diff options
| author |   Russell Coker <russell@coker.com.au> | 2019-01-04 18:35:03 +1100 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2019-02-10 12:11:24 +0800 |
| commit | 495993d6b9ef7875f9b66b9ad871df9352eea1c3 (patch) | |
| tree | 72f0e5f3104e5e09f4328710cf05d5c8ebbb0b8b /policy/modules/system/locallogin.te | |
| parent | sysnetwork: Move optional block in sysnet_dns_name_resolve(). (diff) | |
| download | hardened-refpolicy-495993d6b9ef7875f9b66b9ad871df9352eea1c3.tar.gz hardened-refpolicy-495993d6b9ef7875f9b66b9ad871df9352eea1c3.tar.bz2 hardened-refpolicy-495993d6b9ef7875f9b66b9ad871df9352eea1c3.zip | |
last misc stuff
More tiny patches. Note that this and the other 2 patches I just sent are not
dependent on each other, please apply any that you like.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Diffstat (limited to 'policy/modules/system/locallogin.te')
| -rw-r--r-- | policy/modules/system/locallogin.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index c97820e46..218b28ea7 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -34,7 +34,7 @@ role system_r types sulogin_t; allow local_login_t self:capability { chown dac_read_search dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config }; dontaudit local_login_t self:capability net_admin; -allow local_login_t self:process { setexec setrlimit setsched }; +allow local_login_t self:process { getcap setcap setexec setrlimit setsched }; allow local_login_t self:fd use; allow local_login_t self:fifo_file rw_fifo_file_perms; allow local_login_t self:sock_file read_sock_file_perms; @@ -127,6 +127,7 @@ init_dontaudit_use_fds(local_login_t) miscfiles_read_localization(local_login_t) +userdom_manage_all_users_keys(local_login_t) userdom_spec_domtrans_all_users(local_login_t) userdom_signal_all_users(local_login_t) userdom_search_user_home_content(local_login_t) |