Add system interfaces to qarshd policy

This allows qarshd to make any system interface transition.
Tested against selinux-policy-devel-2.4.6-264.el5.

2 files changed, 10 insertions, 1 deletions

diff --git a/SELinux/Makefile b/SELinux/Makefile
index c810efb..8b978d7 100644
--- a/SELinux/Makefile
+++ b/SELinux/Makefile
@@ -10,7 +10,7 @@ qarshd.te: qarshd.te.in qarshd.te.trans
 
 # Pull all interfaces listed in policy.xml from the services or apps layer
 # which have one parameter named domains and whose name contains domtrans
-allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml)
+allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps" or @name = "system"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml)
 badinterfaces := $(shell cat qarshd.bad-interfaces)
 
 # Filter out interfaces which break policy building or loading.
diff --git a/SELinux/qarshd.bad-interfaces b/SELinux/qarshd.bad-interfaces
index 62a06c5..f6c8136 100644
--- a/SELinux/qarshd.bad-interfaces
+++ b/SELinux/qarshd.bad-interfaces
@@ -1,7 +1,11 @@
 apache_script_domtrans
 authbind_domtrans
+auth_domtrans_upd_passwd_chk
 avahi_initrc_domtrans
 clockspeed_domtrans_cli
+daemontools_domtrans_multilog
+daemontools_domtrans_run
+daemontools_domtrans_start
 ddclient_domtrans
 dnsmasq_initrc_domtrans
 domain_entry_file_spec_domtrans
@@ -9,6 +13,10 @@ exim_domtrans
 fail2ban_domtrans
 init_script_domtrans_spec
 loadkeys_domtrans
+locallogin_domtrans
+modutils_domtrans_insmod
+mount_domtrans
+netlabel_domtrans_mgmt
 nx_spec_domtrans_server
 oav_domtrans_update
 openca_domtrans
@@ -25,6 +33,7 @@ qemu_domtrans
 qmail_domtrans_inject
 qmail_domtrans_queue
 rssh_spec_domtrans_all_users
+seutil_init_script_domtrans_runinit
 spamassassin_spamd_initrc_domtrans
 tor_domtrans
 usernetctl_domtrans