From 5b2db4fcb1caa5d7e89f1a04af01d7b82404692a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 29 Dec 2017 21:28:47 +0100
Subject: [PATCH] hostname: cmdline usage + signal perms sort

---
 policy/modules/system/hostname.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index 4e85d041f..1a5a3581f 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -17,7 +17,7 @@ role system_r types hostname_t;
 
 # sys_admin : for setting the hostname
 allow hostname_t self:capability sys_admin;
-allow hostname_t self:process { sigchld sigkill sigstop signull signal };
+allow hostname_t self:process { sigchld sigkill signal signull sigstop };
 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
 dontaudit hostname_t self:capability sys_tty_config;
 
@@ -56,6 +56,8 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
 sysnet_read_config(hostname_t)
 sysnet_dns_name_resolve(hostname_t)
 
+userdom_use_inherited_user_terminals(hostname_t)
+
 optional_policy(`
 	nis_use_ypbind(hostname_t)
 ')