[selinux-policy: 201/3172] move in stuff from rpm
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:22:20 UTC 2010
commit 39255175ca1cd45d7547de1ac0fc0896d0e006b4
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon May 23 17:01:51 2005 +0000
move in stuff from rpm
refpolicy/policy/modules/system/init.te | 16 ++++++++++++++++
1 files changed, 16 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index bfc3a60..4ea8f37 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -359,4 +359,20 @@ dontaudit initrc_t mail_spool_t:lnk_file read;
# for lsof which is used by alsa shutdown
dontaudit initrc_t domain:{ udp_socket tcp_socket fifo_file unix_dgram_socket } getattr;
+
+optional_policy(`rpm.te',`
+# Access /var/lib/rpm.
+allow initrc_t rpm_var_lib_t:dir rw_dir_perms;
+allow initrc_t rpm_var_lib_t:file create_file_perms;
+
+# for a bug in rm
+dontaudit initrc_t pidfile:file write;
+
+# bash tries to access a block device in the initrd
+dontaudit initrc_t unlabeled_t:blk_file getattr;
+
+# bash tries ioctl for some reason
+dontaudit initrc_t pidfile:file ioctl;
+') dnl end rpm.te
+
') dnl end TODO
More information about the scm-commits
mailing list