From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 25 Aug 2011 07:46:54 -0400
Subject: [refpolicy] [PATCH 01/11] Introduce portage_dontaudit_use_fds
In-Reply-To: <20110823133913.GB857@siphos.be>
References: <20110823133643.GA857@siphos.be> <20110823133913.GB857@siphos.be>
Message-ID: <4E56362E.6010804@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/23/11 09:39, Sven Vermeulen wrote:
> Support the interface to not audit portage_t:fd use (file descriptors, leaked
> or not)

Merged.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/admin/portage.if |   19 +++++++++++++++++++
>  1 files changed, 19 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
> index 08b361b..a1bfbaa 100644
> --- a/policy/modules/admin/portage.if
> +++ b/policy/modules/admin/portage.if
> @@ -293,3 +293,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
>  
>  	dontaudit $1 portage_tmp_t:file rw_file_perms;
>  ')
> +
> +########################################
> +## <summary>
> +##	Do not audit attempts to use
> +##	portage file descriptors.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain to not audit.
> +##	</summary>
> +## </param>
> +#
> +interface(`portage_dontaudit_use_fds',`
> +	gen_require(`
> +		type portage_t;
> +	')
> +
> +	dontaudit $1 portage_t:fds use;
> +')


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com