Su patch from Dan Walsh.

dontaudit leaked sockets
This commit is contained in:
Chris PeBenito 2010-06-18 14:32:17 -04:00
parent b9be5cccf1
commit f7e3410aed
2 changed files with 11 additions and 1 deletions

View File

@ -118,6 +118,11 @@ template(`su_restricted_domain_template', `
userdom_spec_domtrans_unpriv_users($1_su_t) userdom_spec_domtrans_unpriv_users($1_su_t)
') ')
ifdef(`hide_broken_symptoms',`
# dontaudit leaked sockets from parent
dontaudit $1_su_t $2:socket_class_set { read write };
')
optional_policy(` optional_policy(`
cron_read_pipes($1_su_t) cron_read_pipes($1_su_t)
') ')
@ -276,6 +281,11 @@ template(`su_role_template',`
') ')
') ')
ifdef(`hide_broken_symptoms',`
# dontaudit leaked sockets from parent
dontaudit $1_su_t $3:socket_class_set { read write };
')
tunable_policy(`allow_polyinstantiation',` tunable_policy(`allow_polyinstantiation',`
fs_mount_xattr_fs($1_su_t) fs_mount_xattr_fs($1_su_t)
fs_unmount_xattr_fs($1_su_t) fs_unmount_xattr_fs($1_su_t)

View File

@ -1,4 +1,4 @@
policy_module(su, 1.10.0) policy_module(su, 1.10.1)
######################################## ########################################
# #