diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if index cce9b37..a0aa8c5 100644 --- a/policy/modules/admin/su.if +++ b/policy/modules/admin/su.if @@ -118,6 +118,11 @@ template(`su_restricted_domain_template', ` userdom_spec_domtrans_unpriv_users($1_su_t) ') + ifdef(`hide_broken_symptoms',` + # dontaudit leaked sockets from parent + dontaudit $1_su_t $2:socket_class_set { read write }; + ') + optional_policy(` cron_read_pipes($1_su_t) ') @@ -276,6 +281,11 @@ template(`su_role_template',` ') ') + ifdef(`hide_broken_symptoms',` + # dontaudit leaked sockets from parent + dontaudit $1_su_t $3:socket_class_set { read write }; + ') + tunable_policy(`allow_polyinstantiation',` fs_mount_xattr_fs($1_su_t) fs_unmount_xattr_fs($1_su_t) diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te index c320580..b62353a 100644 --- a/policy/modules/admin/su.te +++ b/policy/modules/admin/su.te @@ -1,4 +1,4 @@ -policy_module(su, 1.10.0) +policy_module(su, 1.10.1) ######################################## #