From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 26 Sep 2013 10:31:13 -0400
Subject: [refpolicy] [PATCH 17/20] init: create
 init_use_inherited_script_ptys() for tmpreaper (Debian)
In-Reply-To: <1380030019-25548-1-git-send-email-dominick.grift@gmail.com>
References: <1380030019-25548-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <52444531.1050103@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue 24 Sep 2013 09:40:19 AM EDT, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/system/init.if | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
> index 24e7804..79a45f6 100644
> --- a/policy/modules/system/init.if
> +++ b/policy/modules/system/init.if
> @@ -1488,6 +1488,27 @@ interface(`init_use_script_ptys',`
>
>  ########################################
>  ## <summary>
> +##	Read and write inherited init script ptys.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`init_use_inherited_script_ptys',`
> +	gen_require(`
> +		type initrc_devpts_t;
> +	')
> +
> +	term_list_ptys($1)
> +	allow $1 initrc_devpts_t:chr_file { getattr read write ioctl };
> +
> +	init_use_fds($1)
> +')
> +
> +########################################
> +## <summary>
>  ##	Do not audit attempts to read and
>  ##	write the init script pty.
>  ## </summary>

Merged.

--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com