From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 31 Dec 2017 06:51:29 -0500
Subject: [refpolicy] [PATCH] hostname: cmdline usage + signal perms sort
In-Reply-To: <20171229202847.5479-1-cgzones@googlemail.com>
References: <20171229202847.5479-1-cgzones@googlemail.com>
Message-ID: <603f4226-70c9-1aec-3961-ff6d54920eb3@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/29/2017 03:28 PM, Christian G?ttsche via refpolicy wrote:
> ---
>   policy/modules/system/hostname.te | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
> index 4e85d041f..1a5a3581f 100644
> --- a/policy/modules/system/hostname.te
> +++ b/policy/modules/system/hostname.te
> @@ -17,7 +17,7 @@ role system_r types hostname_t;
>   
>   # sys_admin : for setting the hostname
>   allow hostname_t self:capability sys_admin;
> -allow hostname_t self:process { sigchld sigkill sigstop signull signal };
> +allow hostname_t self:process { sigchld sigkill signal signull sigstop };
>   allow hostname_t self:unix_stream_socket create_stream_socket_perms;
>   dontaudit hostname_t self:capability sys_tty_config;
>   
> @@ -56,6 +56,8 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
>   sysnet_read_config(hostname_t)
>   sysnet_dns_name_resolve(hostname_t)
>   
> +userdom_use_inherited_user_terminals(hostname_t)
> +
>   optional_policy(`
>   	nis_use_ypbind(hostname_t)
>   ')

Merged.

-- 
Chris PeBenito