commit: ed3b82dac4a89ce8b9da50986d88b2000b95db33
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Mon Aug 11 15:04:34 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Aug 11 15:04:34 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ed3b82da
Introduce shutdown_dontaudit_exec
---
policy/modules/contrib/shutdown.if | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/policy/modules/contrib/shutdown.if
b/policy/modules/contrib/shutdown.if
index d1706bf..bf9cfbe 100644
--- a/policy/modules/contrib/shutdown.if
+++ b/policy/modules/contrib/shutdown.if
@@ -107,3 +107,23 @@ interface(`shutdown_getattr_exec_files',`
corecmd_search_bin($1)
allow $1 shutdown_exec_t:file getattr_file_perms;
')
+
+# This is for Gentoo and should be in a if def distro_gentoo
+
+#########################################
+## <summary>
+## Do not audit execute attempts of the shutdown binary
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain not to audit
+## </summary>
+## </param>
+#
+interface(`shutdown_dontaudit_exec',`
+ gen_require(`
+ type shutdown_exec_t;
+ ')
+
+ dontaudit $1 shutdown_exec_t:file exec_file_perms;
+')
