Call proper interfaces - usermodehelper
This commit is contained in:
parent
912db9180b
commit
eeca65cd12
@ -24107,7 +24107,7 @@ index 6bf0ecc..115c533 100644
|
|||||||
+ dontaudit $1 xserver_log_t:dir search_dir_perms;
|
+ dontaudit $1 xserver_log_t:dir search_dir_perms;
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
|
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
|
||||||
index 8b40377..d57efee 100644
|
index 8b40377..ea6dc13 100644
|
||||||
--- a/policy/modules/services/xserver.te
|
--- a/policy/modules/services/xserver.te
|
||||||
+++ b/policy/modules/services/xserver.te
|
+++ b/policy/modules/services/xserver.te
|
||||||
@@ -26,28 +26,59 @@ gen_require(`
|
@@ -26,28 +26,59 @@ gen_require(`
|
||||||
@ -25151,7 +25151,7 @@ index 8b40377..d57efee 100644
|
|||||||
kernel_read_system_state(xserver_t)
|
kernel_read_system_state(xserver_t)
|
||||||
kernel_read_device_sysctls(xserver_t)
|
kernel_read_device_sysctls(xserver_t)
|
||||||
-kernel_read_modprobe_sysctls(xserver_t)
|
-kernel_read_modprobe_sysctls(xserver_t)
|
||||||
+kernel_read_usermodhelper(xserver_t)
|
+kernel_read_usermodehelper(xserver_t)
|
||||||
# Xorg wants to check if kernel is tainted
|
# Xorg wants to check if kernel is tainted
|
||||||
kernel_read_kernel_sysctls(xserver_t)
|
kernel_read_kernel_sysctls(xserver_t)
|
||||||
kernel_write_proc_files(xserver_t)
|
kernel_write_proc_files(xserver_t)
|
||||||
@ -31071,7 +31071,7 @@ index c42fbc3..174cfdb 100644
|
|||||||
## <summary>
|
## <summary>
|
||||||
## Set the attributes of iptables config files.
|
## Set the attributes of iptables config files.
|
||||||
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
|
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
|
||||||
index be8ed1e..271dc71 100644
|
index be8ed1e..50b3d56 100644
|
||||||
--- a/policy/modules/system/iptables.te
|
--- a/policy/modules/system/iptables.te
|
||||||
+++ b/policy/modules/system/iptables.te
|
+++ b/policy/modules/system/iptables.te
|
||||||
@@ -16,15 +16,15 @@ role iptables_roles types iptables_t;
|
@@ -16,15 +16,15 @@ role iptables_roles types iptables_t;
|
||||||
@ -31114,7 +31114,7 @@ index be8ed1e..271dc71 100644
|
|||||||
kernel_read_network_state(iptables_t)
|
kernel_read_network_state(iptables_t)
|
||||||
kernel_read_kernel_sysctls(iptables_t)
|
kernel_read_kernel_sysctls(iptables_t)
|
||||||
-kernel_read_modprobe_sysctls(iptables_t)
|
-kernel_read_modprobe_sysctls(iptables_t)
|
||||||
+kernel_read_usermodhelper(iptables_t)
|
+kernel_read_usermodehelper(iptables_t)
|
||||||
kernel_use_fds(iptables_t)
|
kernel_use_fds(iptables_t)
|
||||||
|
|
||||||
# needed by ipvsadm
|
# needed by ipvsadm
|
||||||
@ -39927,7 +39927,7 @@ index 9a1650d..d7e8a01 100644
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
