diff --git a/policy/modules/contrib b/policy/modules/contrib index f22b859da..23c5c7894 160000 --- a/policy/modules/contrib +++ b/policy/modules/contrib @@ -1 +1 @@ -Subproject commit f22b859da477bf59374ea572449d023fc007e957 +Subproject commit 23c5c78943224a02037fa2789205183c2ff2939a diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index dd0cd5d79..c3b3690d3 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -118,6 +118,9 @@ files_dontaudit_search_var(chkpwd_t) fs_dontaudit_getattr_xattr_fs(chkpwd_t) +selinux_get_enforce_mode(chkpwd_t) +selinux_getattr_fs(chkpwd_t) + term_dontaudit_use_console(chkpwd_t) term_dontaudit_use_unallocated_ttys(chkpwd_t) term_dontaudit_use_generic_ptys(chkpwd_t) diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index a9f4a541f..b1cdb1210 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -33,6 +33,7 @@ role system_r types sulogin_t; # allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config }; +dontaudit local_login_t self:capability net_admin; allow local_login_t self:process { setexec setrlimit setsched }; allow local_login_t self:fd use; allow local_login_t self:fifo_file rw_fifo_file_perms;