From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=)
Date: Fri, 29 Dec 2017 21:28:47 +0100
Subject: [refpolicy] [PATCH] hostname: cmdline usage + signal perms sort
Message-ID: <20171229202847.5479-1-cgzones@googlemail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 policy/modules/system/hostname.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index 4e85d041f..1a5a3581f 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -17,7 +17,7 @@ role system_r types hostname_t;
 
 # sys_admin : for setting the hostname
 allow hostname_t self:capability sys_admin;
-allow hostname_t self:process { sigchld sigkill sigstop signull signal };
+allow hostname_t self:process { sigchld sigkill signal signull sigstop };
 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
 dontaudit hostname_t self:capability sys_tty_config;
 
@@ -56,6 +56,8 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
 sysnet_read_config(hostname_t)
 sysnet_dns_name_resolve(hostname_t)
 
+userdom_use_inherited_user_terminals(hostname_t)
+
 optional_policy(`
 	nis_use_ypbind(hostname_t)
 ')
-- 
2.15.1