[selinux-policy: 508/3172] add missing dir and file perms for selinuxfs in unconfined
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:48:32 UTC 2010
commit 1e3f610b3b5f8a5834dd1897aaad661739b4e5d5
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jul 20 14:57:13 2005 +0000
add missing dir and file perms for selinuxfs in unconfined
refpolicy/policy/modules/kernel/selinux.if | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if
index ccb61b7..983084c 100644
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@@ -279,6 +279,8 @@ interface(`selinux_unconfined',`
gen_require(`
attribute can_load_policy, can_setenforce, can_setsecparam;
type security_t;
+ class dir { getattr search read };
+ class file { getattr read write };
class security { load_policy setenforce setbool };
')
@@ -286,5 +288,9 @@ interface(`selinux_unconfined',`
allow $1 security_t:security *;
auditallow $1 security_t:security { load_policy setenforce setbool };
+ # use SELinuxfs
+ allow $1 security_t:dir { getattr search read };
+ allow $1 secuirty_t:file { getattr read write };
+
typeattribute $1 can_load_policy, can_setenforce, can_setsecparam;
')
More information about the scm-commits
mailing list