hostname: cmdline usage + signal perms sort

author: Christian Göttsche <cgzones@googlemail.com> 2017-12-29 21:28:47 +0100
committer: Sven Vermeulen <swift@gentoo.org> 2018-01-18 17:31:12 +0100
commit: 6695d0d08a0be39393eb598e8b475e1cbb6cf756 (patch)
tree: e51a0533de68a8306ea5b0a39986c48f282861ca
parent: corecommands: label systemd script directories bin_t (diff)
download: hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.tar.gz
hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.tar.bz2
hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index 4e85d041..1a5a3581 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -17,7 +17,7 @@ role system_r types hostname_t;
 
 # sys_admin : for setting the hostname
 allow hostname_t self:capability sys_admin;
-allow hostname_t self:process { sigchld sigkill sigstop signull signal };
+allow hostname_t self:process { sigchld sigkill signal signull sigstop };
 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
 dontaudit hostname_t self:capability sys_tty_config;
 
@@ -56,6 +56,8 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
 sysnet_read_config(hostname_t)
 sysnet_dns_name_resolve(hostname_t)
 
+userdom_use_inherited_user_terminals(hostname_t)
+
 optional_policy(`
 	nis_use_ypbind(hostname_t)
 ')
author	Christian Göttsche <cgzones@googlemail.com>	2017-12-29 21:28:47 +0100
committer	Sven Vermeulen <swift@gentoo.org>	2018-01-18 17:31:12 +0100
commit	6695d0d08a0be39393eb598e8b475e1cbb6cf756 (patch)
tree	e51a0533de68a8306ea5b0a39986c48f282861ca
parent	corecommands: label systemd script directories bin_t (diff)
download	hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.tar.gz hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.tar.bz2 hardened-refpolicy-6695d0d08a0be39393eb598e8b475e1cbb6cf756.zip