From 464ffa57fdb3f485cc70c43bf6c7ece8b237896f Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Aug 05 2009 14:01:06 +0000 Subject: fix ordering of interface calls in init. --- diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 4c2c71d..5efbaab 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -252,6 +252,8 @@ kernel_dontaudit_getattr_message_if(initrc_t) files_read_kernel_symbol_table(initrc_t) +corecmd_exec_all_executables(initrc_t) + corenet_all_recvfrom_unlabeled(initrc_t) corenet_all_recvfrom_netlabel(initrc_t) corenet_tcp_sendrecv_all_if(initrc_t) @@ -281,45 +283,6 @@ dev_manage_generic_files(initrc_t) # Wants to remove udev.tbl: dev_delete_generic_symlinks(initrc_t) -fs_register_binary_executable_type(initrc_t) -# rhgb-console writes to ramfs -fs_write_ramfs_pipes(initrc_t) -# cjp: not sure why these are here; should use mount policy -fs_mount_all_fs(initrc_t) -fs_unmount_all_fs(initrc_t) -fs_remount_all_fs(initrc_t) -fs_getattr_all_fs(initrc_t) - -# initrc_t needs to do a pidof which requires ptrace -mcs_ptrace_all(initrc_t) -mcs_killall(initrc_t) -mcs_process_set_categories(initrc_t) - -mls_file_read_all_levels(initrc_t) -mls_file_write_all_levels(initrc_t) -mls_process_read_up(initrc_t) -mls_process_write_down(initrc_t) -mls_rangetrans_source(initrc_t) -mls_fd_share_all_levels(initrc_t) - -selinux_get_enforce_mode(initrc_t) - -storage_getattr_fixed_disk_dev(initrc_t) -storage_setattr_fixed_disk_dev(initrc_t) -storage_setattr_removable_dev(initrc_t) - -term_use_all_terms(initrc_t) -term_reset_tty_labels(initrc_t) - -auth_rw_login_records(initrc_t) -auth_setattr_login_records(initrc_t) -auth_rw_lastlog(initrc_t) -auth_read_pam_pid(initrc_t) -auth_delete_pam_pid(initrc_t) -auth_delete_pam_console_data(initrc_t) - -corecmd_exec_all_executables(initrc_t) - domain_kill_all_domains(initrc_t) domain_signal_all_domains(initrc_t) domain_signull_all_domains(initrc_t) @@ -362,6 +325,42 @@ files_mounton_isid_type_dirs(initrc_t) files_list_default(initrc_t) files_mounton_default(initrc_t) +fs_register_binary_executable_type(initrc_t) +# rhgb-console writes to ramfs +fs_write_ramfs_pipes(initrc_t) +# cjp: not sure why these are here; should use mount policy +fs_mount_all_fs(initrc_t) +fs_unmount_all_fs(initrc_t) +fs_remount_all_fs(initrc_t) +fs_getattr_all_fs(initrc_t) + +# initrc_t needs to do a pidof which requires ptrace +mcs_ptrace_all(initrc_t) +mcs_killall(initrc_t) +mcs_process_set_categories(initrc_t) + +mls_file_read_all_levels(initrc_t) +mls_file_write_all_levels(initrc_t) +mls_process_read_up(initrc_t) +mls_process_write_down(initrc_t) +mls_rangetrans_source(initrc_t) +mls_fd_share_all_levels(initrc_t) + +selinux_get_enforce_mode(initrc_t) + +storage_getattr_fixed_disk_dev(initrc_t) +storage_setattr_fixed_disk_dev(initrc_t) +storage_setattr_removable_dev(initrc_t) + +term_use_all_terms(initrc_t) +term_reset_tty_labels(initrc_t) + +auth_rw_login_records(initrc_t) +auth_setattr_login_records(initrc_t) +auth_rw_lastlog(initrc_t) +auth_read_pam_pid(initrc_t) +auth_delete_pam_pid(initrc_t) +auth_delete_pam_console_data(initrc_t) auth_use_nsswitch(initrc_t) libs_rw_ld_so_cache(initrc_t)