From a5f5eba459b7b1ea7a7b0ec51cb309e88c819039 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mar 20 2007 18:47:18 +0000 Subject: Add dontaudits for init fds and console to init_daemon_domain(). --- diff --git a/Changelog b/Changelog index a4d4a8b..d2b14e6 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Add dontaudits for init fds and console to init_daemon_domain(). - Patch to allow gpg to create user keys dir. - Patch to support kvmfs from Dan Walsh. - Patch for misc fixes in sudo from Dan Walsh. diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te index ef89f9b..219112e 100644 --- a/policy/modules/services/amavis.te +++ b/policy/modules/services/amavis.te @@ -1,5 +1,5 @@ -policy_module(amavis,1.1.0) +policy_module(amavis,1.1.1) ######################################## # @@ -127,8 +127,6 @@ files_read_usr_files(amavis_t) auth_dontaudit_read_shadow(amavis_t) -init_use_fds(amavis_t) -init_use_script_ptys(amavis_t) init_stream_connect_script(amavis_t) libs_use_ld_so(amavis_t) diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te index ea5384f..abfc256 100644 --- a/policy/modules/services/apache.te +++ b/policy/modules/services/apache.te @@ -1,5 +1,5 @@ -policy_module(apache,1.5.3) +policy_module(apache,1.5.4) # # NOTES: @@ -234,8 +234,6 @@ dev_rw_crypto(httpd_t) fs_getattr_all_fs(httpd_t) fs_search_auto_mountpoints(httpd_t) -term_dontaudit_use_console(httpd_t) - auth_use_nsswitch(httpd_t) # execute perl @@ -260,9 +258,6 @@ files_read_var_lib_symlinks(httpd_t) fs_search_auto_mountpoints(httpd_sys_script_t) -init_use_fds(httpd_t) -init_use_script_ptys(httpd_t) - libs_use_ld_so(httpd_t) libs_use_shared_libs(httpd_t) libs_read_lib_files(httpd_t) diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te index be4f1f0..47555db 100644 --- a/policy/modules/services/apm.te +++ b/policy/modules/services/apm.te @@ -1,5 +1,5 @@ -policy_module(apm,1.3.2) +policy_module(apm,1.3.3) ######################################## # @@ -104,8 +104,6 @@ fs_dontaudit_getattr_all_sockets(apmd_t); # Excessive? selinux_search_fs(apmd_t) -term_dontaudit_use_console(apmd_t) - corecmd_exec_all_executables(apmd_t) domain_read_all_domains_state(apmd_t) @@ -123,8 +121,6 @@ files_dontaudit_getattr_all_pipes(apmd_t) # Excessive? files_dontaudit_getattr_all_sockets(apmd_t) # Excessive? init_domtrans_script(apmd_t) -init_use_fds(apmd_t) -init_use_script_ptys(apmd_t) init_rw_utmp(apmd_t) init_telinit(apmd_t) diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te index 51ef5be..892edc9 100644 --- a/policy/modules/services/arpwatch.te +++ b/policy/modules/services/arpwatch.te @@ -1,5 +1,5 @@ -policy_module(arpwatch,1.2.0) +policy_module(arpwatch,1.2.1) ######################################## # @@ -63,8 +63,6 @@ dev_read_sysfs(arpwatch_t) fs_getattr_all_fs(arpwatch_t) fs_search_auto_mountpoints(arpwatch_t) -term_dontaudit_use_console(arpwatch_t) - corecmd_read_sbin_symlinks(arpwatch_t) domain_use_interactive_fds(arpwatch_t) @@ -73,9 +71,6 @@ files_read_etc_files(arpwatch_t) files_read_usr_files(arpwatch_t) files_search_var_lib(arpwatch_t) -init_use_fds(arpwatch_t) -init_use_script_ptys(arpwatch_t) - libs_use_ld_so(arpwatch_t) libs_use_shared_libs(arpwatch_t) diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te index 80eecdd..04200a5 100644 --- a/policy/modules/services/asterisk.te +++ b/policy/modules/services/asterisk.te @@ -1,5 +1,5 @@ -policy_module(asterisk,1.1.0) +policy_module(asterisk,1.1.1) ######################################## # @@ -114,11 +114,6 @@ files_read_usr_files(asterisk_t) fs_getattr_all_fs(asterisk_t) fs_search_auto_mountpoints(asterisk_t) -term_dontaudit_use_console(asterisk_t) - -init_use_fds(asterisk_t) -init_use_script_ptys(asterisk_t) - libs_use_ld_so(asterisk_t) libs_use_shared_libs(asterisk_t) diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te index 3d071f5..08e62a3 100644 --- a/policy/modules/services/audioentropy.te +++ b/policy/modules/services/audioentropy.te @@ -1,5 +1,5 @@ -policy_module(audio_entropy,1.0.0) +policy_module(audio_entropy,1.0.1) ######################################## # @@ -37,13 +37,8 @@ dev_read_sound(entropyd_t) fs_getattr_all_fs(entropyd_t) fs_search_auto_mountpoints(entropyd_t) -term_dontaudit_use_console(entropyd_t) - domain_use_interactive_fds(entropyd_t) -init_use_fds(entropyd_t) -init_use_script_ptys(entropyd_t) - libs_use_ld_so(entropyd_t) libs_use_shared_libs(entropyd_t) diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te index ec2f092..dc1b5d3 100644 --- a/policy/modules/services/automount.te +++ b/policy/modules/services/automount.te @@ -1,5 +1,5 @@ -policy_module(automount,1.4.1) +policy_module(automount,1.4.2) ######################################## # @@ -125,12 +125,8 @@ fs_unmount_autofs(automount_t) fs_mount_autofs(automount_t) fs_manage_autofs_symlinks(automount_t) -term_dontaudit_use_console(automount_t) term_dontaudit_getattr_pty_dirs(automount_t) -init_use_fds(automount_t) -init_use_script_ptys(automount_t) - libs_use_ld_so(automount_t) libs_use_shared_libs(automount_t) diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te index 9381d25..355512e 100644 --- a/policy/modules/services/avahi.te +++ b/policy/modules/services/avahi.te @@ -1,5 +1,5 @@ -policy_module(avahi,1.4.0) +policy_module(avahi,1.4.1) ######################################## # @@ -58,16 +58,12 @@ dev_read_urand(avahi_t) fs_getattr_all_fs(avahi_t) fs_search_auto_mountpoints(avahi_t) -term_dontaudit_use_console(avahi_t) - domain_use_interactive_fds(avahi_t) files_read_etc_files(avahi_t) files_read_etc_runtime_files(avahi_t) files_read_usr_files(avahi_t) -init_use_fds(avahi_t) -init_use_script_ptys(avahi_t) init_signal_script(avahi_t) init_signull_script(avahi_t) diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te index 25ba531..d710098 100644 --- a/policy/modules/services/bind.te +++ b/policy/modules/services/bind.te @@ -1,5 +1,5 @@ -policy_module(bind,1.3.0) +policy_module(bind,1.3.1) ######################################## # @@ -117,8 +117,6 @@ dev_read_rand(named_t) fs_getattr_all_fs(named_t) fs_search_auto_mountpoints(named_t) -term_dontaudit_use_console(named_t) - corecmd_search_sbin(named_t) dev_read_urand(named_t) @@ -128,9 +126,6 @@ domain_use_interactive_fds(named_t) files_read_etc_files(named_t) files_read_etc_runtime_files(named_t) -init_use_fds(named_t) -init_use_script_ptys(named_t) - libs_use_ld_so(named_t) libs_use_shared_libs(named_t) diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te index 18c13c9..3cf0d98 100644 --- a/policy/modules/services/bluetooth.te +++ b/policy/modules/services/bluetooth.te @@ -1,5 +1,5 @@ -policy_module(bluetooth,1.4.1) +policy_module(bluetooth,1.4.2) ######################################## # @@ -100,7 +100,6 @@ fs_getattr_all_fs(bluetooth_t) fs_search_auto_mountpoints(bluetooth_t) fs_search_inotifyfs(bluetooth_t) -term_dontaudit_use_console(bluetooth_t) #Handle bluetooth serial devices term_use_unallocated_ttys(bluetooth_t) @@ -114,9 +113,6 @@ files_read_etc_files(bluetooth_t) files_read_etc_runtime_files(bluetooth_t) files_read_usr_files(bluetooth_t) -init_use_fds(bluetooth_t) -init_use_script_ptys(bluetooth_t) - libs_use_ld_so(bluetooth_t) libs_use_shared_libs(bluetooth_t) diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te index cc40946..fe7a8aa 100644 --- a/policy/modules/services/canna.te +++ b/policy/modules/services/canna.te @@ -1,5 +1,5 @@ -policy_module(canna,1.3.0) +policy_module(canna,1.3.1) ######################################## # @@ -59,8 +59,6 @@ dev_read_sysfs(canna_t) fs_getattr_all_fs(canna_t) fs_search_auto_mountpoints(canna_t) -term_dontaudit_use_console(canna_t) - domain_use_interactive_fds(canna_t) files_read_etc_files(canna_t) @@ -69,9 +67,6 @@ files_read_usr_files(canna_t) files_search_tmp(canna_t) files_dontaudit_read_root_files(canna_t) -init_use_fds(canna_t) -init_use_script_ptys(canna_t) - libs_use_ld_so(canna_t) libs_use_shared_libs(canna_t) diff --git a/policy/modules/services/ccs.te b/policy/modules/services/ccs.te index 0ec4424..0bc9fb4 100644 --- a/policy/modules/services/ccs.te +++ b/policy/modules/services/ccs.te @@ -1,5 +1,5 @@ -policy_module(ccs,1.0.2) +policy_module(ccs,1.0.3) ######################################## # @@ -85,7 +85,6 @@ dev_read_urand(ccs_t) files_read_etc_files(ccs_t) files_read_etc_runtime_files(ccs_t) -init_dontaudit_use_fds(ccs_t) init_rw_script_tmp_files(ccs_t) libs_use_ld_so(ccs_t) diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te index 0dd7abd..3212495 100644 --- a/policy/modules/services/cipe.te +++ b/policy/modules/services/cipe.te @@ -1,5 +1,5 @@ -policy_module(cipe,1.1.0) +policy_module(cipe,1.1.1) ######################################## # @@ -52,11 +52,6 @@ files_dontaudit_search_var(ciped_t) fs_search_auto_mountpoints(ciped_t) -term_dontaudit_use_console(ciped_t) - -init_use_fds(ciped_t) -init_use_script_ptys(ciped_t) - libs_use_ld_so(ciped_t) libs_use_shared_libs(ciped_t) diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te index 7241f79..a4e6c93 100644 --- a/policy/modules/services/clamav.te +++ b/policy/modules/services/clamav.te @@ -1,5 +1,5 @@ -policy_module(clamav,1.2.0) +policy_module(clamav,1.2.1) ######################################## # @@ -104,9 +104,6 @@ files_read_etc_files(clamd_t) files_read_etc_runtime_files(clamd_t) files_search_spool(clamd_t) -init_use_fds(clamd_t) -init_use_script_ptys(clamd_t) - libs_use_ld_so(clamd_t) libs_use_shared_libs(clamd_t) @@ -178,9 +175,6 @@ domain_use_interactive_fds(freshclam_t) files_read_etc_files(freshclam_t) files_read_etc_runtime_files(freshclam_t) -init_use_fds(freshclam_t) -init_use_script_ptys(freshclam_t) - libs_use_ld_so(freshclam_t) libs_use_shared_libs(freshclam_t) diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te index 61e6f51..055c9a7 100644 --- a/policy/modules/services/consolekit.te +++ b/policy/modules/services/consolekit.te @@ -1,5 +1,5 @@ -policy_module(consolekit,1.0.0) +policy_module(consolekit,1.0.1) ######################################## # @@ -28,8 +28,6 @@ domain_use_interactive_fds(consolekit_t) files_read_etc_files(consolekit_t) -init_use_script_ptys(consolekit_t) - libs_use_ld_so(consolekit_t) libs_use_shared_libs(consolekit_t) diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if index 7735e91..84f3402 100644 --- a/policy/modules/services/courier.if +++ b/policy/modules/services/courier.if @@ -67,11 +67,6 @@ template(`courier_domain_template',` fs_getattr_xattr_fs(courier_$1_t) fs_search_auto_mountpoints(courier_$1_t) - term_dontaudit_use_console(courier_$1_t) - - init_use_fds(courier_$1_t) - init_use_script_ptys(courier_$1_t) - libs_use_ld_so(courier_$1_t) libs_use_shared_libs(courier_$1_t) diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te index 0292cf0..6a8d8dc 100644 --- a/policy/modules/services/courier.te +++ b/policy/modules/services/courier.te @@ -1,5 +1,5 @@ -policy_module(courier,1.1.0) +policy_module(courier,1.1.1) ######################################## # diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index f9a2d48..38e8983 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -1,5 +1,5 @@ -policy_module(cron,1.5.0) +policy_module(cron,1.5.1) gen_require(` class passwd rootok; @@ -113,8 +113,6 @@ dev_read_urand(crond_t) fs_getattr_all_fs(crond_t) fs_search_auto_mountpoints(crond_t) -term_dontaudit_use_console(crond_t) - # need auth_chkpwd to check for locked accounts. auth_domtrans_chk_passwd(crond_t) @@ -131,8 +129,6 @@ files_list_usr(crond_t) files_search_var_lib(crond_t) files_search_default(crond_t) -init_use_fds(crond_t) -init_use_script_ptys(crond_t) init_rw_utmp(crond_t) libs_use_ld_so(crond_t) @@ -352,9 +348,7 @@ ifdef(`targeted_policy',` # /var/spool/anacron and /var/spool/slrnpull. files_manage_generic_spool(system_crond_t) - init_use_fds(system_crond_t) init_use_script_fds(system_crond_t) - init_use_script_ptys(system_crond_t) init_read_utmp(system_crond_t) init_dontaudit_rw_utmp(system_crond_t) # prelink tells init to restart it self, we either need to allow or dontaudit diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te index ac7457a..0e1bb40 100644 --- a/policy/modules/services/cups.te +++ b/policy/modules/services/cups.te @@ -1,5 +1,5 @@ -policy_module(cups,1.5.1) +policy_module(cups,1.5.2) ######################################## # @@ -173,7 +173,6 @@ mls_file_read_up(cupsd_t) mls_rangetrans_target(cupsd_t) mls_socket_write_all_levels(cupsd_t) -term_dontaudit_use_console(cupsd_t) term_use_unallocated_ttys(cupsd_t) term_search_ptys(cupsd_t) @@ -208,8 +207,6 @@ files_dontaudit_getattr_all_tmp_files(cupsd_t) selinux_compute_access_vector(cupsd_t) -init_use_fds(cupsd_t) -init_use_script_ptys(cupsd_t) init_exec_script_files(cupsd_t) libs_use_ld_so(cupsd_t) @@ -359,8 +356,6 @@ dev_read_rand(cupsd_config_t) fs_getattr_all_fs(cupsd_config_t) fs_search_auto_mountpoints(cupsd_config_t) -term_dontaudit_use_console(cupsd_config_t) - corecmd_exec_bin(cupsd_config_t) corecmd_exec_sbin(cupsd_config_t) corecmd_exec_shell(cupsd_config_t) @@ -374,8 +369,6 @@ files_read_etc_files(cupsd_config_t) files_read_etc_runtime_files(cupsd_config_t) files_read_var_symlinks(cupsd_config_t) -init_use_fds(cupsd_config_t) -init_use_script_ptys(cupsd_config_t) # Alternatives asks for this init_getattr_script_files(cupsd_config_t) @@ -601,8 +594,6 @@ dev_read_usbfs(hplip_t) fs_getattr_all_fs(hplip_t) fs_search_auto_mountpoints(hplip_t) -term_dontaudit_use_console(hplip_t) - # for python corecmd_exec_bin(hplip_t) corecmd_search_sbin(hplip_t) @@ -613,9 +604,6 @@ files_read_etc_files(hplip_t) files_read_etc_runtime_files(hplip_t) files_read_usr_files(hplip_t) -init_use_fds(hplip_t) -init_use_script_ptys(hplip_t) - libs_use_ld_so(hplip_t) libs_use_shared_libs(hplip_t) @@ -691,16 +679,11 @@ dev_rw_printer(ptal_t) fs_getattr_all_fs(ptal_t) fs_search_auto_mountpoints(ptal_t) -term_dontaudit_use_console(ptal_t) - domain_use_interactive_fds(ptal_t) files_read_etc_files(ptal_t) files_read_etc_runtime_files(ptal_t) -init_use_fds(ptal_t) -init_use_script_ptys(ptal_t) - libs_use_ld_so(ptal_t) libs_use_shared_libs(ptal_t) diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te index 3acb626..a559e2b 100644 --- a/policy/modules/services/cyrus.te +++ b/policy/modules/services/cyrus.te @@ -1,5 +1,5 @@ -policy_module(cyrus,1.2.0) +policy_module(cyrus,1.2.1) ######################################## # @@ -85,8 +85,6 @@ dev_read_sysfs(cyrus_t) fs_getattr_all_fs(cyrus_t) fs_search_auto_mountpoints(cyrus_t) -term_dontaudit_use_console(cyrus_t) - corecmd_exec_bin(cyrus_t) domain_use_interactive_fds(cyrus_t) @@ -96,9 +94,6 @@ files_read_etc_files(cyrus_t) files_read_etc_runtime_files(cyrus_t) files_read_usr_files(cyrus_t) -init_use_fds(cyrus_t) -init_use_script_ptys(cyrus_t) - libs_use_ld_so(cyrus_t) libs_use_shared_libs(cyrus_t) libs_exec_lib_files(cyrus_t) diff --git a/policy/modules/services/dante.te b/policy/modules/services/dante.te index 2eb457d..af7e2b5 100644 --- a/policy/modules/services/dante.te +++ b/policy/modules/services/dante.te @@ -1,5 +1,5 @@ -policy_module(dante,1.1.0) +policy_module(dante,1.1.1) ######################################## # @@ -59,10 +59,6 @@ files_read_etc_runtime_files(dante_t) fs_getattr_all_fs(dante_t) fs_search_auto_mountpoints(dante_t) -term_dontaudit_use_console(dante_t) - -init_use_fds(dante_t) -init_use_script_ptys(dante_t) init_write_utmp(dante_t) libs_use_ld_so(dante_t) diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te index 52723ce..fb267f8 100644 --- a/policy/modules/services/dcc.te +++ b/policy/modules/services/dcc.te @@ -1,5 +1,5 @@ -policy_module(dcc,1.1.0) +policy_module(dcc,1.1.1) ######################################## # @@ -261,11 +261,6 @@ files_read_etc_runtime_files(dccd_t) fs_getattr_all_fs(dccd_t) fs_search_auto_mountpoints(dccd_t) -term_dontaudit_use_console(dccd_t) - -init_use_fds(dccd_t) -init_use_script_ptys(dccd_t) - libs_use_ld_so(dccd_t) libs_use_shared_libs(dccd_t) @@ -344,11 +339,6 @@ files_read_etc_runtime_files(dccifd_t) fs_getattr_all_fs(dccifd_t) fs_search_auto_mountpoints(dccifd_t) -term_dontaudit_use_console(dccifd_t) - -init_use_fds(dccifd_t) -init_use_script_ptys(dccifd_t) - libs_use_ld_so(dccifd_t) libs_use_shared_libs(dccifd_t) @@ -426,11 +416,6 @@ files_read_etc_runtime_files(dccm_t) fs_getattr_all_fs(dccm_t) fs_search_auto_mountpoints(dccm_t) -term_dontaudit_use_console(dccm_t) - -init_use_fds(dccm_t) -init_use_script_ptys(dccm_t) - libs_use_ld_so(dccm_t) libs_use_shared_libs(dccm_t) diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te index c79776d..6bf95db 100644 --- a/policy/modules/services/ddclient.te +++ b/policy/modules/services/ddclient.te @@ -1,5 +1,5 @@ -policy_module(ddclient,1.1.0) +policy_module(ddclient,1.1.1) ######################################## # @@ -86,11 +86,6 @@ files_read_usr_files(ddclient_t) fs_getattr_all_fs(ddclient_t) fs_search_auto_mountpoints(ddclient_t) -term_dontaudit_use_console(ddclient_t) - -init_use_fds(ddclient_t) -init_use_script_ptys(ddclient_t) - libs_use_ld_so(ddclient_t) libs_use_shared_libs(ddclient_t) diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te index 2e011e0..62a6892 100644 --- a/policy/modules/services/dhcp.te +++ b/policy/modules/services/dhcp.te @@ -1,5 +1,5 @@ -policy_module(dhcp,1.2.0) +policy_module(dhcp,1.2.1) ######################################## # @@ -78,8 +78,6 @@ dev_read_urand(dhcpd_t) fs_getattr_all_fs(dhcpd_t) fs_search_auto_mountpoints(dhcpd_t) -term_dontaudit_use_console(dhcpd_t) - corecmd_exec_bin(dhcpd_t) corecmd_exec_sbin(dhcpd_t) @@ -90,9 +88,6 @@ files_read_usr_files(dhcpd_t) files_read_etc_runtime_files(dhcpd_t) files_search_var_lib(dhcpd_t) -init_use_fds(dhcpd_t) -init_use_script_ptys(dhcpd_t) - libs_use_ld_so(dhcpd_t) libs_use_shared_libs(dhcpd_t) diff --git a/policy/modules/services/dictd.te b/policy/modules/services/dictd.te index df5ab1a..5e262c3 100644 --- a/policy/modules/services/dictd.te +++ b/policy/modules/services/dictd.te @@ -1,5 +1,5 @@ -policy_module(dictd,1.2.0) +policy_module(dictd,1.2.1) ######################################## # @@ -8,7 +8,7 @@ policy_module(dictd,1.2.0) type dictd_t; type dictd_exec_t; -init_system_domain(dictd_t,dictd_exec_t) +init_daemon_domain(dictd_t,dictd_exec_t) type dictd_etc_t; files_config_file(dictd_etc_t) @@ -55,8 +55,6 @@ dev_read_sysfs(dictd_t) fs_getattr_xattr_fs(dictd_t) fs_search_auto_mountpoints(dictd_t) -term_dontaudit_use_console(dictd_t) - domain_use_interactive_fds(dictd_t) files_read_etc_files(dictd_t) @@ -66,9 +64,6 @@ files_search_var_lib(dictd_t) # for checking for nscd files_dontaudit_search_pids(dictd_t) -init_use_fds(dictd_t) -init_use_script_ptys(dictd_t) - libs_use_ld_so(dictd_t) libs_use_shared_libs(dictd_t) diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te index d884230..e3e25e8 100644 --- a/policy/modules/services/distcc.te +++ b/policy/modules/services/distcc.te @@ -1,5 +1,5 @@ -policy_module(distcc,1.2.0) +policy_module(distcc,1.2.1) ######################################## # @@ -60,8 +60,6 @@ dev_read_sysfs(distccd_t) fs_getattr_all_fs(distccd_t) fs_search_auto_mountpoints(distccd_t) -term_dontaudit_use_console(distccd_t) - corecmd_exec_bin(distccd_t) corecmd_read_sbin_symlinks(distccd_t) @@ -70,9 +68,6 @@ domain_use_interactive_fds(distccd_t) files_read_etc_files(distccd_t) files_read_etc_runtime_files(distccd_t) -init_use_fds(distccd_t) -init_use_script_ptys(distccd_t) - libs_use_ld_so(distccd_t) libs_use_shared_libs(distccd_t) libs_exec_lib_files(distccd_t) diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te index b29223e..e8753dc 100644 --- a/policy/modules/services/dnsmasq.te +++ b/policy/modules/services/dnsmasq.te @@ -1,5 +1,5 @@ -policy_module(dnsmasq,1.2.0) +policy_module(dnsmasq,1.2.1) ######################################## # @@ -70,11 +70,6 @@ files_read_etc_files(dnsmasq_t) fs_getattr_all_fs(dnsmasq_t) fs_search_auto_mountpoints(dnsmasq_t) -term_dontaudit_use_console(dnsmasq_t) - -init_use_fds(dnsmasq_t) -init_use_script_ptys(dnsmasq_t) - libs_use_ld_so(dnsmasq_t) libs_use_shared_libs(dnsmasq_t) diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te index 08f30ad..51874fd 100644 --- a/policy/modules/services/dovecot.te +++ b/policy/modules/services/dovecot.te @@ -1,5 +1,5 @@ -policy_module(dovecot,1.4.0) +policy_module(dovecot,1.4.1) ######################################## # @@ -87,8 +87,6 @@ fs_getattr_all_fs(dovecot_t) fs_search_auto_mountpoints(dovecot_t) fs_list_inotifyfs(dovecot_t) -term_dontaudit_use_console(dovecot_t) - corecmd_exec_bin(dovecot_t) domain_use_interactive_fds(dovecot_t) @@ -101,8 +99,6 @@ files_dontaudit_list_default(dovecot_t) files_read_etc_runtime_files(dovecot_t) files_getattr_all_mountpoints(dovecot_t) -init_use_fds(dovecot_t) -init_use_script_ptys(dovecot_t) init_getattr_utmp(dovecot_t) libs_use_ld_so(dovecot_t) diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te