From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 17 Nov 2011 14:31:40 +0000 (-0500)
Subject: Allow namespace_init_t to use the console, define system_map_t as a proc_type, so... 
X-Git-Tag: 000~103
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=24acfb15ac546748f8b88312b7efa766ef8bde39;p=people%2Fstevee%2Fselinux-policy.git

Allow namespace_init_t to use the console, define system_map_t as a proc_type, so dontaudit in libra will work
---

diff --git a/policy/modules/apps/namespace.te b/policy/modules/apps/namespace.te
index bb6b61e1..6d4ec21c 100644
--- a/policy/modules/apps/namespace.te
+++ b/policy/modules/apps/namespace.te
@@ -31,6 +31,8 @@ auth_use_nsswitch(namespace_init_t)
 
 miscfiles_read_localization(namespace_init_t)
 
+term_use_console(namespace_init_t)
+
 userdom_manage_user_home_content_dirs(namespace_init_t)
 userdom_manage_user_home_content_files(namespace_init_t)
 userdom_relabelto_user_home_dirs(namespace_init_t)
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 20251b0d..4e8d5943 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -144,6 +144,7 @@ files_mountpoint(src_t)
 #
 type system_map_t;
 files_type(system_map_t)
+procs_type(system_map_t)
 genfscon proc /kallsyms gen_context(system_u:object_r:system_map_t,s0)
 
 #
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 8c500cde..4845190e 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -3079,3 +3079,21 @@ interface(`kernel_stream_connect',`
 	allow $1 kernel_t:unix_stream_socket connectto;
 ')
 
+########################################
+## <summary>
+##	Make the specified type usable for regular entries in proc
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for /proc entries.
+##	</summary>
+## </param>
+#
+interface(`procs_type',`
+	gen_require(`
+		attribute proc_type
+	')
+
+	typeattribute $1 proc_type;
+')
+