[selinux-policy: 2846/3172] Allow prelink to read dbus config/Broken nsplugin_config wants the kernel to load modules for it. mo
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:13:22 UTC 2010
commit 3fdb12decdf6251cf79272fb9585dafb465a4b4a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 31 08:54:18 2010 -0400
Allow prelink to read dbus config/Broken
nsplugin_config wants the kernel to load modules for it.
mount writes into livecd_tmp_t directories
policy/modules/admin/prelink.te | 5 +++++
policy/modules/apps/nsplugin.te | 1 +
policy/modules/system/mount.te | 4 ++++
3 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
index 0154b77..cdbadda 100644
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -175,3 +175,8 @@ optional_policy(`
rpm_read_db(prelink_cron_system_t)
')
')
+ifdef(`hide_broken_symptoms', `
+ optional_policy(`
+ dbus_read_config(prelink_t)
+ ')
+')
diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
index ccb1203..7c8e23b 100644
--- a/policy/modules/apps/nsplugin.te
+++ b/policy/modules/apps/nsplugin.te
@@ -239,6 +239,7 @@ corecmd_exec_bin(nsplugin_config_t)
corecmd_exec_shell(nsplugin_config_t)
kernel_read_system_state(nsplugin_config_t)
+kernel_request_load_module(nsplugin_config_t)
files_read_etc_files(nsplugin_config_t)
files_read_usr_files(nsplugin_config_t)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 24ffd8a..2639086 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -269,6 +269,10 @@ optional_policy(`
')
')
+optional_policy(`
+ livecd_rw_tmp_files(mount_t)
+')
+
# Needed for mount crypt https://bugzilla.redhat.com/show_bug.cgi?id=418711
optional_policy(`
lvm_domtrans(mount_t)
More information about the scm-commits
mailing list