[selinux-policy: 46/3172] fix tmp_domain
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:08:55 UTC 2010
commit 94edcc5c83519323de5b67cabc055161915b8677
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Apr 25 21:44:48 2005 +0000
fix tmp_domain
refpolicy/policy/modules/system/modutils.te | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index e6216db..4b35f81 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -211,6 +211,9 @@ allow update_modules_t modules_conf_t:file { create ioctl read getattr lock writ
allow update_modules_t depmod_exec_t:file { getattr read execute };
type_transition update_modules_t depmod_exec_t:process depmod_t;
+allow update_modules_t update_modules_tmp_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
+allow update_modules_t update_modules_tmp_t:file { create ioctl read getattr lock write setattr append link unlink rename };
+
kernel_read_kernel_sysctl(update_modules_t)
kernel_read_system_state(update_modules_t)
@@ -224,6 +227,7 @@ terminal_use_controlling_terminal(update_modules_t)
files_read_runtime_system_config(update_modules_t)
files_read_general_system_config(update_modules_t)
files_execute_system_config_script(update_modules_t)
+files_create_private_tmp_data(update_modules_t, update_modules_tmp_t, { file dir })
corecommands_execute_general_programs(update_modules_t)
corecommands_execute_system_programs(update_modules_t)
@@ -252,5 +256,4 @@ allow update_modules_t lib_t:file { getattr read };
file_type_auto_trans(update_modules_t, etc_t, modules_conf_t, file)
-tmp_domain(update_modules)
') dnl endif TODO
More information about the scm-commits
mailing list