[selinux-policy: 146/3172] reorder for more consistency
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:17:40 UTC 2010
commit 1832271029f7814e61013f2562ec9d4a6a481dfd
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed May 11 15:22:28 2005 +0000
reorder for more consistency
refpolicy/policy/modules/system/modutils.te | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 4e2571d..df716c6 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -33,17 +33,17 @@ files_make_file(update_modules_tmp_t)
# insmod local policy
#
-allow insmod_t insmod_exec_t:file { getattr read execute execute_no_trans };
-
-# Read module config and dependency information
-allow insmod_t { modules_conf_t modules_dep_t }:file { getattr read };
-
allow insmod_t self:capability { dac_override net_raw sys_tty_config };
allow insmod_t self:process { execmem sigchld sigkill sigstop signull signal };
allow insmod_t self:udp_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
allow insmod_t self:rawip_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
+# Read module config and dependency information
+allow insmod_t { modules_conf_t modules_dep_t }:file { getattr read };
+
+allow insmod_t insmod_exec_t:file { getattr read execute execute_no_trans };
+
kernel_transition_from(insmod_t,insmod_exec_t)
kernel_load_module(insmod_t)
@@ -192,6 +192,7 @@ dontaudit update_modules_t depmod_t : process { noatsecure siginh rlimitinh };
allow update_modules_t update_modules_tmp_t:dir { create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir };
allow update_modules_t update_modules_tmp_t:file { create ioctl read getattr lock write setattr append link unlink rename };
+files_create_private_tmp_data(update_modules_t, update_modules_tmp_t, { file dir })
kernel_read_kernel_sysctl(update_modules_t)
kernel_read_system_state(update_modules_t)
@@ -211,7 +212,6 @@ domain_use_widely_inheritable_file_descriptors(depmod_t)
files_read_runtime_system_config(update_modules_t)
files_read_general_system_config(update_modules_t)
files_execute_system_config_script(update_modules_t)
-files_create_private_tmp_data(update_modules_t, update_modules_tmp_t, { file dir })
corecommands_execute_general_programs(update_modules_t)
corecommands_execute_system_programs(update_modules_t)
More information about the scm-commits
mailing list