|
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
|
||||||
index 39f185f..e17ab92 100644
|
index 39f185f..5aa688d 100644
|
||||||
--- a/policy/modules/system/udev.te
|
--- a/policy/modules/system/udev.te
|
||||||
+++ b/policy/modules/system/udev.te
|
+++ b/policy/modules/system/udev.te
|
||||||
@@ -17,16 +17,17 @@ init_daemon_domain(udev_t, udev_exec_t)
|
@@ -17,16 +17,17 @@ init_daemon_domain(udev_t, udev_exec_t)
|
||||||
@ -40008,7 +40008,7 @@ index 39f185f..e17ab92 100644
|
|||||||
+kernel_read_fs_sysctls(udev_t)
|
+kernel_read_fs_sysctls(udev_t)
|
||||||
kernel_read_kernel_sysctls(udev_t)
|
kernel_read_kernel_sysctls(udev_t)
|
||||||
-kernel_rw_hotplug_sysctls(udev_t)
|
-kernel_rw_hotplug_sysctls(udev_t)
|
||||||
+kernel_rw_usermodhelper(udev_t)
|
+kernel_rw_usermodehelper(udev_t)
|
||||||
kernel_rw_unix_dgram_sockets(udev_t)
|
kernel_rw_unix_dgram_sockets(udev_t)
|
||||||
kernel_dgram_send(udev_t)
|
kernel_dgram_send(udev_t)
|
||||||
-kernel_signal(udev_t)
|
-kernel_signal(udev_t)
|
||||||
|
@ -10965,7 +10965,7 @@ index a731122..5279d4e 100644
|
|||||||
')
|
')
|
||||||
+
|
+
|
||||||
diff --git a/cfengine.te b/cfengine.te
|
diff --git a/cfengine.te b/cfengine.te
|
||||||
index fbe3ad9..7cb4f72 100644
|
index fbe3ad9..5fe3fdb 100644
|
||||||
--- a/cfengine.te
|
--- a/cfengine.te
|
||||||
+++ b/cfengine.te
|
+++ b/cfengine.te
|
||||||
@@ -41,18 +41,13 @@ create_files_pattern(cfengine_domain, cfengine_log_t, cfengine_log_t)
|
@@ -41,18 +41,13 @@ create_files_pattern(cfengine_domain, cfengine_log_t, cfengine_log_t)
|
||||||
@ -10993,7 +10993,7 @@ index fbe3ad9..7cb4f72 100644
|
|||||||
#
|
#
|
||||||
|
|
||||||
-kernel_read_hotplug_sysctls(cfengine_monitord_t)
|
-kernel_read_hotplug_sysctls(cfengine_monitord_t)
|
||||||
+kernel_read_usermodhelper(cfengine_monitord_t)
|
+kernel_read_usermodehelper(cfengine_monitord_t)
|
||||||
kernel_read_network_state(cfengine_monitord_t)
|
kernel_read_network_state(cfengine_monitord_t)
|
||||||
|
|
||||||
domain_read_all_domains_state(cfengine_monitord_t)
|
domain_read_all_domains_state(cfengine_monitord_t)
|
||||||
@ -36544,7 +36544,7 @@ index 5297064..6ba8108 100644
|
|||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
role_transition $2 kudzu_initrc_exec_t system_r;
|
role_transition $2 kudzu_initrc_exec_t system_r;
|
||||||
diff --git a/kudzu.te b/kudzu.te
|
diff --git a/kudzu.te b/kudzu.te
|
||||||
index 1664036..b67a112 100644
|
index 1664036..b7b07a3 100644
|
||||||
--- a/kudzu.te
|
--- a/kudzu.te
|
||||||
+++ b/kudzu.te
|
+++ b/kudzu.te
|
||||||
@@ -47,7 +47,7 @@ kernel_read_device_sysctls(kudzu_t)
|
@@ -47,7 +47,7 @@ kernel_read_device_sysctls(kudzu_t)
|
||||||
@ -36552,7 +36552,7 @@ index 1664036..b67a112 100644
|
|||||||
kernel_read_network_state(kudzu_t)
