From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 20 Apr 2012 16:11:04 -0400
Subject: [refpolicy] [PATCH 6/13] Adding dontaudit interfaces in sysnet
In-Reply-To: <20120322201013.GG3387@siphos.be>
References: <20120322200229.GA3387@siphos.be> <20120322201013.GG3387@siphos.be>
Message-ID: <4F91C2D8.8080305@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/22/12 16:10, Sven Vermeulen wrote:
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/sysnetwork.if |   19 +++++++++++++++++++
>  1 files changed, 19 insertions(+), 0 deletions(-)

Merged.  Fixed whitespace.

> diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
> index 363e98d..58a7d89 100644
> --- a/policy/modules/system/sysnetwork.if
> +++ b/policy/modules/system/sysnetwork.if
> @@ -66,6 +66,25 @@ interface(`sysnet_dontaudit_use_dhcpc_fds',`
>  
>  ########################################
>  ## <summary>
> +##	Do not audit attempts to read/write to the 
> +##      dhcp unix stream socket descriptors.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain to not audit.
> +##	</summary>
> +## </param>
> +#
> +interface(`sysnet_dontaudit_rw_dhcpc_unix_stream_sockets',`
> +	gen_require(`
> +		type dhcpc_t;
> +	')
> +
> +	dontaudit $1 dhcpc_t:unix_stream_socket { read write };
> +')
> +
> +########################################
> +## <summary>
>  ##	Send a SIGCHLD signal to the dhcp client.
>  ## </summary>
>  ## <param name="domain">


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com