index 169dfc8..e176f34 100644 --- a/policy/modules/services/fetchmail.te +++ b/policy/modules/services/fetchmail.te @@ -1,5 +1,5 @@ -policy_module(fetchmail,1.2.0) +policy_module(fetchmail,1.2.1) ######################################## # @@ -69,13 +69,8 @@ files_dontaudit_search_home(fetchmail_t) fs_getattr_all_fs(fetchmail_t) fs_search_auto_mountpoints(fetchmail_t) -term_dontaudit_use_console(fetchmail_t) - domain_use_interactive_fds(fetchmail_t) -init_use_fds(fetchmail_t) -init_use_script_ptys(fetchmail_t) - libs_use_ld_so(fetchmail_t) libs_use_shared_libs(fetchmail_t) diff --git a/policy/modules/services/finger.te b/policy/modules/services/finger.te index 708cfaf..f7b44ec 100644 --- a/policy/modules/services/finger.te +++ b/policy/modules/services/finger.te @@ -1,5 +1,5 @@ -policy_module(finger,1.2.0) +policy_module(finger,1.2.1) ######################################## # @@ -62,7 +62,6 @@ dev_read_sysfs(fingerd_t) fs_getattr_all_fs(fingerd_t) fs_search_auto_mountpoints(fingerd_t) -term_dontaudit_use_console(fingerd_t) term_getattr_all_user_ttys(fingerd_t) term_getattr_all_user_ptys(fingerd_t) @@ -80,8 +79,6 @@ files_read_etc_runtime_files(fingerd_t) init_read_utmp(fingerd_t) init_dontaudit_write_utmp(fingerd_t) -init_use_fds(fingerd_t) -init_use_script_ptys(fingerd_t) libs_use_ld_so(fingerd_t) libs_use_shared_libs(fingerd_t) diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te index 8923635..f4e0a1b 100644 --- a/policy/modules/services/ftp.te +++ b/policy/modules/services/ftp.te @@ -1,5 +1,5 @@ -policy_module(ftp,1.4.2) +policy_module(ftp,1.4.3) ######################################## # @@ -117,8 +117,6 @@ files_search_var_lib(ftpd_t) fs_search_auto_mountpoints(ftpd_t) fs_getattr_all_fs(ftpd_t) -term_dontaudit_use_console(ftpd_t) - auth_use_nsswitch(ftpd_t) auth_domtrans_chk_passwd(ftpd_t) # Append to /var/log/wtmp. @@ -127,8 +125,6 @@ auth_append_login_records(ftpd_t) auth_write_login_records(ftpd_t) auth_rw_faillog(ftpd_t) -init_use_fds(ftpd_t) -init_use_script_ptys(ftpd_t) init_rw_utmp(ftpd_t) libs_use_ld_so(ftpd_t) diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te index 8c7e609..3cb6590 100644 --- a/policy/modules/services/gatekeeper.te +++ b/policy/modules/services/gatekeeper.te @@ -1,5 +1,5 @@ -policy_module(gatekeeper,1.1.0) +policy_module(gatekeeper,1.1.1) ######################################## # @@ -77,11 +77,6 @@ files_read_etc_files(gatekeeper_t) fs_getattr_all_fs(gatekeeper_t) fs_search_auto_mountpoints(gatekeeper_t) -term_dontaudit_use_console(gatekeeper_t) - -init_use_fds(gatekeeper_t) -init_use_script_ptys(gatekeeper_t) - libs_use_ld_so(gatekeeper_t) libs_use_shared_libs(gatekeeper_t) diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te index 23ee78c..619129e 100644 --- a/policy/modules/services/gpm.te +++ b/policy/modules/services/gpm.te @@ -1,5 +1,5 @@ -policy_module(gpm,1.2.0) +policy_module(gpm,1.2.1) ######################################## # @@ -58,13 +58,9 @@ fs_getattr_all_fs(gpm_t) fs_search_auto_mountpoints(gpm_t) term_use_unallocated_ttys(gpm_t) -term_dontaudit_use_console(gpm_t) domain_use_interactive_fds(gpm_t) -init_use_fds(gpm_t) -init_use_script_ptys(gpm_t) - libs_use_ld_so(gpm_t) libs_use_shared_libs(gpm_t) diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te index 955e4ff..a24d01c 100644 --- a/policy/modules/services/hal.te +++ b/policy/modules/services/hal.te @@ -1,5 +1,5 @@ -policy_module(hal,1.5.1) +policy_module(hal,1.5.2) ######################################## # @@ -127,8 +127,6 @@ term_dontaudit_use_unallocated_ttys(hald_t) auth_use_nsswitch(hald_t) -init_use_fds(hald_t) -init_use_script_ptys(hald_t) init_domtrans_script(hald_t) init_write_initctl(hald_t) init_read_utmp(hald_t) @@ -157,7 +155,6 @@ userdom_dontaudit_use_unpriv_user_fds(hald_t) userdom_dontaudit_search_sysadm_home_dirs(hald_t) ifdef(`targeted_policy',` - term_dontaudit_use_console(hald_t) term_dontaudit_use_generic_ptys(hald_t) files_dontaudit_read_root_files(hald_t) ') diff --git a/policy/modules/services/howl.te b/policy/modules/services/howl.te index 3aa19f1..b193d1d 100644 --- a/policy/modules/services/howl.te +++ b/policy/modules/services/howl.te @@ -1,5 +1,5 @@ -policy_module(howl,1.2.0) +policy_module(howl,1.2.1) ######################################## # @@ -52,14 +52,10 @@ dev_read_sysfs(howl_t) fs_getattr_all_fs(howl_t) fs_search_auto_mountpoints(howl_t) -term_dontaudit_use_console(howl_t) - domain_use_interactive_fds(howl_t) files_read_etc_files(howl_t) -init_use_fds(howl_t) -init_use_script_ptys(howl_t) init_rw_utmp(howl_t) libs_use_ld_so(howl_t) diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te index 7a7e7e0..1eadc3f 100644 --- a/policy/modules/services/i18n_input.te +++ b/policy/modules/services/i18n_input.te @@ -1,5 +1,5 @@ -policy_module(i18n_input,1.2.0) +policy_module(i18n_input,1.2.1) ######################################## # @@ -55,8 +55,6 @@ dev_read_sysfs(i18n_input_t) fs_getattr_all_fs(i18n_input_t) fs_search_auto_mountpoints(i18n_input_t) -term_dontaudit_use_console(i18n_input_t) - corecmd_search_sbin(i18n_input_t) corecmd_search_bin(i18n_input_t) corecmd_exec_bin(i18n_input_t) @@ -67,8 +65,6 @@ files_read_etc_files(i18n_input_t) files_read_etc_runtime_files(i18n_input_t) files_read_usr_files(i18n_input_t) -init_use_fds(i18n_input_t) -init_use_script_ptys(i18n_input_t) init_stream_connect_script(i18n_input_t) libs_use_ld_so(i18n_input_t) diff --git a/policy/modules/services/imaze.te b/policy/modules/services/imaze.te index 3a618d4..cbddacd 100644 --- a/policy/modules/services/imaze.te +++ b/policy/modules/services/imaze.te @@ -1,5 +1,5 @@ -policy_module(imaze,1.1.0) +policy_module(imaze,1.1.1) ######################################## # @@ -77,11 +77,6 @@ files_read_etc_files(imazesrv_t) fs_getattr_all_fs(imazesrv_t) fs_search_auto_mountpoints(imazesrv_t) -term_dontaudit_use_console(imazesrv_t) - -init_use_fds(imazesrv_t) -init_use_script_ptys(imazesrv_t) - libs_use_ld_so(imazesrv_t) libs_use_shared_libs(imazesrv_t) diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te index f5f590b..a5ba36a 100644 --- a/policy/modules/services/inetd.te +++ b/policy/modules/services/inetd.te @@ -1,5 +1,5 @@ -policy_module(inetd,1.2.1) +policy_module(inetd,1.2.2) ######################################## # @@ -116,8 +116,6 @@ fs_search_auto_mountpoints(inetd_t) selinux_validate_context(inetd_t) selinux_compute_create_context(inetd_t) -term_dontaudit_use_console(inetd_t) - # Run other daemons in the inetd_child_t domain. corecmd_search_bin(inetd_t) corecmd_read_sbin_symlinks(inetd_t) @@ -126,9 +124,6 @@ domain_use_interactive_fds(inetd_t) files_read_etc_files(inetd_t) -init_use_fds(inetd_t) -init_use_script_ptys(inetd_t) - libs_use_ld_so(inetd_t) libs_use_shared_libs(inetd_t) diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te index d547c01..698a75f 100644 --- a/policy/modules/services/inn.te +++ b/policy/modules/services/inn.te @@ -1,5 +1,5 @@ -policy_module(inn,1.2.0) +policy_module(inn,1.2.1) ######################################## # @@ -82,8 +82,6 @@ dev_read_urand(innd_t) fs_getattr_all_fs(innd_t) fs_search_auto_mountpoints(innd_t) -term_dontaudit_use_console(innd_t) - corecmd_exec_bin(innd_t) corecmd_exec_shell(innd_t) corecmd_search_sbin(innd_t) @@ -96,9 +94,6 @@ files_read_etc_files(innd_t) files_read_etc_runtime_files(innd_t) files_read_usr_files(innd_t) -init_use_fds(innd_t) -init_use_script_ptys(innd_t) - libs_use_ld_so(innd_t) libs_use_shared_libs(innd_t) diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te index 4bdfc79..32789b6 100644 --- a/policy/modules/services/ircd.te +++ b/policy/modules/services/ircd.te @@ -1,5 +1,5 @@ -policy_module(ircd,1.1.0) +policy_module(ircd,1.1.1) ######################################## # @@ -71,11 +71,6 @@ files_read_etc_runtime_files(ircd_t) fs_getattr_all_fs(ircd_t) fs_search_auto_mountpoints(ircd_t) -term_dontaudit_use_console(ircd_t) - -init_use_fds(ircd_t) -init_use_script_ptys(ircd_t) - libs_use_ld_so(ircd_t) libs_use_shared_libs(ircd_t) diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te index 9dee225..92c7142 100644 --- a/policy/modules/services/irqbalance.te +++ b/policy/modules/services/irqbalance.te @@ -1,5 +1,5 @@ -policy_module(irqbalance,1.0.1) +policy_module(irqbalance,1.0.2) ######################################## # @@ -40,13 +40,8 @@ files_read_etc_runtime_files(irqbalance_t) fs_getattr_all_fs(irqbalance_t) fs_search_auto_mountpoints(irqbalance_t) -term_dontaudit_use_console(irqbalance_t) - domain_use_interactive_fds(irqbalance_t) -init_use_fds(irqbalance_t) -init_use_script_ptys(irqbalance_t) - libs_use_ld_so(irqbalance_t) libs_use_shared_libs(irqbalance_t) diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te index 960808b..8b44e32 100644 --- a/policy/modules/services/jabber.te +++ b/policy/modules/services/jabber.te @@ -1,5 +1,5 @@ -policy_module(jabber,1.1.0) +policy_module(jabber,1.1.1) ######################################## # @@ -69,11 +69,6 @@ files_read_etc_runtime_files(jabberd_t) fs_getattr_all_fs(jabberd_t) fs_search_auto_mountpoints(jabberd_t) -term_dontaudit_use_console(jabberd_t) - -init_use_fds(jabberd_t) -init_use_script_ptys(jabberd_t) - libs_use_ld_so(jabberd_t) libs_use_shared_libs(jabberd_t) diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te index e9c0acf..faa3779 100644 --- a/policy/modules/services/kerberos.te +++ b/policy/modules/services/kerberos.te @@ -1,5 +1,5 @@ -policy_module(kerberos,1.3.2) +policy_module(kerberos,1.3.3) ######################################## # @@ -107,15 +107,10 @@ dev_read_urand(kadmind_t) fs_getattr_all_fs(kadmind_t) fs_search_auto_mountpoints(kadmind_t) -term_dontaudit_use_console(kadmind_t) - domain_use_interactive_fds(kadmind_t) files_read_etc_files(kadmind_t) -init_use_fds(kadmind_t) -init_use_script_ptys(kadmind_t) - libs_use_ld_so(kadmind_t) libs_use_shared_libs(kadmind_t) @@ -212,17 +207,12 @@ dev_read_urand(krb5kdc_t) fs_getattr_all_fs(krb5kdc_t) fs_search_auto_mountpoints(krb5kdc_t) -term_dontaudit_use_console(krb5kdc_t) - domain_use_interactive_fds(krb5kdc_t) files_read_etc_files(krb5kdc_t) files_read_usr_symlinks(krb5kdc_t) files_read_var_files(krb5kdc_t) -init_use_fds(krb5kdc_t) -init_use_script_ptys(krb5kdc_t) - libs_use_ld_so(krb5kdc_t) libs_use_shared_libs(krb5kdc_t) diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te