diff --git a/refpolicy/policy/modules/admin/firstboot.if b/refpolicy/policy/modules/admin/firstboot.if index 868929a..fafc67d 100644 --- a/refpolicy/policy/modules/admin/firstboot.if +++ b/refpolicy/policy/modules/admin/firstboot.if @@ -14,9 +14,6 @@ interface(`firstboot_domtrans',` gen_require(` type firstboot_t, firstboot_exec_t; - class process sigchld; - class fd use; - class fifo_file rw_file_perms; ') domain_auto_trans($1,firstboot_exec_t,firstboot_t) @@ -45,7 +42,6 @@ interface(`firstboot_domtrans',` interface(`firstboot_run',` gen_require(` type firstboot_t; - class chr_file rw_term_perms; ') firstboot_domtrans($1) @@ -64,7 +60,6 @@ interface(`firstboot_run',` interface(`firstboot_use_fd',` gen_require(` type firstboot_t; - class fd use; ') allow $1 firstboot_t:fd use; @@ -82,7 +77,6 @@ interface(`firstboot_use_fd',` interface(`firstboot_dontaudit_use_fd',` gen_require(` type firstboot_t; - class fd use; ') dontaudit $1 firstboot_t:fd use; @@ -99,7 +93,6 @@ interface(`firstboot_dontaudit_use_fd',` interface(`firstboot_write_pipe',` gen_require(` type firstboot_t; - class fifo_file write; ') allow $1 firstboot_t:fifo_file write; diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if index 9b1da6a..28911f0 100644 --- a/refpolicy/policy/modules/system/libraries.if +++ b/refpolicy/policy/modules/system/libraries.if @@ -11,9 +11,6 @@ interface(`libs_domtrans_ldconfig',` gen_require(` type ldconfig_t, ldconfig_exec_t; - class process sigchld; - class fd use; - class fifo_file rw_file_perms; ') corecmd_search_sbin($1) diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te index c9a5d38..b7815ee 100644 --- a/refpolicy/policy/modules/system/unconfined.te +++ b/refpolicy/policy/modules/system/unconfined.te @@ -33,11 +33,25 @@ ifdef(`targeted_policy',` init_domtrans_script(unconfined_t) + libs_domtrans_ldconfig(unconfined_t) + + logging_domtrans_auditctl(unconfined_t) + + seutil_domtrans_restorecon(unconfined_t) + userdom_unconfined(unconfined_t) userdom_priveleged_home_dir_manager(unconfined_t) - optional_policy(`logging.te',` - logging_domtrans_auditctl(unconfined_t) + optional_policy(`amanda.te',` + amanda_domtrans_recover(unconfined_t) + ') + + optional_policy(`dmidecode.te',` + dmidecode_domtrans(unconfined_t) + ') + + optional_policy(`firstboot.te',` + firstboot_domtrans(unconfined_t) ') optional_policy(`lpd.te',` @@ -50,6 +64,10 @@ ifdef(`targeted_policy',` modutils_domtrans_update_mods(unconfined_t) ') + optional_policy(`portmap.te',` + portmap_domtrans_helper(unconfined_t) + ') + optional_policy(`postfix.te',` postfix_domtrans_map(unconfined_t) ') @@ -60,6 +78,7 @@ ifdef(`targeted_policy',` optional_policy(`samba.te',` samba_domtrans_net(unconfined_t) + samba_domtrans_winbind_helper(unconfined_t) ') optional_policy(`su.te',`