[refpolicy] [ patch 34/44] su: permission sets.
Christopher J. PeBenito
cpebenito at tresys.com
Fri Oct 8 07:46:27 CDT 2010
On 10/04/10 14:23, Dominick Grift wrote:
> diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
> index 2a4e0db..800852f 100644
> --- a/policy/modules/admin/su.if
> +++ b/policy/modules/admin/su.if
> @@ -138,7 +138,7 @@ template(`su_restricted_domain_template', `
>
> ifdef(`TODO',`
> # Caused by su - init scripts
> - dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl };
> + dontaudit $1_su_t initrc_devpts_t:chr_file { getattr_chr_file_perms ioctl };
> ') dnl end TODO
> ')
It would be best to create an interface so the TODO can be removed.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list