diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if index 0235de050..2179d7f80 100644 --- a/refpolicy/policy/modules/kernel/selinux.if +++ b/refpolicy/policy/modules/kernel/selinux.if @@ -187,6 +187,7 @@ interface(`selinux_load_policy',` interface(`selinux_set_boolean',` gen_require(` type security_t; + bool secure_mode_policyload; ') allow $1 security_t:dir search; diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if index 559a2e603..e7b62b68b 100644 --- a/refpolicy/policy/modules/services/nis.if +++ b/refpolicy/policy/modules/services/nis.if @@ -202,7 +202,7 @@ interface(`nis_tcp_connect_ypbind',` allow $1 ypbind_t:tcp_socket { connectto recvfrom }; allow ypbind_t $1:tcp_socket { acceptfrom recvfrom }; - allow $1 kernel_t:tcp_socket recvfrom; + kernel_tcp_recvfrom($1) ') ########################################