su: wants to read inits script keyring.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This commit is contained in:
parent
a576078738
commit
b21846594d
|
@ -85,6 +85,7 @@ template(`su_restricted_domain_template', `
|
|||
init_dontaudit_use_script_ptys($1_su_t)
|
||||
# Write to utmp.
|
||||
init_rw_utmp($1_su_t)
|
||||
init_search_script_key($1_su_t)
|
||||
|
||||
logging_send_syslog_msg($1_su_t)
|
||||
|
||||
|
|
|
@ -1174,6 +1174,24 @@ interface(`init_dontaudit_use_script_fds',`
|
|||
dontaudit $1 initrc_t:fd use;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search init script keys.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`init_search_script_key',`
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
')
|
||||
|
||||
allow $1 initrc_t:key search;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Get the process group ID of init scripts.
|
||||
|
|
Loading…
Reference in New Issue