From 2acba7bbdbeda96012e155f3dffeb5904a1ffdc7 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Aug 05 2009 13:51:47 +0000 Subject: fix ordering of interface calls in authlogin. --- diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index 98eee68..d5840d6 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -159,6 +159,8 @@ auth_use_nsswitch(pam_t) kernel_read_system_state(pam_t) +files_read_etc_files(pam_t) + fs_search_auto_mountpoints(pam_t) miscfiles_read_localization(pam_t) @@ -168,8 +170,6 @@ term_use_all_user_ptys(pam_t) init_dontaudit_rw_utmp(pam_t) -files_read_etc_files(pam_t) - logging_send_syslog_msg(pam_t) ifdef(`distro_ubuntu',` @@ -231,6 +231,17 @@ dev_getattr_xserver_misc_dev(pam_console_t) dev_setattr_xserver_misc_dev(pam_console_t) dev_read_urand(pam_console_t) +files_read_etc_files(pam_console_t) +files_search_pids(pam_console_t) +files_list_mnt(pam_console_t) +files_dontaudit_search_isid_type_dirs(pam_console_t) +# read /etc/mtab +files_read_etc_runtime_files(pam_console_t) + +fs_list_auto_mountpoints(pam_console_t) +fs_list_noxattr_fs(pam_console_t) +fs_getattr_all_fs(pam_console_t) + mls_file_read_all_levels(pam_console_t) mls_file_write_all_levels(pam_console_t) @@ -253,17 +264,6 @@ auth_use_nsswitch(pam_console_t) domain_use_interactive_fds(pam_console_t) -files_read_etc_files(pam_console_t) -files_search_pids(pam_console_t) -files_list_mnt(pam_console_t) -files_dontaudit_search_isid_type_dirs(pam_console_t) -# read /etc/mtab -files_read_etc_runtime_files(pam_console_t) - -fs_list_auto_mountpoints(pam_console_t) -fs_list_noxattr_fs(pam_console_t) -fs_getattr_all_fs(pam_console_t) - init_use_fds(pam_console_t) init_use_script_ptys(pam_console_t) @@ -352,6 +352,8 @@ allow utempter_t wtmp_t:file rw_file_perms; dev_read_urand(utempter_t) +files_read_etc_files(utempter_t) + term_getattr_all_user_ttys(utempter_t) term_getattr_all_user_ptys(utempter_t) term_dontaudit_use_all_user_ttys(utempter_t) @@ -360,8 +362,6 @@ term_dontaudit_use_ptmx(utempter_t) init_rw_utmp(utempter_t) -files_read_etc_files(utempter_t) - domain_use_interactive_fds(utempter_t) logging_search_logs(utempter_t)