flask/access_vectors  |    3 +++
 macros/core_macros.te |   12 +++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

Index: policy/flask/access_vectors
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/flask/access_vectors,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy/flask/access_vectors	24 Jun 2003 16:43:54 -0000	1.2
+++ policy/flask/access_vectors	31 Oct 2003 19:59:49 -0000	1.3
@@ -230,6 +230,9 @@
 	setexec
 	setfscreate
 	noatsecure
+	siginh
+	setrlimit
+	rlimitinh
 }
 
 
Index: policy/macros/core_macros.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/macros/core_macros.te,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy/macros/core_macros.te	27 Sep 2003 19:18:25 -0000	1.2
+++ policy/macros/core_macros.te	4 Nov 2003 13:37:34 -0000	1.3
@@ -271,6 +271,16 @@
 dontaudit $1 $3:process noatsecure;
 
 #
+# Do not audit when signal-related state is cleared upon the transition.
+#
+dontaudit $1 $3:process siginh;
+
+#
+# Do not audit when resource limits are reset upon the transition.
+#
+dontaudit $1 $3:process rlimitinh;
+
+#
 # Allow the process to execute the program.
 # 
 allow $1 $2:file { read x_file_perms };
@@ -513,7 +523,7 @@
 # Access other processes in the same domain.
 # Omits ptrace, setexec, and setfscreate.  These must be granted 
 # separately if desired.
-allow $1 self:process ~{ptrace setexec setfscreate};
+allow $1 self:process ~{ptrace setexec setfscreate setrlimit};
 
 # Access /proc/PID files for processes in the same domain.
 allow $1 self:dir r_dir_perms;