|
kernel_read_network_state(kudzu_t)
|
||||||
kernel_read_system_state(kudzu_t)
|
kernel_read_system_state(kudzu_t)
|
||||||
-kernel_rw_hotplug_sysctls(kudzu_t)
|
-kernel_rw_hotplug_sysctls(kudzu_t)
|
||||||
+kernel_rw_usermodhelper(kudzu_t)
|
+kernel_rw_usermodehelper(kudzu_t)
|
||||||
kernel_rw_kernel_sysctl(kudzu_t)
|
kernel_rw_kernel_sysctl(kudzu_t)
|
||||||
|
|
||||||
corecmd_exec_all_executables(kudzu_t)
|
corecmd_exec_all_executables(kudzu_t)
|
||||||
@ -48722,7 +48722,7 @@ index db9578f..4309e3d 100644
|
|||||||
')
|
')
|
||||||
+
|
+
|
||||||
diff --git a/ncftool.te b/ncftool.te
|
diff --git a/ncftool.te b/ncftool.te
|
||||||
index 71f30ba..4976452 100644
|
index 71f30ba..d177ab5 100644
|
||||||
--- a/ncftool.te
|
--- a/ncftool.te
|
||||||
+++ b/ncftool.te
|
+++ b/ncftool.te
|
||||||
@@ -22,13 +22,14 @@ role ncftool_roles types ncftool_t;
|
@@ -22,13 +22,14 @@ role ncftool_roles types ncftool_t;
|
||||||
@ -48737,7 +48737,7 @@ index 71f30ba..4976452 100644
|
|||||||
|
|
||||||
kernel_read_kernel_sysctls(ncftool_t)
|
kernel_read_kernel_sysctls(ncftool_t)
|
||||||
-kernel_read_modprobe_sysctls(ncftool_t)
|
-kernel_read_modprobe_sysctls(ncftool_t)
|
||||||
+kernel_read_usermodhelper(ncftool_t)
|
+kernel_read_usermodehelper(ncftool_t)
|
||||||
kernel_read_network_state(ncftool_t)
|
kernel_read_network_state(ncftool_t)
|
||||||
kernel_read_system_state(ncftool_t)
|
kernel_read_system_state(ncftool_t)
|
||||||
kernel_request_load_module(ncftool_t)
|
kernel_request_load_module(ncftool_t)
|
||||||
@ -93935,7 +93935,7 @@ index e29db63..061fb98 100644
|
|||||||
domain_system_change_exemption($1)
|
domain_system_change_exemption($1)
|
||||||
role_transition $2 tuned_initrc_exec_t system_r;
|
role_transition $2 tuned_initrc_exec_t system_r;
|
||||||
diff --git a/tuned.te b/tuned.te
|
diff --git a/tuned.te b/tuned.te
|
||||||
index 393a330..6ce4613 100644
|
index 393a330..f30d191 100644
|
||||||
--- a/tuned.te
|
--- a/tuned.te
|
||||||
+++ b/tuned.te
|
+++ b/tuned.te
|
||||||
@@ -21,6 +21,9 @@ files_config_file(tuned_rw_etc_t)
|
@@ -21,6 +21,9 @@ files_config_file(tuned_rw_etc_t)
|
||||||
@ -93993,7 +93993,7 @@ index 393a330..6ce4613 100644
|
|||||||
kernel_request_load_module(tuned_t)
|
kernel_request_load_module(tuned_t)
|
||||||
kernel_rw_kernel_sysctl(tuned_t)
|
kernel_rw_kernel_sysctl(tuned_t)
|
||||||
-kernel_rw_hotplug_sysctls(tuned_t)
|
-kernel_rw_hotplug_sysctls(tuned_t)
|
||||||
+kernel_rw_usermodhelper(tuned_t)
|
+kernel_rw_usermodehelper(tuned_t)
|
||||||
kernel_rw_vm_sysctls(tuned_t)
|
kernel_rw_vm_sysctls(tuned_t)
|
||||||
+kernel_setsched(tuned_t)
|
+kernel_setsched(tuned_t)
|
||||||
+kernel_rw_all_sysctls(tuned_t)
|
+kernel_rw_all_sysctls(tuned_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user