From 61e9ec32403634cf4c66c04b5be6d9ac4e2d91eb Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 26 Apr 2017 06:26:50 -0400 Subject: [PATCH] Login take 4 from Russell Coker. I have used optional sections for dbus and xserver as requested and also fixed a minor issue of a rule not being in the correct section. Please merge this. --- policy/modules/contrib | 2 +- policy/modules/system/authlogin.te | 3 +++ policy/modules/system/locallogin.te | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib b/policy/modules/contrib index f22b859da..23c5c7894 160000 --- a/policy/modules/contrib +++ b/policy/modules/contrib @@ -1 +1 @@ -Subproject commit f22b859da477bf59374ea572449d023fc007e957 +Subproject commit 23c5c78943224a02037fa2789205183c2ff2939a diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index dd0cd5d79..c3b3690d3 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -118,6 +118,9 @@ files_dontaudit_search_var(chkpwd_t) fs_dontaudit_getattr_xattr_fs(chkpwd_t) +selinux_get_enforce_mode(chkpwd_t) +selinux_getattr_fs(chkpwd_t) + term_dontaudit_use_console(chkpwd_t) term_dontaudit_use_unallocated_ttys(chkpwd_t) term_dontaudit_use_generic_ptys(chkpwd_t) diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index a9f4a541f..b1cdb1210 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -33,6 +33,7 @@ role system_r types sulogin_t; # allow local_login_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config }; +dontaudit local_login_t self:capability net_admin; allow local_login_t self:process { setexec setrlimit setsched }; allow local_login_t self:fd use; allow local_login_t self:fifo_file rw_fifo_file_perms;