[selinux-policy: 21/3172] add cap sys_rawio to raw memory access interfaces
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:06:47 UTC 2010
commit f0872d22b4d91fbd6951b2290cee3f02bf5a00bf
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 19 20:47:29 2005 +0000
add cap sys_rawio to raw memory access interfaces
refpolicy/policy/modules/kernel/devices.if | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 18c5bf2..413db0f 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -82,6 +82,7 @@ requires_block_template(devices_raw_read_memory_depend,$2)
typeattribute $1 memory_raw_read;
allow $1 device_t:dir { getattr read search };
allow $1 memory_device_t:chr_file { getattr read ioctl };
+allow $1 self:capability sys_rawio;
')
define(`devices_raw_read_memory_depend',`
@@ -89,6 +90,7 @@ type device_t, memory_device_t;
attribute memory_raw_read;
class dir { getattr read search };
class chr_file { getattr read ioctl };
+class capability sys_rawio;
')
########################################
@@ -100,6 +102,7 @@ requires_block_template(devices_raw_write_memory_depend,$2)
typeattribute $1 memory_raw_write
allow $1 device_t:dir { getattr read search };
allow $1 memory_device_t:chr_file write;
+allow $1 self:capability sys_rawio;
')
define(`devices_raw_write_memory_depend',`
@@ -107,6 +110,7 @@ type device_t, memory_device_t;
attribute memory_raw_write;
class dir { getattr read search };
class chr_file write;
+class capability sys_rawio;
')
########################################
More information about the scm-commits
mailing list