Allow devicekit_power to domtrans to mount

Allow dhcp to bind to udp ports > 1024 to do named stuff
Allow ssh_t to exec ssh_exec_t

diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
index 8d467c40f7a861cd3b0904aa7e45c6da51dc048b..3aaa7848285207713473250c272445a4f2269ef6 100644 (file)
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -307,7 +307,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-       mount_exec(devicekit_power_t)
+       mount_domtrans(devicekit_power_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
index a307b51bf91c6a3bf51dce80bbc07d8b93894d64..2e0938370c5433f2ec999e725fe98c4ca8de997d 100644 (file)
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
@@ -73,6 +73,8 @@ corenet_tcp_connect_all_ports(dhcpd_t)
 corenet_sendrecv_dhcpd_server_packets(dhcpd_t)
 corenet_sendrecv_pxe_server_packets(dhcpd_t)
 corenet_sendrecv_all_client_packets(dhcpd_t)
+corenet_dontaudit_udp_bind_all_reserved_ports(dhcpd_t)
+corenet_udp_bind_all_unreserved_ports(dhcpd_t)
 
 dev_read_sysfs(dhcpd_t)
 dev_read_rand(dhcpd_t)

diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index c7efe5d3d64dc19684a29fff942e45c0f8e2335e..580297ade94c97e6407906580b9ab89467e407c4 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -99,6 +99,7 @@ allow ssh_t self:sem create_sem_perms;
 allow ssh_t self:msgq create_msgq_perms;
 allow ssh_t self:msg { send receive };
 allow ssh_t self:tcp_socket create_stream_socket_perms;
+can_exec(ssh_t, ssh_exec_t)
 
 # Read the ssh key file.
 allow ssh_t sshd_key_t:file read_file_perms;