nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix ordering of interface calls in init.

This commit is contained in:
Chris PeBenito 2009-08-05 10:01:06 -04:00
parent 14d282253f
commit 464ffa57fd
1 changed files with 38 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
policy/modules/system/init.te
View File

@ -252,6 +252,8 @@ kernel_dontaudit_getattr_message_if(initrc_t)
files_read_kernel_symbol_table(initrc_t)
corecmd_exec_all_executables(initrc_t)
corenet_all_recvfrom_unlabeled(initrc_t)
corenet_all_recvfrom_netlabel(initrc_t)
corenet_tcp_sendrecv_all_if(initrc_t)
@ -281,45 +283,6 @@ dev_manage_generic_files(initrc_t)
# Wants to remove udev.tbl:
dev_delete_generic_symlinks(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
fs_write_ramfs_pipes(initrc_t)
# cjp: not sure why these are here; should use mount policy
fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
# initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t)
mcs_killall(initrc_t)
mcs_process_set_categories(initrc_t)
mls_file_read_all_levels(initrc_t)
mls_file_write_all_levels(initrc_t)
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
selinux_get_enforce_mode(initrc_t)
storage_getattr_fixed_disk_dev(initrc_t)
storage_setattr_fixed_disk_dev(initrc_t)
storage_setattr_removable_dev(initrc_t)
term_use_all_terms(initrc_t)
term_reset_tty_labels(initrc_t)
auth_rw_login_records(initrc_t)
auth_setattr_login_records(initrc_t)
auth_rw_lastlog(initrc_t)
auth_read_pam_pid(initrc_t)
auth_delete_pam_pid(initrc_t)
auth_delete_pam_console_data(initrc_t)
corecmd_exec_all_executables(initrc_t)
domain_kill_all_domains(initrc_t)
domain_signal_all_domains(initrc_t)
domain_signull_all_domains(initrc_t)
@ -362,6 +325,42 @@ files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
fs_write_ramfs_pipes(initrc_t)
# cjp: not sure why these are here; should use mount policy
fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
# initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t)
mcs_killall(initrc_t)
mcs_process_set_categories(initrc_t)
mls_file_read_all_levels(initrc_t)
mls_file_write_all_levels(initrc_t)
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
selinux_get_enforce_mode(initrc_t)
storage_getattr_fixed_disk_dev(initrc_t)
storage_setattr_fixed_disk_dev(initrc_t)
storage_setattr_removable_dev(initrc_t)
term_use_all_terms(initrc_t)
term_reset_tty_labels(initrc_t)
auth_rw_login_records(initrc_t)
auth_setattr_login_records(initrc_t)
auth_rw_lastlog(initrc_t)
auth_read_pam_pid(initrc_t)
auth_delete_pam_pid(initrc_t)
auth_delete_pam_console_data(initrc_t)
auth_use_nsswitch(initrc_t)
libs_rw_ld_so_cache(initrc_t)