[selinux-policy: 2491/3172] Allow cdrecord_t to execute bin_t from Dan Walsh growisofs executes mkisofs
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:41:25 UTC 2010
commit cf3da950841713f75208499c9ad4d2d868de134c
Author: Jeremy Solt <jsolt at tresys.com>
Date: Thu Mar 4 14:03:59 2010 -0500
Allow cdrecord_t to execute bin_t from Dan Walsh
growisofs executes mkisofs
policy/modules/apps/cdrecord.te | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
index f09ab37..b438827 100644
--- a/policy/modules/apps/cdrecord.te
+++ b/policy/modules/apps/cdrecord.te
@@ -32,6 +32,9 @@ allow cdrecord_t self:process { getcap getsched setsched sigkill };
allow cdrecord_t self:unix_dgram_socket create_socket_perms;
allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
+# growisofs uses mkisofs
+corecmd_exec_bin(cdrecord_t)
+
# allow searching for cdrom-drive
dev_list_all_dev_nodes(cdrecord_t)
dev_read_sysfs(cdrecord_t)
More information about the scm-commits
mailing list