index e72bc6f..1b0fb62 100644 --- a/policy/modules/services/ldap.te +++ b/policy/modules/services/ldap.te @@ -1,5 +1,5 @@ -policy_module(ldap,1.3.0) +policy_module(ldap,1.3.1) ######################################## # @@ -96,8 +96,6 @@ dev_read_sysfs(slapd_t) fs_getattr_all_fs(slapd_t) fs_search_auto_mountpoints(slapd_t) -term_dontaudit_use_console(slapd_t) - domain_use_interactive_fds(slapd_t) files_read_etc_files(slapd_t) @@ -105,9 +103,6 @@ files_read_etc_runtime_files(slapd_t) files_read_usr_files(slapd_t) files_list_var_lib(slapd_t) -init_use_fds(slapd_t) -init_use_script_ptys(slapd_t) - libs_use_ld_so(slapd_t) libs_use_shared_libs(slapd_t) diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te index 26c1f0b..8f329e0 100644 --- a/policy/modules/services/lpd.te +++ b/policy/modules/services/lpd.te @@ -1,5 +1,5 @@ -policy_module(lpd,1.4.1) +policy_module(lpd,1.4.2) ######################################## # @@ -168,8 +168,6 @@ dev_rw_printer(lpd_t) fs_getattr_all_fs(lpd_t) fs_search_auto_mountpoints(lpd_t) -term_dontaudit_use_console(lpd_t) - # Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp corecmd_exec_bin(lpd_t) corecmd_exec_sbin(lpd_t) @@ -189,9 +187,6 @@ files_read_var_lib_symlinks(lpd_t) # config files for lpd are of type etc_t, probably should change this files_read_etc_files(lpd_t) -init_use_fds(lpd_t) -init_use_script_ptys(lpd_t) - libs_use_ld_so(lpd_t) libs_use_shared_libs(lpd_t) diff --git a/policy/modules/services/monop.te b/policy/modules/services/monop.te index 3404d4f..593cb54 100644 --- a/policy/modules/services/monop.te +++ b/policy/modules/services/monop.te @@ -1,5 +1,5 @@ -policy_module(monop,1.1.0) +policy_module(monop,1.1.1) ######################################## # @@ -63,11 +63,6 @@ files_read_etc_files(monopd_t) fs_getattr_all_fs(monopd_t) fs_search_auto_mountpoints(monopd_t) -term_dontaudit_use_console(monopd_t) - -init_use_fds(monopd_t) -init_use_script_ptys(monopd_t) - libs_use_ld_so(monopd_t) libs_use_shared_libs(monopd_t) diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te index 9b3bd9a..f56717f 100644 --- a/policy/modules/services/munin.te +++ b/policy/modules/services/munin.te @@ -1,5 +1,5 @@ -policy_module(munin,1.1.0) +policy_module(munin,1.1.1) ######################################## # @@ -85,11 +85,6 @@ files_read_usr_files(munin_t) fs_getattr_all_fs(munin_t) fs_search_auto_mountpoints(munin_t) -term_dontaudit_use_console(munin_t) - -init_use_fds(munin_t) -init_use_script_ptys(munin_t) - libs_use_ld_so(munin_t) libs_use_shared_libs(munin_t) diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te index a75f518..2812929 100644 --- a/policy/modules/services/mysql.te +++ b/policy/modules/services/mysql.te @@ -1,5 +1,5 @@ -policy_module(mysql,1.3.0) +policy_module(mysql,1.3.1) ######################################## # @@ -79,8 +79,6 @@ dev_read_sysfs(mysqld_t) fs_getattr_all_fs(mysqld_t) fs_search_auto_mountpoints(mysqld_t) -term_dontaudit_use_console(mysqld_t) - domain_use_interactive_fds(mysqld_t) files_getattr_var_lib_dirs(mysqld_t) @@ -91,9 +89,6 @@ files_search_var_lib(mysqld_t) auth_use_nsswitch(mysqld_t) -init_use_fds(mysqld_t) -init_use_script_ptys(mysqld_t) - libs_use_ld_so(mysqld_t) libs_use_shared_libs(mysqld_t) diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te index 8572d5a..d3aa61b 100644 --- a/policy/modules/services/nagios.te +++ b/policy/modules/services/nagios.te @@ -1,5 +1,5 @@ -policy_module(nagios,1.1.0) +policy_module(nagios,1.1.1) ######################################## # @@ -87,10 +87,6 @@ files_read_kernel_symbol_table(nagios_t) fs_getattr_all_fs(nagios_t) fs_search_auto_mountpoints(nagios_t) -term_dontaudit_use_console(nagios_t) - -init_use_fds(nagios_t) -init_use_script_ptys(nagios_t) # for who init_read_utmp(nagios_t) @@ -210,11 +206,6 @@ files_read_etc_runtime_files(nrpe_t) fs_search_auto_mountpoints(nrpe_t) -term_dontaudit_use_console(nrpe_t) - -init_use_fds(nrpe_t) -init_use_script_ptys(nrpe_t) - libs_use_ld_so(nrpe_t) libs_use_shared_libs(nrpe_t) diff --git a/policy/modules/services/nessus.te b/policy/modules/services/nessus.te index 0c76b00..58ca168 100644 --- a/policy/modules/services/nessus.te +++ b/policy/modules/services/nessus.te @@ -1,5 +1,5 @@ -policy_module(nessus,1.1.0) +policy_module(nessus,1.1.1) ######################################## # @@ -83,11 +83,6 @@ files_read_etc_runtime_files(nessusd_t) fs_getattr_all_fs(nessusd_t) fs_search_auto_mountpoints(nessusd_t) -term_dontaudit_use_console(nessusd_t) - -init_use_fds(nessusd_t) -init_use_script_ptys(nessusd_t) - libs_use_ld_so(nessusd_t) libs_use_shared_libs(nessusd_t) diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te index 78f407a..eb61623 100644 --- a/policy/modules/services/networkmanager.te +++ b/policy/modules/services/networkmanager.te @@ -1,5 +1,5 @@ -policy_module(networkmanager,1.5.2) +policy_module(networkmanager,1.5.3) ######################################## # @@ -69,8 +69,6 @@ mls_file_read_up(NetworkManager_t) selinux_dontaudit_search_fs(NetworkManager_t) -term_dontaudit_use_console(NetworkManager_t) - corecmd_exec_shell(NetworkManager_t) corecmd_exec_bin(NetworkManager_t) corecmd_exec_sbin(NetworkManager_t) @@ -84,8 +82,6 @@ files_read_etc_files(NetworkManager_t) files_read_etc_runtime_files(NetworkManager_t) files_read_usr_files(NetworkManager_t) -init_use_fds(NetworkManager_t) -init_use_script_ptys(NetworkManager_t) init_read_utmp(NetworkManager_t) init_domtrans_script(NetworkManager_t) diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te index fc4eea4..5c03ae2 100644 --- a/policy/modules/services/nis.te +++ b/policy/modules/services/nis.te @@ -1,5 +1,5 @@ -policy_module(nis,1.3.2) +policy_module(nis,1.3.3) ######################################## # @@ -95,16 +95,11 @@ dev_read_sysfs(ypbind_t) fs_getattr_all_fs(ypbind_t) fs_search_auto_mountpoints(ypbind_t) -term_dontaudit_use_console(ypbind_t) - domain_use_interactive_fds(ypbind_t) files_read_etc_files(ypbind_t) files_list_var(ypbind_t) -init_use_fds(ypbind_t) -init_use_script_ptys(ypbind_t) - libs_use_ld_so(ypbind_t) libs_use_shared_libs(ypbind_t) @@ -179,8 +174,6 @@ fs_search_auto_mountpoints(yppasswdd_t) selinux_get_fs_mount(yppasswdd_t) -term_dontaudit_use_console(yppasswdd_t) - auth_manage_shadow(yppasswdd_t) auth_relabel_shadow(yppasswdd_t) auth_etc_filetrans_shadow(yppasswdd_t) @@ -195,9 +188,6 @@ files_read_etc_files(yppasswdd_t) files_read_etc_runtime_files(yppasswdd_t) files_relabel_etc_files(yppasswdd_t) -init_use_fds(yppasswdd_t) -init_use_script_ptys(yppasswdd_t) - libs_use_ld_so(yppasswdd_t) libs_use_shared_libs(yppasswdd_t) @@ -278,8 +268,6 @@ dev_read_sysfs(ypserv_t) fs_getattr_all_fs(ypserv_t) fs_search_auto_mountpoints(ypserv_t) -term_dontaudit_use_console(ypserv_t) - corecmd_exec_bin(ypserv_t) domain_use_interactive_fds(ypserv_t) @@ -287,9 +275,6 @@ domain_use_interactive_fds(ypserv_t) files_read_var_files(ypserv_t) files_read_etc_files(ypserv_t) -init_use_fds(ypserv_t) -init_use_script_ptys(ypserv_t) - libs_use_ld_so(ypserv_t) libs_use_shared_libs(ypserv_t) @@ -357,8 +342,6 @@ corenet_sendrecv_all_client_packets(ypxfr_t) files_read_etc_files(ypxfr_t) files_search_usr(ypxfr_t) -init_use_fds(ypxfr_t) - libs_use_shared_libs(ypxfr_t) libs_use_ld_so(ypxfr_t) diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te index 50652cc..53358f7 100644 --- a/policy/modules/services/nscd.te +++ b/policy/modules/services/nscd.te @@ -1,5 +1,5 @@ -policy_module(nscd,1.3.2) +policy_module(nscd,1.3.3) gen_require(` class nscd all_nscd_perms; @@ -61,8 +61,6 @@ dev_read_urand(nscd_t) fs_getattr_all_fs(nscd_t) fs_search_auto_mountpoints(nscd_t) -term_dontaudit_use_console(nscd_t) - # for when /etc/passwd has just been updated and has the wrong type auth_getattr_shadow(nscd_t) auth_use_nsswitch(nscd_t) @@ -91,9 +89,6 @@ files_read_generic_tmp_symlinks(nscd_t) # Needed to read files created by firstboot "/etc/hesiod.conf" files_read_etc_runtime_files(nscd_t) -init_use_fds(nscd_t) -init_use_script_ptys(nscd_t) - libs_use_ld_so(nscd_t) libs_use_shared_libs(nscd_t) @@ -113,9 +108,6 @@ userdom_dontaudit_search_sysadm_home_dirs(nscd_t) ifdef(`targeted_policy',` term_use_unallocated_ttys(nscd_t) term_use_generic_ptys(nscd_t) - - term_dontaudit_use_unallocated_ttys(nscd_t) - term_dontaudit_use_generic_ptys(nscd_t) files_dontaudit_read_root_files(nscd_t) ') diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te index 03af5e4..f633719 100644 --- a/policy/modules/services/nsd.te +++ b/policy/modules/services/nsd.te @@ -1,5 +1,5 @@ -policy_module(nsd,1.1.0) +policy_module(nsd,1.1.1) ######################################## # @@ -85,11 +85,6 @@ files_read_etc_runtime_files(nsd_t) fs_getattr_all_fs(nsd_t) fs_search_auto_mountpoints(nsd_t) -term_dontaudit_use_console(nsd_t) - -init_use_fds(nsd_t) -init_use_script_ptys(nsd_t) - libs_use_ld_so(nsd_t) libs_use_shared_libs(nsd_t) diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te index 4c45ebe..8d85525 100644 --- a/policy/modules/services/ntop.te +++ b/policy/modules/services/ntop.te @@ -1,5 +1,5 @@ -policy_module(ntop,1.1.0) +policy_module(ntop,1.1.1) ######################################## # @@ -80,11 +80,6 @@ files_read_etc_files(ntop_t) fs_getattr_all_fs(ntop_t) fs_search_auto_mountpoints(ntop_t) -term_dontaudit_use_console(ntop_t) - -init_use_fds(ntop_t) -init_use_script_ptys(ntop_t) - libs_use_ld_so(ntop_t) libs_use_shared_libs(ntop_t) diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te index 251fe71..f10d484 100644 --- a/policy/modules/services/ntp.te +++ b/policy/modules/services/ntp.te @@ -1,5 +1,5 @@ -policy_module(ntp,1.2.0) +policy_module(ntp,1.2.1) ######################################## # @@ -82,8 +82,6 @@ dev_read_urand(ntpd_t) fs_getattr_all_fs(ntpd_t) fs_search_auto_mountpoints(ntpd_t) -term_dontaudit_use_console(ntpd_t) - auth_use_nsswitch(ntpd_t) corecmd_exec_bin(ntpd_t) @@ -100,8 +98,6 @@ files_read_usr_files(ntpd_t) files_list_var_lib(ntpd_t) init_exec_script_files(ntpd_t) -init_use_fds(ntpd_t) -init_use_script_ptys(ntpd_t) libs_use_ld_so(ntpd_t) libs_use_shared_libs(ntpd_t) diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te index 02e9968..d0d4c86 100644 --- a/policy/modules/services/oav.te +++ b/policy/modules/services/oav.te @@ -1,5 +1,5 @@ -policy_module(oav,1.1.0) +policy_module(oav,1.1.1) ######################################## # @@ -124,13 +124,8 @@ files_exec_etc_files(scannerdaemon_t) fs_getattr_all_fs(scannerdaemon_t) fs_search_auto_mountpoints(scannerdaemon_t) -term_dontaudit_use_console(scannerdaemon_t) - auth_dontaudit_read_shadow(scannerdaemon_t) -init_use_fds(scannerdaemon_t) -init_use_script_ptys(scannerdaemon_t) - libs_use_ld_so(scannerdaemon_t) libs_use_shared_libs(scannerdaemon_t) # Can run kaffe diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te index f9a4a07..ccb8423 100644 --- a/policy/modules/services/oddjob.te +++ b/policy/modules/services/oddjob.te @@ -1,5 +1,5 @@ -policy_module(oddjob,1.1.0) +policy_module(oddjob,1.1.1) ######################################## # @@ -53,12 +53,9 @@ libs_use_shared_libs(oddjob_t) miscfiles_read_localization(oddjob_t) -init_dontaudit_use_fds(oddjob_t) - locallogin_dontaudit_use_fds(oddjob_t) ifdef(`targeted_policy',` - term_dontaudit_use_console(oddjob_t) term_dontaudit_use_generic_ptys(oddjob_t) term_dontaudit_use_unallocated_ttys(oddjob_t) ') diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te index b379ed1..d3512eb 100644 --- a/policy/modules/services/openct.te +++ b/policy/modules/services/openct.te @@ -1,5 +1,5 @@ -policy_module(openct,1.0.0) +policy_module(openct,1.0.1) ######################################## # @@ -40,11 +40,6 @@ files_read_etc_files(openct_t) fs_getattr_all_fs(openct_t) fs_search_auto_mountpoints(openct_t) -term_dontaudit_use_console(openct_t) - -init_use_fds(openct_t) -init_use_script_ptys(openct_t) - libs_use_ld_so(openct_t) libs_use_shared_libs(openct_t) diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te index 9419a6d..8bd4fca 100644 --- a/policy/modules/services/openvpn.te +++ b/policy/modules/services/openvpn.te @@ -1,5 +1,5 @@ -policy_module(openvpn,1.1.1) +policy_module(openvpn,1.1.2) ######################################## # @@ -75,8 +75,6 @@ dev_read_urand(openvpn_t) files_read_etc_files(openvpn_t) files_read_etc_runtime_files(openvpn_t) -init_use_fds(openvpn_t) - libs_use_ld_so(openvpn_t) libs_use_shared_libs(openvpn_t) diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te index f065d8a..319d599 100644 --- a/policy/modules/services/pcscd.te +++ b/policy/modules/services/pcscd.te @@ -1,5 +1,5 @@ -policy_module(pcscd,1.0.0) +policy_module(pcscd,1.0.1) ######################################## # @@ -45,8 +45,6 @@ files_read_etc_runtime_files(pcscd_t) term_dontaudit_getattr_pty_dirs(pcscd_t) -init_dontaudit_use_fds(pcscd_t) - libs_use_ld_so(pcscd_t) libs_use_shared_libs(pcscd_t) @@ -61,7 +59,6 @@ sysnet_dns_name_resolve(pcscd_t) ifdef(`targeted_policy',` term_dontaudit_use_generic_ptys(pcscd_t) term_dontaudit_use_unallocated_ttys(pcscd_t) - term_dontaudit_use_console(pcscd_t) ') optional_policy(` diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te index d849ae6..54a35ee 100644 --- a/policy/modules/services/pegasus.te +++ b/policy/modules/services/pegasus.te @@ -1,5 +1,5 @@ -policy_module(pegasus,1.2.0) +policy_module(pegasus,1.2.1) ######################################## # @@ -95,8 +95,6 @@ fs_getattr_all_fs(pegasus_t) fs_search_auto_mountpoints(pegasus_t) files_getattr_all_dirs(pegasus_t) -term_dontaudit_use_console(pegasus_t) - auth_use_nsswitch(pegasus_t) auth_domtrans_chk_passwd(pegasus_t) @@ -110,8 +108,6 @@ files_read_var_lib_symlinks(pegasus_t) hostname_exec(pegasus_t) -init_use_fds(pegasus_t) -init_use_script_ptys(pegasus_t) init_rw_utmp(pegasus_t) init_stream_connect_script(pegasus_t) diff --git a/policy/modules/services/perdition.te b/policy/modules/services/perdition.te index f02f658..13941fd 100644 --- a/policy/modules/services/perdition.te +++ b/policy/modules/services/perdition.te @@ -1,5 +1,5 @@ -policy_module(perdition,1.1.0) +policy_module(perdition,1.1.1) ######################################## # @@ -57,11 +57,6 @@ fs_search_auto_mountpoints(perdition_t) files_read_etc_files(perdition_t) -term_dontaudit_use_console(perdition_t) - -init_use_fds(perdition_t) -init_use_script_ptys(perdition_t) - libs_use_ld_so(perdition_t) libs_use_shared_libs(perdition_t) diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te index eb80fe1..6011d23 100644 --- a/policy/modules/services/portmap.te +++ b/policy/modules/services/portmap.te @@ -1,5 +1,5 @@ -policy_module(portmap,1.3.0) +policy_module(portmap,1.3.1) ######################################## # @@ -72,15 +72,10 @@ dev_read_sysfs(portmap_t) fs_getattr_all_fs(portmap_t) fs_search_auto_mountpoints(portmap_t) -term_dontaudit_use_console(portmap_t) - domain_use_interactive_fds(portmap_t) files_read_etc_files(portmap_t) -init_use_fds(portmap_t) -init_use_script_ptys(portmap_t) - libs_use_ld_so(portmap_t) libs_use_shared_libs(portmap_t) diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te index 73118a6..4fea5e6 100644 --- a/policy/modules/services/portslave.te +++ b/policy/modules/services/portslave.te @@ -1,5 +1,5 @@ -policy_module(portslave,1.1.0) +policy_module(portslave,1.1.1) ######################################## # @@ -80,13 +80,11 @@ fs_getattr_xattr_fs(portslave_t) term_use_unallocated_ttys(portslave_t) term_setattr_unallocated_ttys(portslave_t) term_use_all_user_ttys(portslave_t) -term_dontaudit_use_console(portslave_t) term_search_ptys(portslave_t) auth_rw_login_records(portslave_t) auth_domtrans_chk_passwd(portslave_t) -init_use_fds(portslave_t) -init_use_script_ptys(portslave_t) + init_rw_utmp(portslave_t) libs_use_ld_so(portslave_t) diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if index 6e9dbbc..fe1defd 100644 --- a/policy/modules/services/postfix.if +++ b/policy/modules/services/postfix.if @@ -81,7 +81,7 @@ template(`postfix_domain_template',` files_search_spool(postfix_$1_t) files_getattr_tmp_dirs(postfix_$1_t) - init_use_fds(postfix_$1_t) + init_dontaudit_use_fds(postfix_$1_t) init_sigchld(postfix_$1_t) libs_use_ld_so(postfix_$1_t) diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index 8816ee2..694a8cc 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -1,5 +1,5 @@ -policy_module(postfix,1.4.1) +policy_module(postfix,1.4.2) ######################################## # @@ -160,8 +160,6 @@ domain_use_interactive_fds(postfix_master_t) files_read_usr_files(postfix_master_t) -init_use_script_ptys(postfix_master_t) - miscfiles_read_man_pages(postfix_master_t) seutil_sigchld_newrole(postfix_master_t) diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index 4188081..9e99350 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -1,5 +1,5 @@ -policy_module(postgresql,1.2.0) +policy_module(postgresql,1.2.1) ################################# # @@ -102,7 +102,6 @@ fs_getattr_all_fs(postgresql_t) fs_search_auto_mountpoints(postgresql_t) term_use_controlling_term(postgresql_t) -term_dontaudit_use_console(postgresql_t) corecmd_exec_bin(postgresql_t) corecmd_exec_ls(postgresql_t) @@ -119,8 +118,6 @@ files_read_etc_runtime_files(postgresql_t) files_read_usr_files(postgresql_t) init_read_utmp(postgresql_t) -init_use_fds(postgresql_t) -init_use_script_ptys(postgresql_t) libs_use_ld_so(postgresql_t) libs_use_shared_libs(postgresql_t) diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te index 308652d..e3f35dc 100644 --- a/policy/modules/services/postgrey.te +++ b/policy/modules/services/postgrey.te @@ -1,5 +1,5 @@ -policy_module(postgrey,1.1.0) +policy_module(postgrey,1.1.1) ######################################## # @@ -68,11 +68,6 @@ files_getattr_tmp_dirs(postgrey_t) fs_getattr_all_fs(postgrey_t) fs_search_auto_mountpoints(postgrey_t) -term_dontaudit_use_console(postgrey_t) - -init_use_fds(postgrey_t) -init_use_script_ptys(postgrey_t) - libs_use_ld_so(postgrey_t) libs_use_shared_libs(postgrey_t) diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te index 16c9270..e59eaa8 100644 --- a/policy/modules/services/ppp.te +++ b/policy/modules/services/ppp.te @@ -1,5 +1,5 @@ -policy_module(ppp,1.3.0) +policy_module(ppp,1.3.1) ######################################## # @@ -130,7 +130,6 @@ term_setattr_unallocated_ttys(pppd_t) term_ioctl_generic_ptys(pppd_t) # for pppoe term_create_pty(pppd_t,pppd_devpts_t) -term_dontaudit_use_console(pppd_t) # allow running ip-up and ip-down scripts and running chat. corecmd_exec_bin(pppd_t) @@ -149,8 +148,6 @@ files_read_etc_files(pppd_t) init_read_utmp(pppd_t) init_dontaudit_write_utmp(pppd_t) -init_use_fds(pppd_t) -init_use_script_ptys(pppd_t) libs_use_ld_so(pppd_t) libs_use_shared_libs(pppd_t) @@ -274,16 +271,12 @@ corenet_sendrecv_generic_client_packets(pptp_t) fs_getattr_all_fs(pptp_t) fs_search_auto_mountpoints(pptp_t) -term_dontaudit_use_console(pptp_t) term_ioctl_generic_ptys(pptp_t) term_search_ptys(pptp_t) term_use_ptmx(pptp_t) domain_use_interactive_fds(pptp_t) -init_use_fds(pptp_t) -init_use_script_ptys(pptp_t) - libs_use_ld_so(pptp_t) libs_use_shared_libs(pptp_t) diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te index 3cf9156..d89fd79 100644 --- a/policy/modules/services/privoxy.te +++ b/policy/modules/services/privoxy.te @@ -1,5 +1,5 @@ -policy_module(privoxy,1.2.0) +policy_module(privoxy,1.2.1) ######################################## # @@ -61,15 +61,10 @@ dev_read_sysfs(privoxy_t) fs_getattr_all_fs(privoxy_t) fs_search_auto_mountpoints(privoxy_t) -term_dontaudit_use_console(privoxy_t) - domain_use_interactive_fds(privoxy_t) files_read_etc_files(privoxy_t) -init_use_fds(privoxy_t) -init_use_script_ptys(privoxy_t) - libs_use_ld_so(privoxy_t) libs_use_shared_libs(privoxy_t) diff --git a/policy/modules/services/pxe.te b/policy/modules/services/pxe.te index 4903e40..d81e84f 100644 --- a/policy/modules/services/pxe.te +++ b/policy/modules/services/pxe.te @@ -1,5 +1,5 @@ -policy_module(pxe,1.0.0) +policy_module(pxe,1.0.1) # cjp: policy seems incomplete @@ -48,11 +48,6 @@ files_read_etc_files(pxe_t) fs_getattr_all_fs(pxe_t) fs_search_auto_mountpoints(pxe_t) -term_dontaudit_use_console(pxe_t) - -init_use_fds(pxe_t) -init_use_script_ptys(pxe_t) - libs_use_ld_so(pxe_t) libs_use_shared_libs(pxe_t) diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te index fd1a06e..80c95df 100644 --- a/policy/modules/services/radius.te +++ b/policy/modules/services/radius.te @@ -1,5 +1,5 @@ -policy_module(radius,1.2.1) +policy_module(radius,1.2.2) ######################################## # @@ -79,8 +79,6 @@ dev_read_sysfs(radiusd_t) fs_getattr_all_fs(radiusd_t) fs_search_auto_mountpoints(radiusd_t) -term_dontaudit_use_console(radiusd_t) - auth_read_shadow(radiusd_t) auth_domtrans_chk_passwd(radiusd_t) @@ -94,9 +92,6 @@ files_read_usr_files(radiusd_t) files_read_etc_files(radiusd_t) files_read_etc_runtime_files(radiusd_t) -init_use_fds(radiusd_t) -init_use_script_ptys(radiusd_t) - libs_use_ld_so(radiusd_t) libs_use_shared_libs(radiusd_t) libs_exec_lib_files(radiusd_t) diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te index 2be5e67..62fc1ea 100644 --- a/policy/modules/services/radvd.te +++ b/policy/modules/services/radvd.te @@ -1,5 +1,5 @@ -policy_module(radvd,1.2.1) +policy_module(radvd,1.2.2) ######################################## # @@ -53,16 +53,11 @@ dev_read_sysfs(radvd_t) fs_getattr_all_fs(radvd_t) fs_search_auto_mountpoints(radvd_t) -term_dontaudit_use_console(radvd_t) - domain_use_interactive_fds(radvd_t) files_read_etc_files(radvd_t) files_list_usr(radvd_t) -init_use_fds(radvd_t) -init_use_script_ptys(radvd_t) - libs_use_ld_so(radvd_t) libs_use_shared_libs(radvd_t) diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te index 04ae9a6..8a89f18 100644 --- a/policy/modules/services/rdisc.te +++ b/policy/modules/services/rdisc.te @@ -1,5 +1,5 @@ -policy_module(rdisc,1.2.0) +policy_module(rdisc,1.2.1) ######################################## # @@ -37,15 +37,10 @@ dev_read_sysfs(rdisc_t) fs_search_auto_mountpoints(rdisc_t) -term_dontaudit_use_console(rdisc_t) - domain_use_interactive_fds(rdisc_t) files_read_etc_files(rdisc_t) -init_use_fds(rdisc_t) -init_use_script_ptys(rdisc_t) - libs_use_ld_so(rdisc_t) libs_use_shared_libs(rdisc_t) diff --git a/policy/modules/services/resmgr.te b/policy/modules/services/resmgr.te index 890c1dd..3037ad6 100644 --- a/policy/modules/services/resmgr.te +++ b/policy/modules/services/resmgr.te @@ -1,5 +1,5 @@ -policy_module(resmgr,1.0.0) +policy_module(resmgr,1.0.1) ######################################## # @@ -52,11 +52,6 @@ storage_raw_read_removable_device(resmgrd_t) storage_write_scsi_generic(resmgrd_t) storage_raw_write_removable_device(resmgrd_t) -term_dontaudit_use_console(resmgrd_t) - -init_use_fds(resmgrd_t) -init_use_script_ptys(resmgrd_t) - libs_use_ld_so(resmgrd_t) libs_use_shared_libs(resmgrd_t) diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te index cdf3651..a09c821 100644 --- a/policy/modules/services/rhgb.te +++ b/policy/modules/services/rhgb.te @@ -1,5 +1,5 @@ -policy_module(rhgb,1.2.1) +policy_module(rhgb,1.2.2) ######################################## # @@ -82,13 +82,10 @@ fs_manage_ramfs_sockets(rhgb_t) selinux_dontaudit_read_fs(rhgb_t) -term_dontaudit_use_console(rhgb_t) term_use_unallocated_ttys(rhgb_t) term_use_ptmx(rhgb_t) term_getattr_pty_fs(rhgb_t) -init_use_fds(rhgb_t) -init_use_script_ptys(rhgb_t) init_write_initctl(rhgb_t) libs_use_ld_so(rhgb_t) diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te index 19ca515..695bbb5 100644 --- a/policy/modules/services/ricci.te +++ b/policy/modules/services/ricci.te @@ -1,5 +1,5 @@ -policy_module(ricci,1.0.2) +policy_module(ricci,1.0.3) ######################################## # @@ -140,7 +140,6 @@ files_create_boot_flag(ricci_t) auth_domtrans_chk_passwd(ricci_t) auth_append_login_records(ricci_t) -init_dontaudit_use_fds(ricci_t) init_dontaudit_stream_connect_script(ricci_t) libs_use_ld_so(ricci_t) @@ -155,7 +154,6 @@ miscfiles_read_localization(ricci_t) sysnet_dns_name_resolve(ricci_t) ifdef(`targeted_policy', ` - term_dontaudit_use_console(ricci_t) term_dontaudit_use_generic_ptys(ricci_t) term_dontaudit_use_unallocated_ttys(ricci_t) ') @@ -307,7 +305,6 @@ files_read_etc_runtime_files(ricci_modclusterd_t) fs_getattr_xattr_fs(ricci_modclusterd_t) -init_dontaudit_use_fds(ricci_modclusterd_t) init_dontaudit_stream_connect_script(ricci_modclusterd_t) libs_use_ld_so(ricci_modclusterd_t) @@ -323,7 +320,6 @@ sysnet_domtrans_ifconfig(ricci_modclusterd_t) sysnet_dns_name_resolve(ricci_modclusterd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_console(ricci_modclusterd_t) term_dontaudit_use_generic_ptys(ricci_modclusterd_t) term_dontaudit_use_unallocated_ttys(ricci_modclusterd_t) ') diff --git a/policy/modules/services/roundup.te b/policy/modules/services/roundup.te index 5992ac8..59a9f3f 100644 --- a/policy/modules/services/roundup.te +++ b/policy/modules/services/roundup.te @@ -1,5 +1,5 @@ -policy_module(roundup,1.1.0) +policy_module(roundup,1.1.1) ######################################## # @@ -70,11 +70,6 @@ files_read_etc_files(roundup_t) fs_getattr_all_fs(roundup_t) fs_search_auto_mountpoints(roundup_t) -term_dontaudit_use_console(roundup_t) - -init_use_fds(roundup_t) -init_use_script_ptys(roundup_t) - libs_use_ld_so(roundup_t) libs_use_shared_libs(roundup_t) diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if index 1444083..21d96f5 100644 --- a/policy/modules/services/rpc.if +++ b/policy/modules/services/rpc.if @@ -95,16 +95,11 @@ template(`rpc_domain_template', ` fs_rw_rpc_named_pipes($1_t) fs_search_auto_mountpoints($1_t) - term_dontaudit_use_console($1_t) - files_read_etc_files($1_t) files_read_etc_runtime_files($1_t) files_search_var($1_t) files_search_var_lib($1_t) - init_use_fds($1_t) - init_use_script_ptys($1_t) - libs_use_ld_so($1_t) libs_use_shared_libs($1_t) diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te index d240811..25d59ad 100644 --- a/policy/modules/services/rpc.te +++ b/policy/modules/services/rpc.te @@ -1,5 +1,5 @@ -policy_module(rpc,1.4.2) +policy_module(rpc,1.4.3) ######################################## # diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te index 51c1211..5e12b87 100644 --- a/policy/modules/services/rsync.te +++ b/policy/modules/services/rsync.te @@ -1,5 +1,5 @@ -policy_module(rsync,1.3.0) +policy_module(rsync,1.3.1) ######################################## # @@ -71,8 +71,6 @@ fs_getattr_xattr_fs(rsync_t) files_read_etc_files(rsync_t) files_search_home(rsync_t) -init_dontaudit_use_fds(rsync_t) - libs_use_ld_so(rsync_t) libs_use_shared_libs(rsync_t) diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te index b3e8033..15fe80b 100644 --- a/policy/modules/services/samba.te +++ b/policy/modules/services/samba.te @@ -1,5 +1,5 @@ -policy_module(samba,1.4.1) +policy_module(samba,1.4.2) ################################# # @@ -244,8 +244,6 @@ fs_get_xattr_fs_quotas(smbd_t) fs_search_auto_mountpoints(smbd_t) fs_getattr_rpc_dirs(smbd_t) -term_dontaudit_use_console(smbd_t) - auth_use_nsswitch(smbd_t) auth_domtrans_chk_passwd(smbd_t) @@ -259,8 +257,6 @@ files_search_spool(smbd_t) # Allow samba to list mnt_t for potential mounted dirs files_list_mnt(smbd_t) -init_use_fds(smbd_t) -init_use_script_ptys(smbd_t) init_rw_utmp(smbd_t) libs_use_ld_so(smbd_t) @@ -380,16 +376,11 @@ dev_getattr_mtrr_dev(nmbd_t) fs_getattr_all_fs(nmbd_t) fs_search_auto_mountpoints(nmbd_t) -term_dontaudit_use_console(nmbd_t) - domain_use_interactive_fds(nmbd_t) files_read_usr_files(nmbd_t) files_read_etc_files(nmbd_t) -init_use_fds(nmbd_t) -init_use_script_ptys(nmbd_t) - libs_use_ld_so(nmbd_t) libs_use_shared_libs(nmbd_t) @@ -669,17 +660,12 @@ dev_read_urand(winbind_t) fs_getattr_all_fs(winbind_t) fs_search_auto_mountpoints(winbind_t) -term_dontaudit_use_console(winbind_t) - auth_domtrans_chk_passwd(winbind_t) domain_use_interactive_fds(winbind_t) files_read_etc_files(winbind_t) -init_use_fds(winbind_t) -init_use_script_ptys(winbind_t) - libs_use_ld_so(winbind_t) libs_use_shared_libs(winbind_t) diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te index 8911fec..a20ace8 100644 --- a/policy/modules/services/sasl.te +++ b/policy/modules/services/sasl.te @@ -1,5 +1,5 @@ -policy_module(sasl,1.4.0) +policy_module(sasl,1.4.1) ######################################## # @@ -48,8 +48,6 @@ fs_search_auto_mountpoints(saslauthd_t) selinux_compute_access_vector(saslauthd_t) -term_dontaudit_use_console(saslauthd_t) - auth_domtrans_chk_passwd(saslauthd_t) auth_use_nsswitch(saslauthd_t) @@ -61,8 +59,6 @@ files_search_var_lib(saslauthd_t) files_dontaudit_getattr_home_dir(saslauthd_t) files_dontaudit_getattr_tmp_dirs(saslauthd_t) -init_use_fds(saslauthd_t) -init_use_script_ptys(saslauthd_t) init_dontaudit_stream_connect_script(saslauthd_t) libs_use_ld_so(saslauthd_t) diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te index 8689113..ea141e6 100644 --- a/policy/modules/services/setroubleshoot.te +++ b/policy/modules/services/setroubleshoot.te @@ -1,5 +1,5 @@ -policy_module(setroubleshoot,1.2.2) +policy_module(setroubleshoot,1.2.3) ######################################## # @@ -79,14 +79,11 @@ files_getattr_all_files(setroubleshootd_t) selinux_get_enforce_mode(setroubleshootd_t) selinux_validate_context(setroubleshootd_t) -term_dontaudit_use_console(setroubleshootd_t) term_dontaudit_use_all_user_ptys(setroubleshootd_t) term_dontaudit_use_all_user_ttys(setroubleshootd_t) init_read_utmp(setroubleshootd_t) init_dontaudit_write_utmp(setroubleshootd_t) -init_use_fds(setroubleshootd_t) -init_use_script_ptys(setroubleshootd_t) libs_use_ld_so(setroubleshootd_t) libs_use_shared_libs(setroubleshootd_t) diff --git a/policy/modules/services/slrnpull.te b/policy/modules/services/slrnpull.te index ff0951c..bcbad2e 100644 --- a/policy/modules/services/slrnpull.te +++ b/policy/modules/services/slrnpull.te @@ -1,5 +1,5 @@ -policy_module(slrnpull,1.0.0) +policy_module(slrnpull,1.0.1) ######################################## # @@ -51,11 +51,6 @@ files_read_etc_files(slrnpull_t) fs_getattr_all_fs(slrnpull_t) fs_search_auto_mountpoints(slrnpull_t) -term_dontaudit_use_console(slrnpull_t) - -init_use_fds(slrnpull_t) -init_use_script_ptys(slrnpull_t) - libs_use_ld_so(slrnpull_t) libs_use_shared_libs(slrnpull_t) diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te index 91094fd..a86e060 100644 --- a/policy/modules/services/smartmon.te +++ b/policy/modules/services/smartmon.te @@ -1,5 +1,5 @@ -policy_module(smartmon,1.1.0) +policy_module(smartmon,1.1.1) ######################################## # @@ -65,12 +65,8 @@ storage_raw_read_fixed_disk(fsdaemon_t) storage_raw_write_fixed_disk(fsdaemon_t) storage_raw_read_removable_device(fsdaemon_t) -term_dontaudit_use_console(fsdaemon_t) term_dontaudit_search_ptys(fsdaemon_t) -init_use_fds(fsdaemon_t) -init_use_script_ptys(fsdaemon_t) - libs_use_ld_so(fsdaemon_t) libs_use_shared_libs(fsdaemon_t) libs_exec_ld_so(fsdaemon_t) diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te