[selinux-policy/master_contrib: 23/47] Add support for /var/lock/man-db.lock
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Jan 16 13:32:26 UTC 2013
commit effa730e00d4fd833bc6999006ed93c47a9a2138
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Jan 14 13:22:11 2013 +0100
Add support for /var/lock/man-db.lock
mandb.fc | 2 ++
mandb.te | 6 ++++++
2 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/mandb.fc b/mandb.fc
index 03f96e3..85c3827 100644
--- a/mandb.fc
+++ b/mandb.fc
@@ -3,3 +3,5 @@
/usr/bin/mandb -- gen_context(system_u:object_r:mandb_exec_t,s0)
/var/cache/man(/.*)? gen_context(system_u:object_r:mandb_cache_t,s0)
+
+/var/lock/man-db\.lock -- gen_context(system_u:object_r:mandb_lock_t,s0)
diff --git a/mandb.te b/mandb.te
index 708f675..e2f4ce0 100644
--- a/mandb.te
+++ b/mandb.te
@@ -16,6 +16,9 @@ role mandb_roles types mandb_t;
type mandb_cache_t;
files_type(mandb_cache_t)
+type mandb_lock_t;
+files_lock_file(mandb_lock_t)
+
########################################
#
# Local policy
@@ -31,6 +34,9 @@ manage_lnk_files_pattern(mandb_t, mandb_cache_t, mandb_cache_t)
files_var_filetrans(mandb_t, mandb_cache_t, { dir file lnk_file })
can_exec(mandb_t, mandb_exec_t)
+allow mandb_t mandb_lock_t:file manage_file_perms;
+files_lock_filetrans(mandb_t, mandb_lock_t, file)
+
kernel_read_system_state(mandb_t)
corecmd_exec_bin(mandb_t)
More information about the scm-commits
mailing list