From: cgzones <[email protected]>
---
policy/modules/roles/sysadm.te | 4 ++++
policy/modules/system/init.if | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 54df43546..a210e52c9 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -233,6 +233,10 @@ optional_policy(`
')
optional_policy(`
+ chkrootkit_run(sysadm_t, sysadm_r)
+')
+
+optional_policy(`
chronyd_admin(sysadm_t, sysadm_r)
')
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 942845362..11531cfb2 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -679,6 +679,24 @@ interface(`init_getpgid',`
########################################
## <summary>
+## Send init a generic signal.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_signal',`
+ gen_require(`
+ type init_t;
+ ')
+
+ allow $1 init_t:process signal;
+')
+
+########################################
+## <summary>
## Send init a null signal.
## </summary>
## <param name="domain">
--
2.11.0