[selinux-policy: 1605/3172] fix build error
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:23:53 UTC 2010
commit 6c63996d9b57a7d18f70870046ca6bccce712a21
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Sep 29 14:24:57 2006 +0000
fix build error
policy/modules/admin/readahead.te | 2 +-
policy/modules/kernel/devices.if | 19 +++++++++++++++++++
2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 4a4e731..138af29 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -36,7 +36,7 @@ dev_getattr_all_chr_files(readahead_t)
dev_getattr_all_blk_files(readahead_t)
dev_dontaudit_read_all_blk_files(readahead_t)
dev_dontaudit_getattr_memory_dev(readahead_t)
-dev_dontaudit_getattr_nvram(readahead_t)
+dev_dontaudit_getattr_nvram_dev(readahead_t)
storage_dontaudit_getattr_fixed_disk_dev(readahead_t)
domain_use_interactive_fds(readahead_t)
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 9ff2160..e08e393 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -1979,6 +1979,25 @@ interface(`dev_create_null_dev',`
########################################
## <summary>
+## Do not audit attempts to get the attributes
+## of the BIOS non-volatile RAM device.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dev_dontaudit_getattr_nvram_dev',`
+ gen_require(`
+ type nvram_device_t;
+ ')
+
+ dontaudit $1 nvram_device_t:chr_file getattr;
+')
+
+########################################
+## <summary>
## Read and write BIOS non-volatile RAM.
## </summary>
## <param name="domain">
More information about the scm-commits
mailing list