+- Remove disable_trans booleans.
- Output different header sets for kernel and userland from flask headers.
- Marked the pax class as deprecated, changed it to userland so
it will be removed from the kernel.
role system_r types $1;
- ifdef(`targeted_policy',`
- # this regex is a hack, since it assumes there is a
- # _t at the end of the domain type. If there is no _t
- # at the end of the type, it returns empty!
- ifdef(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'),`',`
- bool regexp($1, `\(\w+\)_t', `\1_disable_trans') false;
- define(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'))
- ')
- if(regexp($1, `\(\w+\)_t', `\1_disable_trans') ) {
-# can_exec(inetd_t,$2)
- # cjp: this must be wrong
- gen_require(`
- type initrc_t, unconfined_t;
- ')
- can_exec({ unconfined_t initrc_t },$2)
- } else {
- domtrans_pattern(inetd_t,$2,$1)
- dontaudit inetd_t $1:process { noatsecure siginh rlimitinh };
- allow inetd_t $1:process sigkill;
- }
- ',`
- domtrans_pattern(inetd_t,$2,$1)
- dontaudit inetd_t $1:process { noatsecure siginh rlimitinh };
-
- allow inetd_t $1:process sigkill;
- ')
+ domtrans_pattern(inetd_t,$2,$1)
+
+ allow inetd_t $1:process sigkill;
')
########################################
-policy_module(inetd,1.2.2)
+policy_module(inetd,1.2.3)
########################################
#
role system_r types $1;
+ domtrans_pattern(initrc_t,$2,$1)
+
# daemons started from init will
# inherit fds from init for the console
init_dontaudit_use_fds($1)
')
')
- ifdef(`targeted_policy',`
- # this regex is a hack, since it assumes there is a
- # _t at the end of the domain type. If there is no _t
- # at the end of the type, it returns empty!
- ifdef(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'),`',`
- bool regexp($1, `\(\w+\)_t', `\1_disable_trans') false;
- define(`__define_'regexp($1, `\(\w+\)_t', `\1_disable_trans'))
- ')
- if(regexp($1, `\(\w+\)_t', `\1_disable_trans') ) {
- can_exec(initrc_t,$2)
- can_exec(direct_run_init,$2)
- } else {
- domtrans_pattern(initrc_t,$2,$1)
- allow initrc_t $1:process { noatsecure siginh rlimitinh };
- }
- ',`
- domtrans_pattern(initrc_t,$2,$1)
- ')
-
optional_policy(`
nscd_socket_use($1)
')
-policy_module(init,1.5.3)
+policy_module(init,1.5.4)
gen_require(`
class passwd rootok;