attributes of target arpwatch_t domain is included with ps_process_pattern. Access to get attributes of target asterisk_t domain is included with ps_process_pattern. Permission to get attributes of target automount_t domain is included with ps_process_pattern. Access to get attributes of target ntpd_t domain is included with ps_process_pattern. Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 10:23:24 +02:00 · 2010-09-15 10:23:24 +02:00 · dcbbeeada3
commit dcbbeeada3
parent b6d0a79f2c
5 changed files with 5 additions and 5 deletions
--- a/policy/modules/services/accountsd.if
+++ b/policy/modules/services/accountsd.if
@ -138,7 +138,7 @@ interface(`accountsd_admin',`
 		type accountsd_t;
 	')

-	allow $1 accountsd_t:process { ptrace signal_perms getattr };
+	allow $1 accountsd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, accountsd_t)

 	accountsd_manage_lib_files($1)
--- a/policy/modules/services/arpwatch.if
+++ b/policy/modules/services/arpwatch.if
@ -137,7 +137,7 @@ interface(`arpwatch_admin',`
 		type arpwatch_initrc_exec_t;
 	')

-	allow $1 arpwatch_t:process { ptrace signal_perms getattr };
+	allow $1 arpwatch_t:process { ptrace signal_perms };
 	ps_process_pattern($1, arpwatch_t)

 	arpwatch_initrc_domtrans($1)
--- a/policy/modules/services/asterisk.if
+++ b/policy/modules/services/asterisk.if
@ -64,7 +64,7 @@ interface(`asterisk_admin',`
 		type asterisk_initrc_exec_t;
 	')

-	allow $1 asterisk_t:process { ptrace signal_perms getattr };
+	allow $1 asterisk_t:process { ptrace signal_perms };
 	ps_process_pattern($1, asterisk_t)

 	init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
--- a/policy/modules/services/automount.if
+++ b/policy/modules/services/automount.if
@ -150,7 +150,7 @@ interface(`automount_admin',`
 		type automount_var_run_t, automount_initrc_exec_t;
 	')

-	allow $1 automount_t:process { ptrace signal_perms getattr };
+	allow $1 automount_t:process { ptrace signal_perms };
 	ps_process_pattern($1, automount_t)

 	init_labeled_script_domtrans($1, automount_initrc_exec_t)
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@ -144,7 +144,7 @@ interface(`ntp_admin',`
 		type ntpd_initrc_exec_t;
 	')

-	allow $1 ntpd_t:process { ptrace signal_perms getattr };
+	allow $1 ntpd_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ntpd_t)

 	init_labeled_script_domtrans($1, ntpd_initrc_exec_t)