diff options
author | Guido Trentalancia <guido@trentalancia.net> | 2017-04-29 20:17:30 +0200 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-05-07 23:53:18 +0800 |
commit | 42bae906477136079a1599048a431574d03643fa (patch) | |
tree | fb2a9cd78c5756052f6545ad2580a36eef92be82 | |
parent | kernel: low-priority update (diff) | |
download | hardened-refpolicy-42bae906.tar.gz hardened-refpolicy-42bae906.tar.bz2 hardened-refpolicy-42bae906.zip |
init: smoother system boot
Improve the initrc domain within the init module with some permissions
needed for a smoother boot.
Let the iptables init scripts read the iptables configuration.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
-rw-r--r-- | policy/modules/system/init.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 07238399..a01b5093 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -487,6 +487,7 @@ kernel_clear_ring_buffer(initrc_t) kernel_get_sysvipc_info(initrc_t) kernel_read_all_sysctls(initrc_t) kernel_rw_all_sysctls(initrc_t) +kernel_use_fds(initrc_t) # for lsof which is used by alsa shutdown: kernel_dontaudit_getattr_message_if(initrc_t) # cjp: not sure why these are here; should use mount policy @@ -494,6 +495,7 @@ kernel_list_unlabeled(initrc_t) kernel_mounton_unlabeled_dirs(initrc_t) files_create_lock_dirs(initrc_t) +files_manage_all_locks(initrc_t) files_pid_filetrans_lock_dir(initrc_t, "lock") files_read_kernel_symbol_table(initrc_t) files_setattr_lock_dirs(initrc_t) @@ -1116,6 +1118,10 @@ optional_policy(` ') optional_policy(` + iptables_read_config(initrc_t) +') + +optional_policy(` iscsi_stream_connect(initrc_t) iscsi_read_lib_files(initrc_t) ') |