diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2017-12-29 21:28:47 +0100 |
---|---|---|
committer | Sven Vermeulen <swift@gentoo.org> | 2018-01-18 17:31:12 +0100 |
commit | 6695d0d08a0be39393eb598e8b475e1cbb6cf756 (patch) | |
tree | e51a0533de68a8306ea5b0a39986c48f282861ca | |
parent | corecommands: label systemd script directories bin_t (diff) | |
download | hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.tar.gz hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.tar.bz2 hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.zip |
hostname: cmdline usage + signal perms sort
-rw-r--r-- | policy/modules/system/hostname.te | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te index 4e85d041..1a5a3581 100644 --- a/policy/modules/system/hostname.te +++ b/policy/modules/system/hostname.te @@ -17,7 +17,7 @@ role system_r types hostname_t; # sys_admin : for setting the hostname allow hostname_t self:capability sys_admin; -allow hostname_t self:process { sigchld sigkill sigstop signull signal }; +allow hostname_t self:process { sigchld sigkill signal signull sigstop }; allow hostname_t self:unix_stream_socket create_stream_socket_perms; dontaudit hostname_t self:capability sys_tty_config; @@ -56,6 +56,8 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t) sysnet_read_config(hostname_t) sysnet_dns_name_resolve(hostname_t) +userdom_use_inherited_user_terminals(hostname_t) + optional_policy(` nis_use_ypbind(hostname_t) ') |