commit: 304394386e6c1a15f03ace7fef07ad055aa117b1 Author: cgzones <cgzones <AT> googlemail <DOT> com> AuthorDate: Fri Jan 6 14:03:08 2017 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Jan 13 18:39:07 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=30439438
update terminal module * label content of /dev/pts/ correctly * remove deprecated interfaces policy/modules/kernel/terminal.fc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc index 0ea25b6..256ad29 100644 --- a/policy/modules/kernel/terminal.fc +++ b/policy/modules/kernel/terminal.fc @@ -14,7 +14,6 @@ /dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) /dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0) /dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0) -/dev/pts/ptmx -c gen_context(system_u:object_r:ptmx_t,s0) /dev/rfcomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) /dev/slamr[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) /dev/tty -c gen_context(system_u:object_r:devtty_t,s0) @@ -25,6 +24,8 @@ /dev/pty/.* -c gen_context(system_u:object_r:bsdpty_device_t,s0) /dev/pts -d gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh) +/dev/pts/ptmx -c gen_context(system_u:object_r:devpts_t,s0) +/dev/pts/[0-9]+ -c gen_context(system_u:object_r:user_devpts_t,s0) /dev/tts/[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) @@ -37,7 +38,7 @@ /dev/xvc[0-9]* -c gen_context(system_u:object_r:tty_device_t,s0) ifdef(`distro_gentoo',` -/dev/tts/[0-9]* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/tts/[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) # used by init scripts to initally populate udev /dev /lib/udev/devices/console -c gen_context(system_u:object_r:console_device_t,s0)
