[selinux-policy: 2322/3172] Permission set updates from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:26:12 UTC 2010
commit c8d563fcbcf08d906d2be3cbab8e0113f6b5cafb
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Nov 25 10:52:16 2009 -0500
Permission set updates from Dan Walsh.
policy/support/obj_perm_sets.spt | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index e3939d6..caa8121 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -201,7 +201,7 @@ define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
define(`read_file_perms',`{ getattr open read lock ioctl }')
define(`mmap_file_perms',`{ getattr open read execute ioctl }')
-define(`exec_file_perms',`{ getattr open read execute execute_no_trans }')
+define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
define(`append_file_perms',`{ getattr open append lock ioctl }')
define(`write_file_perms',`{ getattr open write append lock ioctl }')
define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
@@ -225,7 +225,7 @@ define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }')
define(`create_lnk_file_perms',`{ create getattr }')
define(`rename_lnk_file_perms',`{ getattr rename }')
define(`delete_lnk_file_perms',`{ getattr unlink }')
-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
+define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
@@ -312,3 +312,8 @@ define(`rw_term_perms', `{ getattr open read write ioctl }')
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
+
+#
+# Keys
+#
+define(`manage_key_perms', `{ create link read search setattr view write } ')
More information about the scm-commits
mailing list