[selinux-policy: 13/3172] add rootfs dontaudits for use in init.te
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:06:06 UTC 2010
commit 7aebdb853de0636d8876db95fd6d36073d3cf2f2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 19 18:57:13 2005 +0000
add rootfs dontaudits for use in init.te
refpolicy/policy/modules/system/files.if | 28 ++++++++++++++++++++++++++++
1 files changed, 28 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 698cae3..1ac92a6 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -69,6 +69,34 @@ class dir { getattr search read write add_name };
########################################
#
+# files_ignore_modify_rootfs_file(domain,[`optional'])
+#
+define(`files_ignore_modify_rootfs_file',`
+requires_block_template(files_ignore_modify_rootfs_file_depend,$2)
+dontaudit $1 root_t:file { read write };
+')
+
+define(`files_ignore_modify_rootfs_file_depend',`
+type root_t;
+class file { read write };
+')
+
+########################################
+#
+# files_ignore_modify_rootfs_device(domain,[`optional'])
+#
+define(`files_ignore_modify_rootfs_device',`
+requires_block_template(files_ignore_modify_rootfs_device_depend,$2)
+dontaudit $1 root_t:chr_file { read write };
+')
+
+define(`files_ignore_modify_rootfs_device_depend',`
+type root_t;
+class chr_file { read write };
+')
+
+########################################
+#
# files_create_private_root_dir_entry(domain,privatetype,[class(es)],[`optional'])
#
define(`files_create_private_root_dir_entry',`
More information about the scm-commits
mailing list