From 390b8a821be60ade965372c1049a60ace9eda441 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mar 22 2010 19:19:50 +0000 Subject: Radvd patch from Dan Walsh. --- diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te index 8ab8db6..d72dc56 100644 --- a/policy/modules/services/radvd.te +++ b/policy/modules/services/radvd.te @@ -1,5 +1,5 @@ -policy_module(radvd, 1.11.1) +policy_module(radvd, 1.11.2) ######################################## # @@ -22,9 +22,9 @@ files_config_file(radvd_etc_t) # # Local policy # -allow radvd_t self:capability { setgid setuid net_raw net_admin }; +allow radvd_t self:capability { kill setgid setuid net_raw net_admin }; dontaudit radvd_t self:capability sys_tty_config; -allow radvd_t self:process signal_perms; +allow radvd_t self:process { fork signal_perms }; allow radvd_t self:unix_dgram_socket create_socket_perms; allow radvd_t self:unix_stream_socket create_socket_perms; allow radvd_t self:rawip_socket create_socket_perms; @@ -64,20 +64,16 @@ domain_use_interactive_fds(radvd_t) files_read_etc_files(radvd_t) files_list_usr(radvd_t) +auth_use_nsswitch(radvd_t) + logging_send_syslog_msg(radvd_t) miscfiles_read_localization(radvd_t) -sysnet_read_config(radvd_t) - userdom_dontaudit_use_unpriv_user_fds(radvd_t) userdom_dontaudit_search_user_home_dirs(radvd_t) optional_policy(` - nis_use_ypbind(radvd_t) -') - -optional_policy(` seutil_sigchld_newrole(radvd_t) ')