index 22617e9..ae554a8 100644 --- a/policy/modules/services/snmp.te +++ b/policy/modules/services/snmp.te @@ -1,5 +1,5 @@ -policy_module(snmp,1.3.1) +policy_module(snmp,1.3.2) ######################################## # @@ -96,11 +96,7 @@ fs_search_auto_mountpoints(snmpd_t) storage_dontaudit_read_fixed_disk(snmpd_t) storage_dontaudit_read_removable_device(snmpd_t) -term_dontaudit_use_console(snmpd_t) - init_read_utmp(snmpd_t) -init_use_fds(snmpd_t) -init_use_script_ptys(snmpd_t) init_dontaudit_write_utmp(snmpd_t) libs_use_ld_so(snmpd_t) diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te index 4acfecc..92aaab2 100644 --- a/policy/modules/services/snort.te +++ b/policy/modules/services/snort.te @@ -1,5 +1,5 @@ -policy_module(snort,1.1.0) +policy_module(snort,1.1.1) ######################################## # @@ -75,11 +75,6 @@ files_dontaudit_read_etc_runtime_files(snort_t) fs_getattr_all_fs(snort_t) fs_search_auto_mountpoints(snort_t) -term_dontaudit_use_console(snort_t) - -init_use_fds(snort_t) -init_use_script_ptys(snort_t) - libs_use_ld_so(snort_t) libs_use_shared_libs(snort_t) diff --git a/policy/modules/services/soundserver.te b/policy/modules/services/soundserver.te index d43168c..09c81ca 100644 --- a/policy/modules/services/soundserver.te +++ b/policy/modules/services/soundserver.te @@ -1,5 +1,5 @@ -policy_module(soundserver,1.1.0) +policy_module(soundserver,1.1.1) ######################################## # @@ -85,11 +85,6 @@ files_read_etc_runtime_files(soundd_t) fs_getattr_all_fs(soundd_t) fs_search_auto_mountpoints(soundd_t) -term_dontaudit_use_console(soundd_t) - -init_use_fds(soundd_t) -init_use_script_ptys(soundd_t) - libs_use_ld_so(soundd_t) libs_use_shared_libs(soundd_t) diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te index b3e3056..b1a6f39 100644 --- a/policy/modules/services/spamassassin.te +++ b/policy/modules/services/spamassassin.te @@ -1,5 +1,5 @@ -policy_module(spamassassin,1.5.4) +policy_module(spamassassin,1.5.5) ######################################## # @@ -103,8 +103,6 @@ dev_read_urand(spamd_t) fs_getattr_all_fs(spamd_t) fs_search_auto_mountpoints(spamd_t) -term_dontaudit_use_console(spamd_t) - auth_dontaudit_read_shadow(spamd_t) corecmd_exec_bin(spamd_t) @@ -118,8 +116,6 @@ files_read_etc_runtime_files(spamd_t) # /var/lib/spamassin files_read_var_lib_files(spamd_t) -init_use_fds(spamd_t) -init_use_script_ptys(spamd_t) init_dontaudit_rw_utmp(spamd_t) libs_use_ld_so(spamd_t) diff --git a/policy/modules/services/speedtouch.te b/policy/modules/services/speedtouch.te index 025d4a4..9a3d041 100644 --- a/policy/modules/services/speedtouch.te +++ b/policy/modules/services/speedtouch.te @@ -1,5 +1,5 @@ -policy_module(speedtouch,1.0.0) +policy_module(speedtouch,1.0.1) ####################################### # @@ -46,11 +46,6 @@ files_read_usr_files(speedmgmt_t) fs_getattr_all_fs(speedmgmt_t) fs_search_auto_mountpoints(speedmgmt_t) -term_dontaudit_use_console(speedmgmt_t) - -init_use_fds(speedmgmt_t) -init_use_script_ptys(speedmgmt_t) - libs_use_ld_so(speedmgmt_t) libs_use_shared_libs(speedmgmt_t) diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te index 33ff7f4..89a9e5c 100644 --- a/policy/modules/services/squid.te +++ b/policy/modules/services/squid.te @@ -1,5 +1,5 @@ -policy_module(squid,1.2.0) +policy_module(squid,1.2.1) ######################################## # @@ -99,7 +99,6 @@ fs_search_auto_mountpoints(squid_t) selinux_dontaudit_getattr_dir(squid_t) -term_dontaudit_use_console(squid_t) term_dontaudit_getattr_pty_dirs(squid_t) # to allow running programs from /usr/lib/squid (IE unlinkd) @@ -116,9 +115,6 @@ files_search_spool(squid_t) files_dontaudit_getattr_tmp_dirs(squid_t) files_getattr_home_dir(squid_t) -init_use_fds(squid_t) -init_use_script_ptys(squid_t) - libs_use_ld_so(squid_t) libs_use_shared_libs(squid_t) # to allow running programs from /usr/lib/squid (IE unlinkd) diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te index c6d0070..73160ea 100644 --- a/policy/modules/services/stunnel.te +++ b/policy/modules/services/stunnel.te @@ -1,5 +1,5 @@ -policy_module(stunnel,1.2.0) +policy_module(stunnel,1.2.1) ######################################## # @@ -84,13 +84,8 @@ ifdef(`distro_gentoo', ` fs_search_auto_mountpoints(stunnel_t) - term_dontaudit_use_console(stunnel_t) - domain_use_interactive_fds(stunnel_t) - init_use_fds(stunnel_t) - init_use_script_ptys(stunnel_t) - userdom_dontaudit_use_unpriv_user_fds(stunnel_t) userdom_dontaudit_search_sysadm_home_dirs(stunnel_t) diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te index c8d088e..7f4e907 100644 --- a/policy/modules/services/sysstat.te +++ b/policy/modules/services/sysstat.te @@ -1,5 +1,5 @@ -policy_module(sysstat,1.1.1) +policy_module(sysstat,1.1.2) ######################################## # @@ -53,7 +53,6 @@ term_use_console(sysstat_t) term_use_all_terms(sysstat_t) init_use_fds(sysstat_t) -init_use_script_ptys(sysstat_t) libs_use_ld_so(sysstat_t) libs_use_shared_libs(sysstat_t) diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te index 3d386d0..d5b29f9 100644 --- a/policy/modules/services/tftp.te +++ b/policy/modules/services/tftp.te @@ -1,5 +1,5 @@ -policy_module(tftp,1.3.0) +policy_module(tftp,1.3.1) ######################################## # @@ -56,8 +56,6 @@ dev_read_sysfs(tftpd_t) fs_getattr_all_fs(tftpd_t) fs_search_auto_mountpoints(tftpd_t) -term_dontaudit_use_console(tftpd_t) - domain_use_interactive_fds(tftpd_t) files_read_etc_files(tftpd_t); @@ -65,9 +63,6 @@ files_read_var_files(tftpd_t) files_read_var_symlinks(tftpd_t) files_search_var(tftpd_t) -init_use_fds(tftpd_t) -init_use_script_ptys(tftpd_t) - libs_use_ld_so(tftpd_t) libs_use_shared_libs(tftpd_t) diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te index 01b20a5..cda1eb2 100644 --- a/policy/modules/services/timidity.te +++ b/policy/modules/services/timidity.te @@ -1,5 +1,5 @@ -policy_module(timidity,1.2.0) +policy_module(timidity,1.2.1) # Note: You only need this policy if you want to run timidity as a server @@ -53,8 +53,6 @@ dev_write_sound(timidity_t) fs_search_auto_mountpoints(timidity_t) -term_dontaudit_use_console(timidity_t) - domain_use_interactive_fds(timidity_t) files_search_tmp(timidity_t) @@ -63,9 +61,6 @@ files_read_usr_files(timidity_t) # read /etc/esd.conf files_read_etc_files(timidity_t) -init_use_fds(timidity_t) -init_use_script_ptys(timidity_t) - libs_use_ld_so(timidity_t) libs_use_shared_libs(timidity_t) # read libartscbackend.la diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te index 09bd8a5..d407aee 100644 --- a/policy/modules/services/tor.te +++ b/policy/modules/services/tor.te @@ -1,5 +1,5 @@ -policy_module(tor,1.1.0) +policy_module(tor,1.1.1) ######################################## # @@ -85,12 +85,6 @@ domain_use_interactive_fds(tor_t) files_read_etc_files(tor_t) files_read_etc_runtime_files(tor_t) -term_dontaudit_use_console(tor_t) - -# comm with init -init_use_fds(tor_t) -init_use_script_ptys(tor_t) - libs_use_ld_so(tor_t) libs_use_shared_libs(tor_t) diff --git a/policy/modules/services/transproxy.te b/policy/modules/services/transproxy.te index ba4c2b2..9225f72 100644 --- a/policy/modules/services/transproxy.te +++ b/policy/modules/services/transproxy.te @@ -1,5 +1,5 @@ -policy_module(transproxy,1.1.0) +policy_module(transproxy,1.1.1) ######################################## # @@ -47,11 +47,6 @@ files_read_etc_files(transproxy_t) fs_getattr_all_fs(transproxy_t) fs_search_auto_mountpoints(transproxy_t) -term_dontaudit_use_console(transproxy_t) - -init_use_fds(transproxy_t) -init_use_script_ptys(transproxy_t) - libs_use_ld_so(transproxy_t) libs_use_shared_libs(transproxy_t) diff --git a/policy/modules/services/uptime.te b/policy/modules/services/uptime.te index 433c59d..d75f44b 100644 --- a/policy/modules/services/uptime.te +++ b/policy/modules/services/uptime.te @@ -1,5 +1,5 @@ -policy_module(uptime,1.0.0) +policy_module(uptime,1.0.1) ######################################## # @@ -55,11 +55,6 @@ files_read_etc_runtime_files(uptimed_t) fs_getattr_all_fs(uptimed_t) fs_search_auto_mountpoints(uptimed_t) -term_dontaudit_use_console(uptimed_t) - -init_use_fds(uptimed_t) -init_use_script_ptys(uptimed_t) - libs_use_ld_so(uptimed_t) libs_use_shared_libs(uptimed_t) diff --git a/policy/modules/services/uwimap.te b/policy/modules/services/uwimap.te index 08cb8fa..ec9ae0b 100644 --- a/policy/modules/services/uwimap.te +++ b/policy/modules/services/uwimap.te @@ -1,5 +1,5 @@ -policy_module(uwimap,1.1.0) +policy_module(uwimap,1.1.1) ######################################## # @@ -62,13 +62,8 @@ files_read_etc_files(imapd_t) fs_getattr_all_fs(imapd_t) fs_search_auto_mountpoints(imapd_t) -term_dontaudit_use_console(imapd_t) - auth_domtrans_chk_passwd(imapd_t) -init_use_fds(imapd_t) -init_use_script_ptys(imapd_t) - libs_use_ld_so(imapd_t) libs_use_shared_libs(imapd_t) diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te index 3c277f0..1e0956d 100644 --- a/policy/modules/services/watchdog.te +++ b/policy/modules/services/watchdog.te @@ -1,5 +1,5 @@ -policy_module(watchdog,1.1.0) +policy_module(watchdog,1.1.1) ################################# # @@ -77,14 +77,9 @@ fs_unmount_xattr_fs(watchdog_t) fs_getattr_all_fs(watchdog_t) fs_search_auto_mountpoints(watchdog_t) -term_dontaudit_use_console(watchdog_t) - # record the fact that we are going down auth_append_login_records(watchdog_t) -init_use_fds(watchdog_t) -init_use_script_ptys(watchdog_t) - libs_use_ld_so(watchdog_t) libs_use_shared_libs(watchdog_t) diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te index f169179..af11aae 100644 --- a/policy/modules/services/xfs.te +++ b/policy/modules/services/xfs.te @@ -1,5 +1,5 @@ -policy_module(xfs,1.1.0) +policy_module(xfs,1.1.1) ######################################## # @@ -53,13 +53,8 @@ files_read_etc_files(xfs_t) files_read_etc_runtime_files(xfs_t) files_read_usr_files(xfs_t) -term_dontaudit_use_console(xfs_t) - auth_use_nsswitch(xfs_t) -init_use_fds(xfs_t) -init_use_script_ptys(xfs_t) - libs_use_ld_so(xfs_t) libs_use_shared_libs(xfs_t) diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te index 0912878..fc84b65 100644 --- a/policy/modules/services/xprint.te +++ b/policy/modules/services/xprint.te @@ -1,5 +1,5 @@ -policy_module(xprint,1.1.0) +policy_module(xprint,1.1.1) ######################################## # @@ -57,11 +57,6 @@ files_search_tmp(xprint_t) fs_getattr_all_fs(xprint_t) fs_search_auto_mountpoints(xprint_t) -term_dontaudit_use_console(xprint_t) - -init_use_fds(xprint_t) -init_use_script_ptys(xprint_t) - libs_use_ld_so(xprint_t) libs_use_shared_libs(xprint_t) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 2d20c0c..abc53f8 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,5 +1,5 @@ -policy_module(xserver,1.3.2) +policy_module(xserver,1.3.3) ######################################## # @@ -224,7 +224,6 @@ storage_dontaudit_setattr_removable_dev(xdm_t) storage_dontaudit_rw_scsi_generic(xdm_t) term_setattr_console(xdm_t) -term_dontaudit_use_console(xdm_t) term_use_unallocated_ttys(xdm_t) term_setattr_unallocated_ttys(xdm_t) @@ -234,10 +233,8 @@ auth_manage_pam_console_data(xdm_t) auth_rw_faillog(xdm_t) auth_write_login_records(xdm_t) -init_use_script_ptys(xdm_t) # Run telinit->init to shutdown. -init_exec(xdm_t) -init_write_initctl(xdm_t) +init_telinit(xdm_t) libs_use_ld_so(xdm_t) libs_use_shared_libs(xdm_t) diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te index 0c7f518..c32fe07 100644 --- a/policy/modules/services/zebra.te +++ b/policy/modules/services/zebra.te @@ -1,5 +1,5 @@ -policy_module(zebra,1.3.0) +policy_module(zebra,1.3.1) ######################################## # @@ -85,7 +85,6 @@ dev_rw_zero(zebra_t) fs_getattr_all_fs(zebra_t) fs_search_auto_mountpoints(zebra_t) -term_dontaudit_use_console(zebra_t) term_list_ptys(zebra_t) domain_use_interactive_fds(zebra_t) @@ -94,9 +93,6 @@ files_search_etc(zebra_t) files_read_etc_files(zebra_t) files_read_etc_runtime_files(zebra_t) -init_use_fds(zebra_t) -init_use_script_ptys(zebra_t) - libs_use_ld_so(zebra_t) libs_use_shared_libs(zebra_t) diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te index 355ccd5..381f23f 100644 --- a/policy/modules/system/hotplug.te +++ b/policy/modules/system/hotplug.te @@ -1,5 +1,5 @@ -policy_module(hotplug,1.4.0) +policy_module(hotplug,1.4.1) ######################################## # @@ -72,8 +72,6 @@ fs_search_auto_mountpoints(hotplug_t) storage_setattr_fixed_disk_dev(hotplug_t) storage_setattr_removable_dev(hotplug_t) -term_dontaudit_use_console(hotplug_t) - corecmd_exec_bin(hotplug_t) corecmd_exec_shell(hotplug_t) corecmd_exec_sbin(hotplug_t) @@ -91,8 +89,6 @@ files_exec_etc_files(hotplug_t) # for when filesystems are not mounted early in the boot: files_dontaudit_search_isid_type_dirs(hotplug_t) -init_use_fds(hotplug_t) -init_use_script_ptys(hotplug_t) init_read_script_state(hotplug_t) # Allow hotplug (including /sbin/ifup-local) to start/stop services and # run sendmail -q diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 19b783f..0e60c02 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -105,6 +105,15 @@ interface(`init_daemon_domain',` role system_r types $1; + # daemons started from init will + # inherit fds from init for the console + init_dontaudit_use_fds($1) + term_dontaudit_use_console($1) + + # init script ptys are the stdin/out/err + # when using run_init + init_use_script_ptys($1) + ifdef(`direct_sysadm_daemon',` domtrans_pattern(direct_run_init,$2,$1) allow direct_run_init $1:process { noatsecure siginh rlimitinh }; diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index f46b94a..9220d4c 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1,5 +1,5 @@ -policy_module(init,1.5.2) +policy_module(init,1.5.3) gen_require(` class passwd rootok; diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te index bd231f6..3760ed0 100644 --- a/policy/modules/system/iscsi.te +++ b/policy/modules/system/iscsi.te @@ -1,5 +1,5 @@ -policy_module(iscsid,1.0.0) +policy_module(iscsid,1.0.1) ######################################## # @@ -67,9 +67,6 @@ domain_use_interactive_fds(iscsid_t) files_read_etc_files(iscsid_t) -init_use_fds(iscsid_t) -init_use_script_ptys(iscsid_t) - libs_use_ld_so(iscsid_t) libs_use_shared_libs(iscsid_t) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index a7fb6a6..299a3c9 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,5 +1,5 @@ -policy_module(logging,1.5.2) +policy_module(logging,1.5.3) ######################################## # @@ -84,7 +84,6 @@ mls_file_read_up(auditctl_t) term_use_all_terms(auditctl_t) -init_use_script_ptys(auditctl_t) init_dontaudit_use_fds(auditctl_t) libs_use_ld_so(auditctl_t) @@ -135,8 +134,6 @@ fs_search_auto_mountpoints(auditd_t) selinux_search_fs(auditctl_t) -term_dontaudit_use_console(auditd_t) - # Needs to be able to run dispatcher. see /etc/audit/auditd.conf # Probably want a transition, and a new auditd_helper app corecmd_exec_sbin(auditd_t) @@ -148,10 +145,7 @@ domain_use_interactive_fds(auditd_t) files_read_etc_files(auditd_t) files_list_usr(auditd_t) -init_use_fds(auditd_t) -init_exec(auditd_t) -init_write_initctl(auditd_t) -init_dontaudit_use_script_ptys(auditd_t) +init_telinit(auditd_t) logging_send_syslog_msg(auditd_t) @@ -217,17 +211,12 @@ dev_read_sysfs(klogd_t) fs_getattr_all_fs(klogd_t) fs_search_auto_mountpoints(klogd_t) -term_dontaudit_use_console(klogd_t) - domain_use_interactive_fds(klogd_t) files_read_etc_runtime_files(klogd_t) # read /etc/nsswitch.conf files_read_etc_files(klogd_t) -init_use_fds(klogd_t) -init_use_script_ptys(klogd_t) - libs_use_ld_so(klogd_t) libs_use_shared_libs(klogd_t) @@ -336,7 +325,6 @@ corenet_sendrecv_syslogd_server_packets(syslogd_t) fs_getattr_all_fs(syslogd_t) init_use_fds(syslogd_t) -init_use_script_ptys(syslogd_t) domain_use_interactive_fds(syslogd_t) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index d4c508d..27229f9 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -1,5 +1,5 @@ -policy_module(lvm,1.5.2) +policy_module(lvm,1.5.3) ######################################## # @@ -100,15 +100,10 @@ fs_dontaudit_read_removable_files(clvmd_t) storage_dontaudit_getattr_removable_dev(clvmd_t) -term_dontaudit_use_console(clvmd_t) - domain_use_interactive_fds(clvmd_t) storage_raw_read_fixed_disk(clvmd_t) -init_use_fds(clvmd_t) -init_use_script_ptys(clvmd_t) - libs_use_ld_so(clvmd_t) libs_use_shared_libs(clvmd_t) diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te index 01aa654..4ffc422 100644 --- a/policy/modules/system/pcmcia.te +++ b/policy/modules/system/pcmcia.te @@ -1,5 +1,5 @@ -policy_module(pcmcia,1.1.0) +policy_module(pcmcia,1.1.1) ######################################## # @@ -66,7 +66,6 @@ fs_search_auto_mountpoints(cardmgr_t) term_use_unallocated_ttys(cardmgr_t) term_getattr_all_user_ttys(cardmgr_t) -term_dontaudit_use_console(cardmgr_t) term_dontaudit_getattr_all_user_ptys(cardmgr_t) corecmd_exec_all_executables(cardmgr_t) @@ -94,9 +93,6 @@ files_dontaudit_getattr_all_symlinks(cardmgr_t) files_dontaudit_getattr_all_pipes(cardmgr_t) files_dontaudit_getattr_all_sockets(cardmgr_t) -init_use_fds(cardmgr_t) -init_use_script_ptys(cardmgr_t) - libs_use_ld_so(cardmgr_t) libs_use_shared_libs(cardmgr_t) libs_exec_ld_so(cardmgr_t) diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te index 5275953..9004d7f 100644 --- a/policy/modules/system/raid.te +++ b/policy/modules/system/raid.te @@ -1,5 +1,5 @@ -policy_module(raid,1.2.0) +policy_module(raid,1.2.1) ######################################## # @@ -47,7 +47,6 @@ fs_dontaudit_list_tmpfs(mdadm_t) storage_manage_fixed_disk(mdadm_t) storage_dev_filetrans_fixed_disk(mdadm_t) -term_dontaudit_use_console(mdadm_t) term_dontaudit_list_ptys(mdadm_t) # Helper program access @@ -60,8 +59,6 @@ domain_use_interactive_fds(mdadm_t) files_read_etc_files(mdadm_t) files_read_etc_runtime_files(mdadm_t) -init_use_fds(mdadm_t) -init_use_script_ptys(mdadm_t) init_dontaudit_getattr_initctl(mdadm_t) libs_use_ld_so(mdadm_t) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 7f859e9..952d2ef 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -1,5 +1,5 @@ -policy_module(selinuxutil,1.4.1) +policy_module(selinuxutil,1.4.2) ifdef(`strict_policy',` gen_require(` @@ -458,9 +458,6 @@ auth_relabel_all_files_except_shadow(restorecond_t ) auth_read_all_files_except_shadow(restorecond_t) auth_use_nsswitch(restorecond_t) -init_use_fds(restorecond_t) -init_dontaudit_use_script_ptys(restorecond_t) - libs_use_ld_so(restorecond_t) libs_use_shared_libs(restorecond_t) diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te index ca1a09c..5b36eb1 100644 --- a/policy/modules/system/setrans.te +++ b/policy/modules/system/setrans.te @@ -1,5 +1,5 @@ -policy_module(setrans,1.2.0) +policy_module(setrans,1.2.1) ######################################## # @@ -66,7 +66,6 @@ selinux_compute_access_vector(setrans_t) term_dontaudit_use_generic_ptys(setrans_t) term_dontaudit_use_unallocated_ttys(setrans_t) -init_use_fds(setrans_t) init_dontaudit_use_script_ptys(setrans_t) libs_use_ld_so(setrans_t) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index 26cca2b..81aeafd 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -1,5 +1,5 @@ -policy_module(sysnetwork,1.2.1) +policy_module(sysnetwork,1.2.2) ######################################## # @@ -107,7 +107,6 @@ dev_read_urand(dhcpc_t) fs_getattr_all_fs(dhcpc_t) fs_search_auto_mountpoints(dhcpc_t) -term_dontaudit_use_console(dhcpc_t) term_dontaudit_use_all_user_ttys(dhcpc_t) term_dontaudit_use_all_user_ptys(dhcpc_t) term_dontaudit_use_unallocated_ttys(dhcpc_t) @@ -126,8 +125,6 @@ files_search_home(dhcpc_t) files_search_var_lib(dhcpc_t) files_dontaudit_search_locks(dhcpc_t) -init_use_fds(dhcpc_t) -init_use_script_ptys(dhcpc_t) init_rw_utmp(dhcpc_t) logging_send_syslog_msg(dhcpc_t) diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index 2e614cf..aa8da2e 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -1,5 +1,5 @@ -policy_module(udev,1.5.0) +policy_module(udev,1.5.1) ######################################## # @@ -122,7 +122,6 @@ auth_read_pam_console_data(udev_t) auth_domtrans_pam_console(udev_t) auth_use_nsswitch(udev_t) -init_use_fds(udev_t) init_read_utmp(udev_t) init_dontaudit_write_utmp(udev_t) diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te index 116e121..bbc7bda 100644 --- a/policy/modules/system/xen.te +++ b/policy/modules/system/xen.te @@ -1,5 +1,5 @@ -policy_module(xen,1.2.0) +policy_module(xen,1.2.1) ######################################## # @@ -175,9 +175,6 @@ term_use_generic_ptys(xend_t) term_use_ptmx(xend_t) term_getattr_pty_fs(xend_t) -init_use_fds(xend_t) -init_use_script_ptys(xend_t) - libs_use_ld_so(xend_t) libs_use_shared_libs(xend_t)