[selinux-policy: 2257/3172] cdrecord patch from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:20:18 UTC 2010
commit a4b6385b9d4abfbc246d3ebb7edd632394060327
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Sep 1 09:22:40 2009 -0400
cdrecord patch from dan.
policy/modules/apps/cdrecord.te | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
index f2ef078..57ad303 100644
--- a/policy/modules/apps/cdrecord.te
+++ b/policy/modules/apps/cdrecord.te
@@ -1,5 +1,5 @@
-policy_module(cdrecord, 2.1.0)
+policy_module(cdrecord, 2.1.1)
########################################
#
@@ -28,12 +28,13 @@ ubac_constrained(cdrecord_t)
#
allow cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
-allow cdrecord_t self:process { getsched setsched sigkill };
+allow cdrecord_t self:process { getcap getsched setsched sigkill };
allow cdrecord_t self:unix_dgram_socket create_socket_perms;
allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
# allow searching for cdrom-drive
dev_list_all_dev_nodes(cdrecord_t)
+dev_read_sysfs(cdrecord_t)
domain_interactive_fd(cdrecord_t)
domain_use_interactive_fds(cdrecord_t)
@@ -44,6 +45,7 @@ term_use_controlling_term(cdrecord_t)
term_list_ptys(cdrecord_t)
# allow cdrecord to write the CD
+storage_raw_read_removable_device(cdrecord_t)
storage_raw_write_removable_device(cdrecord_t)
storage_write_scsi_generic(cdrecord_t)
More information about the scm-commits
mailing list