'allow XXXX udev_tdb_t:dir r_dir_perms' needed...
Daniel J Walsh
dwalsh at redhat.com
Wed Dec 22 17:58:23 UTC 2004
Tom London wrote:
>Running strict/enforcing, latest Rawhide....
>
>X fails to come up, etc.
>
>Looks like
> allow XXXX udev_tdb_t:dir r_dir_perms;
>is needed pretty generally, especially
>for xdm_t, xdm_server_t, ptal_t, pam_console_t,
>lvm_t, hald_t, gpm_t, cupsd_t. Even
>user_t seems to want it for configuring esd.
>
>Should this be added to macros somewhere?
>
>tom
>
>
Does this solve the problem?
diff -u global_macros.te~ global_macros.te
--- global_macros.te~ 2004-12-22 11:18:14.000000000 -0500
+++ global_macros.te 2004-12-22 12:56:43.883461279 -0500
@@ -242,7 +242,7 @@
allow $1_t { self proc_t }:dir r_dir_perms;
allow $1_t { self proc_t }:lnk_file read;
-allow $1_t device_t:dir { getattr search };
+r_dir_file($1_t, device_t)
allow $1_t null_device_t:chr_file rw_file_perms;
dontaudit $1_t console_device_t:chr_file rw_file_perms;
dontaudit $1_t unpriv_userdomain:fd use;
More information about the selinux
mailing list