diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te index 6daba32e0..e9cf9d460 100644 --- a/policy/modules/kernel/selinux.te +++ b/policy/modules/kernel/selinux.te @@ -1,5 +1,5 @@ -policy_module(selinux,1.5.0) +policy_module(selinux,1.5.1) ######################################## # @@ -21,6 +21,7 @@ fs_type(security_t) mls_trusted_object(security_t) sid security gen_context(system_u:object_r:security_t,mls_systemhigh) genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0) +genfscon securityfs / gen_context(system_u:object_r:security_t,s0) neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy; neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce; diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te index 395d0d6c6..a43f4a71e 100644 --- a/policy/modules/system/getty.te +++ b/policy/modules/system/getty.te @@ -1,5 +1,5 @@ -policy_module(getty,1.5.1) +policy_module(getty,1.5.2) ######################################## # @@ -103,15 +103,7 @@ miscfiles_read_localization(getty_t) ifdef(`distro_gentoo',` # Gentoo default /etc/issue makes agetty # do a DNS lookup for the hostname - dontaudit getty_t self:udp_socket create_socket_perms; - - corenet_dontaudit_all_recvfrom_unlabeled(getty_t) - corenet_dontaudit_udp_sendrecv_generic_if(getty_t) - corenet_dontaudit_udp_sendrecv_all_nodes(getty_t) - corenet_dontaudit_udp_sendrecv_dns_port(getty_t) - corenet_dontaudit_sendrecv_dns_client_packets(getty_t) - - sysnet_dontaudit_read_config(getty_t) + sysnet_dns_name_resolve(getty_t) ') ifdef(`distro_redhat',`