diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 61fef3c..9a5802c 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,5 @@ +- Change initrc_var_run_t interface noun from script_pid to utmp, + for greater clarity. - Added modules: portage userhelper diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te index 634a025..511c65f 100644 --- a/refpolicy/policy/modules/admin/firstboot.te +++ b/refpolicy/policy/modules/admin/firstboot.te @@ -81,7 +81,7 @@ files_manage_var_files(firstboot_t) files_manage_var_symlinks(firstboot_t) init_domtrans_script(firstboot_t) -init_rw_script_pid(firstboot_t) +init_rw_utmp(firstboot_t) libs_use_ld_so(firstboot_t) libs_use_shared_libs(firstboot_t) diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if index e81bb25..c29a0f2 100644 --- a/refpolicy/policy/modules/admin/su.if +++ b/refpolicy/policy/modules/admin/su.if @@ -64,7 +64,7 @@ template(`su_restricted_domain_template', ` init_dontaudit_use_fd($1_su_t) init_dontaudit_use_script_pty($1_su_t) # Write to utmp. - init_rw_script_pid($1_su_t) + init_rw_utmp($1_su_t) libs_use_ld_so($1_su_t) libs_use_shared_libs($1_su_t) @@ -199,7 +199,7 @@ template(`su_per_userdomain_template',` init_dontaudit_use_fd($1_su_t) # Write to utmp. - init_rw_script_pid($1_su_t) + init_rw_utmp($1_su_t) libs_use_ld_so($1_su_t) libs_use_shared_libs($1_su_t) diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if index 97b9d8f..75a475a 100644 --- a/refpolicy/policy/modules/admin/sudo.if +++ b/refpolicy/policy/modules/admin/sudo.if @@ -121,7 +121,7 @@ template(`sudo_per_userdomain_template',` # for some PAM modules and for cwd files_dontaudit_search_home($1_sudo_t) - init_rw_script_pid($1_sudo_t) + init_rw_utmp($1_sudo_t) libs_use_ld_so($1_sudo_t) libs_use_shared_libs($1_sudo_t) diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te index d971caf..8250da7 100644 --- a/refpolicy/policy/modules/admin/usermanage.te +++ b/refpolicy/policy/modules/admin/usermanage.te @@ -115,7 +115,7 @@ files_dontaudit_search_var(chfn_t) # /usr/bin/passwd asks for w access to utmp, but it will operate # correctly without it. Do not audit write denials to utmp. -init_dontaudit_rw_script_pid(chfn_t) +init_dontaudit_rw_utmp(chfn_t) libs_use_ld_so(chfn_t) libs_use_shared_libs(chfn_t) @@ -218,8 +218,8 @@ term_use_all_user_ttys(groupadd_t) term_use_all_user_ptys(groupadd_t) init_use_fd(groupadd_t) -init_read_script_pid(groupadd_t) -init_dontaudit_write_script_pid(groupadd_t) +init_read_utmp(groupadd_t) +init_dontaudit_write_utmp(groupadd_t) domain_use_wide_inherit_fd(groupadd_t) @@ -319,7 +319,7 @@ files_relabel_etc_files(passwd_t) # /usr/bin/passwd asks for w access to utmp, but it will operate # correctly without it. Do not audit write denials to utmp. -init_dontaudit_rw_script_pid(passwd_t) +init_dontaudit_rw_utmp(passwd_t) libs_use_ld_so(passwd_t) libs_use_shared_libs(passwd_t) @@ -413,7 +413,7 @@ files_dontaudit_search_pids(sysadm_passwd_t) # /usr/bin/passwd asks for w access to utmp, but it will operate # correctly without it. Do not audit write denials to utmp. -init_dontaudit_rw_script_pid(sysadm_passwd_t) +init_dontaudit_rw_utmp(sysadm_passwd_t) libs_use_ld_so(sysadm_passwd_t) libs_use_shared_libs(sysadm_passwd_t) @@ -486,7 +486,7 @@ files_search_var_lib(useradd_t) files_relabel_etc_files(useradd_t) init_use_fd(useradd_t) -init_rw_script_pid(useradd_t) +init_rw_utmp(useradd_t) libs_use_ld_so(useradd_t) libs_use_shared_libs(useradd_t) diff --git a/refpolicy/policy/modules/apps/irc.if b/refpolicy/policy/modules/apps/irc.if index 54dfd75..af67fcb 100644 --- a/refpolicy/policy/modules/apps/irc.if +++ b/refpolicy/policy/modules/apps/irc.if @@ -123,8 +123,8 @@ template(`irc_per_userdomain_template',` term_list_ptys($1_irc_t) # allow utmp access - init_read_script_pid($1_irc_t) - init_dontaudit_lock_pid($1_irc_t) + init_read_utmp($1_irc_t) + init_dontaudit_lock_utmp($1_irc_t) libs_use_ld_so($1_irc_t) libs_use_shared_libs($1_irc_t) diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if index d49aac3..1f8137b 100644 --- a/refpolicy/policy/modules/apps/screen.if +++ b/refpolicy/policy/modules/apps/screen.if @@ -142,7 +142,7 @@ template(`screen_per_userdomain_template',` auth_dontaudit_exec_utempter($1_screen_t) # Write to utmp. - init_rw_script_pid($1_screen_t) + init_rw_utmp($1_screen_t) libs_use_ld_so($1_screen_t) libs_use_shared_libs($1_screen_t) diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te index ca75216..980ce25 100644 --- a/refpolicy/policy/modules/services/apm.te +++ b/refpolicy/policy/modules/services/apm.te @@ -127,7 +127,7 @@ files_dontaudit_getattr_all_sockets(apmd_t) # Excessive? init_domtrans_script(apmd_t) init_use_fd(apmd_t) init_use_script_pty(apmd_t) -init_rw_script_pid(apmd_t) +init_rw_utmp(apmd_t) init_write_initctl(apmd_t) libs_exec_ld_so(apmd_t) diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te index 330a670..27097e9 100644 --- a/refpolicy/policy/modules/services/comsat.te +++ b/refpolicy/policy/modules/services/comsat.te @@ -64,8 +64,8 @@ files_list_usr(comsat_t) files_search_spool(comsat_t) files_search_home(comsat_t) -init_read_script_pid(comsat_t) -init_dontaudit_write_script_pid(comsat_t) +init_read_utmp(comsat_t) +init_dontaudit_write_utmp(comsat_t) libs_use_ld_so(comsat_t) libs_use_shared_libs(comsat_t) diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index fc2976b..6577ab3 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -120,7 +120,7 @@ files_search_default(crond_t) init_use_fd(crond_t) init_use_script_pty(crond_t) -init_rw_script_pid(crond_t) +init_rw_utmp(crond_t) libs_use_ld_so(crond_t) libs_use_shared_libs(crond_t) @@ -331,8 +331,8 @@ ifdef(`targeted_policy',` init_use_fd(system_crond_t) init_use_script_fd(system_crond_t) init_use_script_pty(system_crond_t) - init_read_script_pid(system_crond_t) - init_dontaudit_rw_script_pid(system_crond_t) + init_read_utmp(system_crond_t) + init_dontaudit_rw_utmp(system_crond_t) # prelink tells init to restart it self, we either need to allow or dontaudit init_write_initctl(system_crond_t) diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te index 823a61f..68dc0f2 100644 --- a/refpolicy/policy/modules/services/dovecot.te +++ b/refpolicy/policy/modules/services/dovecot.te @@ -99,7 +99,7 @@ files_dontaudit_list_default(dovecot_t) init_use_fd(dovecot_t) init_use_script_pty(dovecot_t) -init_getattr_script_pids(dovecot_t) +init_getattr_utmp(dovecot_t) libs_use_ld_so(dovecot_t) libs_use_shared_libs(dovecot_t) diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te index 825d418..e8baa56 100644 --- a/refpolicy/policy/modules/services/finger.te +++ b/refpolicy/policy/modules/services/finger.te @@ -81,8 +81,8 @@ files_search_home(fingerd_t) files_read_etc_files(fingerd_t) files_read_etc_runtime_files(fingerd_t) -init_read_script_pid(fingerd_t) -init_dontaudit_write_script_pid(fingerd_t) +init_read_utmp(fingerd_t) +init_dontaudit_write_utmp(fingerd_t) init_use_fd(fingerd_t) init_use_script_pty(fingerd_t) diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te index 3b3f1a2..4380f73 100644 --- a/refpolicy/policy/modules/services/howl.te +++ b/refpolicy/policy/modules/services/howl.te @@ -62,7 +62,7 @@ files_read_etc_files(howl_t) init_use_fd(howl_t) init_use_script_pty(howl_t) -init_rw_script_pid(howl_t) +init_rw_utmp(howl_t) libs_use_ld_so(howl_t) libs_use_shared_libs(howl_t) diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te index 0f301e5..f0bff54 100644 --- a/refpolicy/policy/modules/services/networkmanager.te +++ b/refpolicy/policy/modules/services/networkmanager.te @@ -80,7 +80,7 @@ files_read_usr_files(NetworkManager_t) init_use_fd(NetworkManager_t) init_use_script_pty(NetworkManager_t) -init_read_script_pid(NetworkManager_t) +init_read_utmp(NetworkManager_t) init_domtrans_script(NetworkManager_t) libs_use_ld_so(NetworkManager_t) diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te index daa26b2..6827c71 100644 --- a/refpolicy/policy/modules/services/pegasus.te +++ b/refpolicy/policy/modules/services/pegasus.te @@ -99,7 +99,7 @@ files_read_var_lib_symlinks(pegasus_t) init_use_fd(pegasus_t) init_use_script_pty(pegasus_t) -init_rw_script_pid(pegasus_t) +init_rw_utmp(pegasus_t) libs_use_ld_so(pegasus_t) libs_use_shared_libs(pegasus_t) diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te index 87f6ba5..96bcc65 100644 --- a/refpolicy/policy/modules/services/portmap.te +++ b/refpolicy/policy/modules/services/portmap.te @@ -187,7 +187,7 @@ domain_dontaudit_use_wide_inherit_fd(portmap_helper_t) files_read_etc_files(portmap_helper_t) files_rw_generic_pids(portmap_helper_t) -init_rw_script_pid(portmap_helper_t) +init_rw_utmp(portmap_helper_t) libs_use_ld_so(portmap_helper_t) libs_use_shared_libs(portmap_helper_t) diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te index ca0f3cc..2ddd3fe 100644 --- a/refpolicy/policy/modules/services/postgresql.te +++ b/refpolicy/policy/modules/services/postgresql.te @@ -121,7 +121,7 @@ files_search_etc(postgresql_t) files_read_etc_runtime_files(postgresql_t) files_read_usr_files(postgresql_t) -init_read_script_pid(postgresql_t) +init_read_utmp(postgresql_t) init_use_fd(postgresql_t) init_use_script_pty(postgresql_t) diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te index 9ae3a2a..78e63ae 100644 --- a/refpolicy/policy/modules/services/ppp.te +++ b/refpolicy/policy/modules/services/ppp.te @@ -153,8 +153,8 @@ files_read_etc_runtime_files(pppd_t) # for scripts files_read_etc_files(pppd_t) -init_read_script_pid(pppd_t) -init_dontaudit_write_script_pid(pppd_t) +init_read_utmp(pppd_t) +init_dontaudit_write_utmp(pppd_t) init_use_fd(pppd_t) init_use_script_pty(pppd_t) diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te index c31f6cb..759a478 100644 --- a/refpolicy/policy/modules/services/remotelogin.te +++ b/refpolicy/policy/modules/services/remotelogin.te @@ -99,7 +99,7 @@ files_list_mnt(remote_login_t) # for when /var/mail is a sym-link files_read_var_symlink(remote_login_t) -init_rw_script_pid(remote_login_t) +init_rw_utmp(remote_login_t) libs_use_ld_so(remote_login_t) libs_use_shared_libs(remote_login_t) diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te index d019255..6a15af9 100644 --- a/refpolicy/policy/modules/services/rlogin.te +++ b/refpolicy/policy/modules/services/rlogin.te @@ -75,7 +75,7 @@ files_read_etc_runtime_files(rlogind_t) files_search_home(rlogind_t) files_search_default(rlogind_t) -init_rw_script_pid(rlogind_t) +init_rw_utmp(rlogind_t) libs_use_ld_so(rlogind_t) libs_use_shared_libs(rlogind_t) diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te index 8f23256..9bf1ce3 100644 --- a/refpolicy/policy/modules/services/sendmail.te +++ b/refpolicy/policy/modules/services/sendmail.te @@ -76,8 +76,8 @@ files_read_etc_runtime_files(sendmail_t) init_use_fd(sendmail_t) init_use_script_pty(sendmail_t) # sendmail wants to read /var/run/utmp if the controlling tty is /dev/console -init_read_script_pid(sendmail_t) -init_dontaudit_write_script_pid(sendmail_t) +init_read_utmp(sendmail_t) +init_dontaudit_write_utmp(sendmail_t) libs_use_ld_so(sendmail_t) libs_use_shared_libs(sendmail_t) diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te index e27fcbe..373955f 100644 --- a/refpolicy/policy/modules/services/snmp.te +++ b/refpolicy/policy/modules/services/snmp.te @@ -97,10 +97,10 @@ storage_dontaudit_read_removable_device(snmpd_t) term_dontaudit_use_console(snmpd_t) -init_read_script_pid(snmpd_t) +init_read_utmp(snmpd_t) init_use_fd(snmpd_t) init_use_script_pty(snmpd_t) -init_dontaudit_write_script_pid(snmpd_t) +init_dontaudit_write_utmp(snmpd_t) libs_use_ld_so(snmpd_t) libs_use_shared_libs(snmpd_t) diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te index 1e82f45..853391c 100644 --- a/refpolicy/policy/modules/services/spamassassin.te +++ b/refpolicy/policy/modules/services/spamassassin.te @@ -99,7 +99,7 @@ files_read_etc_runtime_files(spamd_t) init_use_fd(spamd_t) init_use_script_pty(spamd_t) -init_dontaudit_rw_script_pid(spamd_t) +init_dontaudit_rw_utmp(spamd_t) libs_use_ld_so(spamd_t) libs_use_shared_libs(spamd_t) diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if index 0da952e..fccc997 100644 --- a/refpolicy/policy/modules/services/ssh.if +++ b/refpolicy/policy/modules/services/ssh.if @@ -473,7 +473,7 @@ template(`ssh_server_template', ` files_read_etc_files($1_t) files_read_etc_runtime_files($1_t) - init_rw_script_pid($1_t) + init_rw_utmp($1_t) libs_use_ld_so($1_t) libs_use_shared_libs($1_t) diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te index 30526a8..8f3c80e 100644 --- a/refpolicy/policy/modules/services/telnet.te +++ b/refpolicy/policy/modules/services/telnet.te @@ -74,7 +74,7 @@ files_read_etc_runtime_files(telnetd_t) # for identd; cjp: this should probably only be inetd_child rules? files_search_home(telnetd_t) -init_rw_script_pid(telnetd_t) +init_rw_utmp(telnetd_t) libs_use_ld_so(telnetd_t) libs_use_shared_libs(telnetd_t) diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te index 5911429..7772fc8 100644 --- a/refpolicy/policy/modules/system/authlogin.te +++ b/refpolicy/policy/modules/system/authlogin.te @@ -105,7 +105,7 @@ fs_search_auto_mountpoints(pam_t) term_use_all_user_ttys(pam_t) term_use_all_user_ptys(pam_t) -init_dontaudit_rw_script_pid(pam_t) +init_dontaudit_rw_utmp(pam_t) files_read_etc_files(pam_t) files_list_pids(pam_t) @@ -289,7 +289,7 @@ term_dontaudit_use_all_user_ttys(utempter_t) term_dontaudit_use_all_user_ptys(utempter_t) term_dontaudit_use_ptmx(utempter_t) -init_rw_script_pid(utempter_t) +init_rw_utmp(utempter_t) files_read_etc_files(utempter_t) diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te index 9c6b1e0..cf2f19d 100644 --- a/refpolicy/policy/modules/system/getty.te +++ b/refpolicy/policy/modules/system/getty.te @@ -89,7 +89,7 @@ files_rw_generic_pids(getty_t) files_read_etc_runtime_files(getty_t) files_read_etc_files(getty_t) -init_rw_script_pid(getty_t) +init_rw_utmp(getty_t) init_use_script_pty(getty_t) init_dontaudit_use_script_pty(getty_t) diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if index 081d273..cff6c0f 100644 --- a/refpolicy/policy/modules/system/init.if +++ b/refpolicy/policy/modules/system/init.if @@ -774,7 +774,7 @@ interface(`init_filetrans_script_tmp',` ## Domain allowed access. ## # -interface(`init_getattr_script_pids',` +interface(`init_getattr_utmp',` gen_require(` type initrc_var_run_t; class file getattr; @@ -785,9 +785,9 @@ interface(`init_getattr_script_pids',` ######################################## # -# init_read_script_pid(domain) +# init_read_utmp(domain) # -interface(`init_read_script_pid',` +interface(`init_read_utmp',` gen_require(` type initrc_var_run_t; class file r_file_perms; @@ -799,9 +799,9 @@ interface(`init_read_script_pid',` ######################################## # -# init_dontaudit_write_script_pid(domain) +# init_dontaudit_write_utmp(domain) # -interface(`init_dontaudit_write_script_pid',` +interface(`init_dontaudit_write_utmp',` gen_require(` type initrc_var_run_t; class file { write lock }; @@ -819,7 +819,7 @@ interface(`init_dontaudit_write_script_pid',` ## Domain allowed access. ## # -interface(`init_dontaudit_lock_pid',` +interface(`init_dontaudit_lock_utmp',` gen_require(` type initrc_var_run_t; ') @@ -829,9 +829,9 @@ interface(`init_dontaudit_lock_pid',` ######################################## # -# init_rw_script_pid(domain) +# init_rw_utmp(domain) # -interface(`init_rw_script_pid',` +interface(`init_rw_utmp',` gen_require(` type initrc_var_run_t; class file rw_file_perms; @@ -843,9 +843,9 @@ interface(`init_rw_script_pid',` ######################################## # -# init_dontaudit_rw_script_pid(domain) +# init_dontaudit_rw_utmp(domain) # -interface(`init_dontaudit_rw_script_pid',` +interface(`init_dontaudit_rw_utmp',` gen_require(` type initrc_var_run_t; class file rw_file_perms; @@ -856,7 +856,7 @@ interface(`init_dontaudit_rw_script_pid',` ######################################## ## -## Manage init files like utmp. +## Create, read, write, and delete utmp. ## ## ## Domain access allowed. diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te index e56ea74..bef9e09 100644 --- a/refpolicy/policy/modules/system/locallogin.te +++ b/refpolicy/policy/modules/system/locallogin.te @@ -142,7 +142,7 @@ files_read_world_readable_sockets(local_login_t) # for when /var/mail is a symlink files_read_var_symlink(local_login_t) -init_rw_script_pid(local_login_t) +init_rw_utmp(local_login_t) init_dontaudit_use_fd(local_login_t) libs_use_ld_so(local_login_t) diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index 789c9f9..b59549e 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -313,8 +313,8 @@ term_dontaudit_use_console(syslogd_t) term_write_unallocated_ttys(syslogd_t) # for sending messages to logged in users -init_read_script_pid(syslogd_t) -init_dontaudit_write_script_pid(syslogd_t) +init_read_utmp(syslogd_t) +init_dontaudit_write_utmp(syslogd_t) term_write_all_user_ttys(syslogd_t) corenet_raw_sendrecv_all_if(syslogd_t) diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te index 3511922..6cb043e 100644 --- a/refpolicy/policy/modules/system/selinuxutil.te +++ b/refpolicy/policy/modules/system/selinuxutil.te @@ -264,7 +264,7 @@ domain_use_wide_inherit_fd(newrole_t) domain_sigchld_wide_inherit_fd(newrole_t) # Write to utmp. -init_rw_script_pid(newrole_t) +init_rw_utmp(newrole_t) files_read_etc_files(newrole_t) files_read_var_files(newrole_t) @@ -439,7 +439,7 @@ ifdef(`targeted_policy',`',` init_domtrans_script(run_init_t) # for utmp - init_rw_script_pid(run_init_t) + init_rw_utmp(run_init_t) libs_use_ld_so(run_init_t) libs_use_shared_libs(run_init_t) diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te index 7189997..38bf6bb 100644 --- a/refpolicy/policy/modules/system/sysnetwork.te +++ b/refpolicy/policy/modules/system/sysnetwork.te @@ -133,7 +133,7 @@ files_dontaudit_search_locks(dhcpc_t) init_use_fd(dhcpc_t) init_use_script_pty(dhcpc_t) -init_rw_script_pid(dhcpc_t) +init_rw_utmp(dhcpc_t) logging_send_syslog_msg(dhcpc_t) diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te index 1354cc2..7089cdb 100644 --- a/refpolicy/policy/modules/system/udev.te +++ b/refpolicy/policy/modules/system/udev.te @@ -115,8 +115,8 @@ files_getattr_generic_locks(udev_t) files_search_mnt(udev_t) init_use_fd(udev_t) -init_read_script_pid(udev_t) -init_dontaudit_write_script_pid(udev_t) +init_read_utmp(udev_t) +init_dontaudit_write_utmp(udev_t) libs_use_ld_so(udev_t) libs_use_shared_libs(udev_t) diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index 3109ce5..92e377a 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -588,10 +588,10 @@ template(`unpriv_user_template', ` files_read_world_readable_pipes($1_t) files_read_world_readable_sockets($1_t) - init_read_script_pid($1_t) + init_read_utmp($1_t) # The library functions always try to open read-write first, # then fall back to read-only if it fails. - init_dontaudit_write_script_pid($1_t) + init_dontaudit_write_utmp($1_t) # Stop warnings about access to /dev/console init_dontaudit_use_fd($1_t) init_dontaudit_use_script_fd($1_t)