[selinux-policy: 2914/3172] - Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit mess
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:19:26 UTC 2010
commit d7f2020c46cac5dd9814f831d72d3d82a1a47d0e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Sep 14 15:18:34 2010 -0400
- Allow all domains that can use cgroups to search tmpfs_t directory
- Allow init to send audit messages
policy/modules/kernel/filesystem.if | 8 ++++++++
policy/modules/system/init.te | 1 +
2 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 8d6d333..4eecefb 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',`
')
search_dirs_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -665,6 +666,7 @@ interface(`fs_list_cgroup_dirs', `
')
list_dirs_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -684,6 +686,7 @@ interface(`fs_delete_cgroup_dirs', `
')
delete_dirs_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -704,6 +707,7 @@ interface(`fs_manage_cgroup_dirs',`
')
manage_dirs_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -724,6 +728,7 @@ interface(`fs_read_cgroup_files',`
')
read_files_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -743,6 +748,7 @@ interface(`fs_write_cgroup_files', `
')
write_files_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -763,6 +769,7 @@ interface(`fs_rw_cgroup_files',`
')
rw_files_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
@@ -803,6 +810,7 @@ interface(`fs_manage_cgroup_files',`
')
manage_files_pattern($1, cgroup_t, cgroup_t)
+ fs_search_tmpfs($1)
dev_search_sysfs($1)
')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index e0dc975..1b6733f 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -191,6 +191,7 @@ init_domtrans_script(init_t)
libs_rw_ld_so_cache(init_t)
logging_send_syslog_msg(init_t)
+logging_send_audit_msgs(init_t)
logging_rw_generic_logs(init_t)
seutil_read_config(init_t)
More information about the scm-commits
mailing list