[selinux-policy: 2071/3172] trunk: Add kernel_service access vectors, from Stephen Smalley.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:03:48 UTC 2010
commit 347a7011199a050939b6af279e9854f407afcdab
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Jan 5 21:44:33 2009 +0000
trunk: Add kernel_service access vectors, from Stephen Smalley.
Changelog | 2 ++
policy/flask/access_vectors | 6 ++++++
policy/flask/security_classes | 3 +++
3 files changed, 11 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index a7805b1..7b9c456 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Add kernel_service access vectors, from Stephen Smalley.
+
* Wed Dec 10 2008 Chris PeBenito <selinux at tresys.com> - 2.20081210
- Fix consistency of audioentropy and iscsi module naming.
- Debian file context fix for xen from Russell Coker.
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 2ba6fa5..ec763b2 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -782,3 +782,9 @@ class x_application_data
paste_after_confirm
copy
}
+
+class kernel_service
+{
+ use_as_override
+ create_files_as
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 2a03e65..9e1bf1a 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -116,4 +116,7 @@ class x_event # userspace
class x_synthetic_event # userspace
class x_application_data # userspace
+# kernel services that need to override task security, e.g. cachefiles
+class kernel_service
+
# FLASK
More information about the scm-commits
mailing list