commit: ed3b82dac4a89ce8b9da50986d88b2000b95db33 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Mon Aug 11 15:04:34 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Mon Aug 11 15:04:34 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ed3b82da
Introduce shutdown_dontaudit_exec --- policy/modules/contrib/shutdown.if | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/policy/modules/contrib/shutdown.if b/policy/modules/contrib/shutdown.if index d1706bf..bf9cfbe 100644 --- a/policy/modules/contrib/shutdown.if +++ b/policy/modules/contrib/shutdown.if @@ -107,3 +107,23 @@ interface(`shutdown_getattr_exec_files',` corecmd_search_bin($1) allow $1 shutdown_exec_t:file getattr_file_perms; ') + +# This is for Gentoo and should be in a if def distro_gentoo + +######################################### +## <summary> +## Do not audit execute attempts of the shutdown binary +## </summary> +## <param name="domain"> +## <summary> +## Domain not to audit +## </summary> +## </param> +# +interface(`shutdown_dontaudit_exec',` + gen_require(` + type shutdown_exec_t; + ') + + dontaudit $1 shutdown_exec_t:file exec_file_perms; +')