[selinux-policy: 3078/3172] Allow boinc projects to execute java
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:33:49 UTC 2010
commit b0a5fc3c272eb9f63106bf7807a98b7cebbe492a
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue Sep 21 16:03:36 2010 +0200
Allow boinc projects to execute java
policy/modules/services/boinc.te | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
index aaf0ba3..25475f5 100644
--- a/policy/modules/services/boinc.te
+++ b/policy/modules/services/boinc.te
@@ -27,6 +27,9 @@ role system_r types boinc_project_t;
permissive boinc_project_t;
+type boinc_project_tmp_t;
+files_tmp_file(boinc_project_tmp_t)
+
type boinc_project_var_lib_t;
files_type(boinc_project_var_lib_t)
@@ -120,6 +123,10 @@ allow boinc_project_t self:process { execmem execstack };
allow boinc_project_t self:fifo_file rw_fifo_file_perms;
+manage_dirs_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
+manage_files_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
+files_tmp_filetrans(boinc_project_t, boinc_project_tmp_t, { dir file })
+
allow boinc_project_t boinc_project_var_lib_t:file entrypoint;
exec_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
@@ -144,10 +151,16 @@ corecmd_exec_shell(boinc_project_t)
corenet_tcp_connect_boinc_port(boinc_project_t)
+dev_read_rand(boinc_project_t)
dev_read_urand(boinc_project_t)
+dev_read_sysfs(boinc_project_t)
dev_rw_xserver_misc(boinc_project_t)
files_read_etc_files(boinc_project_t)
+miscfiles_read_fonts(boinc_project_t)
miscfiles_read_localization(boinc_project_t)
+optional_policy(`
+ java_exec(boinc_project_t)
+')
More information about the scm-commits
mailing list