[selinux-policy: 2584/3172] Bluetooth patch (sys_admin and debugfs) from Dan Walsh
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:49:40 UTC 2010
commit 84ce9c333341541838b9acc8fc7312b5fac21fca
Author: Jeremy Solt <jsolt at tresys.com>
Date: Wed Mar 24 11:54:10 2010 -0400
Bluetooth patch (sys_admin and debugfs) from Dan Walsh
Added comments to reference redhat bugs
policy/modules/services/bluetooth.te | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index b4fd914..105055f 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -54,7 +54,8 @@ files_pid_file(bluetooth_var_run_t)
# Bluetooth services local policy
#
-allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_tty_config ipc_lock };
+#sys_admin capability - redhat bug 573015
+allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_admin sys_tty_config ipc_lock };
dontaudit bluetooth_t self:capability sys_tty_config;
allow bluetooth_t self:process { getcap setcap getsched signal_perms };
allow bluetooth_t self:fifo_file rw_fifo_file_perms;
@@ -96,6 +97,8 @@ kernel_read_kernel_sysctls(bluetooth_t)
kernel_read_system_state(bluetooth_t)
kernel_read_network_state(bluetooth_t)
kernel_request_load_module(bluetooth_t)
+#search debugfs - redhat bug 548206
+kernel_search_debugfs(bluetooth_t)
corenet_all_recvfrom_unlabeled(bluetooth_t)
corenet_all_recvfrom_netlabel(bluetooth_t)
More information about the scm-commits
mailing list