From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=)
Date: Thu,  8 Jun 2017 19:14:33 +0200
Subject: [refpolicy] [PATCH] chkrootkit: add interfaces and sysadm permit
Message-ID: <20170608171433.26477-1-cgzones@googlemail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: cgzones <cgzones@googlemail.com>

---
 policy/modules/roles/sysadm.te |  4 ++++
 policy/modules/system/init.if  | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 54df43546..a210e52c9 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -233,6 +233,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	chkrootkit_run(sysadm_t, sysadm_r)
+')
+
+optional_policy(`
 	chronyd_admin(sysadm_t, sysadm_r)
 ')
 
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 942845362..11531cfb2 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -679,6 +679,24 @@ interface(`init_getpgid',`
 
 ########################################
 ## <summary>
+##	Send init a generic signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_signal',`
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process signal;
+')
+
+########################################
+## <summary>
 ##	Send init a null signal.
 ## </summary>
 ## <param name="domain">
-- 
2.11.0