diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te index 38fff3c..8991f7d 100644 --- a/refpolicy/policy/modules/system/hotplug.te +++ b/refpolicy/policy/modules/system/hotplug.te @@ -123,9 +123,7 @@ ifdef(`distro_redhat', ` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(hotplug_t) - term_dontaudit_use_generic_pty(hotplug_t) - files_dontaudit_read_root_file(hotplug_t) + unconfined_domain_template(hotplug_t) ') optional_policy(`consoletype.te',` diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index ae54049..5d9b6db 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -359,6 +359,7 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy',` + unconfined_domain_template(initrc_t) unconfined_shell_domtrans(initrc_t) ') diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te index 1309fad..7c99985 100644 --- a/refpolicy/policy/modules/system/modutils.te +++ b/refpolicy/policy/modules/system/modutils.te @@ -107,6 +107,10 @@ ifdef(`hide_broken_symptoms',` dev_dontaudit_rw_cardmgr(insmod_t) ') +ifdef(`tunable_policy',` + unconfined_domain_template(insmod_t) +') + optional_policy(`mount.te',` mount_domtrans(insmod_t) ') diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te index aaa51ce..e0169f3 100644 --- a/refpolicy/policy/modules/system/udev.te +++ b/refpolicy/policy/modules/system/udev.te @@ -135,6 +135,10 @@ ifdef(`distro_redhat',` netutils_domtrans(udev_t) ') +ifdef(`targeted_policy',` + unconfined_domain_template(udev_t) +') + optional_policy(`authlogin.te',` auth_read_pam_console_data(udev_t) auth_domtrans_pam_console(udev_t)