RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add missing transition dontaudits

This commit is contained in:
Chris PeBenito 2005-04-25 21:07:59 +00:00
parent 549180e874
commit b303042477
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
refpolicy/policy/modules/system/domain.if
View File

@ -120,11 +120,12 @@ define(`domain_all_init_domains_transition',`
requires_block_template(domain_all_init_domains_transition_depend,$3) requires_block_template(domain_all_init_domains_transition_depend,$3)
allow $1 init_domain:process transition; allow $1 init_domain:process transition;
allow $1 init_domain_entry:file { getattr read execute }; allow $1 init_domain_entry:file { getattr read execute };
dontaudit $1 daemon_domain:process { noatsecure siginh rlimitinh };
') ')
define(`domain_all_init_domains_transition_depend',` define(`domain_all_init_domains_transition_depend',`
attribute init_domain, init_domain_entry; attribute init_domain, init_domain_entry;
class process transition; class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute }; class file { getattr read execute };
') ')
@ -136,11 +137,13 @@ define(`domain_all_daemon_domains_transition',`
requires_block_template(domain_all_daemon_domains_transition_depend,$3) requires_block_template(domain_all_daemon_domains_transition_depend,$3)
allow $1 daemon_domain:process transition; allow $1 daemon_domain:process transition;
allow $1 daemon_domain_entry:file { getattr read execute }; allow $1 daemon_domain_entry:file { getattr read execute };
allow init_domain $1:fd use;
dontaudit $1 daemon_domain:process { noatsecure siginh rlimitinh };
') ')
define(`domain_all_daemon_domains_transition_depend',` define(`domain_all_daemon_domains_transition_depend',`
attribute daemon_domain, daemon_domain_entry; attribute daemon_domain, daemon_domain_entry;
class process transition; class process { transition noatsecure siginh rlimitinh };
class file { getattr read execute }; class file { getattr read execute };
') ')