modutils: libkmod mmap()s modules.dep and *.ko's
Note that not only kmod needs this permission, other libkmod consumers like udev require it, too. Hence I'm adding the permission to the relevant interfaces.
This commit is contained in:
parent
7025086a9c
commit
14107ce1c0
|
@ -34,7 +34,7 @@ interface(`modutils_read_module_deps',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_list_kernel_modules($1)
|
files_list_kernel_modules($1)
|
||||||
allow $1 modules_dep_t:file read_file_perms;
|
allow $1 modules_dep_t:file { read_file_perms map };
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -53,7 +53,7 @@ interface(`modutils_read_module_objects',`
|
||||||
')
|
')
|
||||||
|
|
||||||
files_list_kernel_modules($1)
|
files_list_kernel_modules($1)
|
||||||
allow $1 modules_object_t:file read_file_perms;
|
allow $1 modules_object_t:file { read_file_perms map };
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|
|
@ -46,9 +46,11 @@ list_dirs_pattern(kmod_t, modules_conf_t, modules_conf_t)
|
||||||
read_files_pattern(kmod_t, modules_conf_t, modules_conf_t)
|
read_files_pattern(kmod_t, modules_conf_t, modules_conf_t)
|
||||||
list_dirs_pattern(kmod_t, modules_dep_t, modules_dep_t)
|
list_dirs_pattern(kmod_t, modules_dep_t, modules_dep_t)
|
||||||
manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t)
|
manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t)
|
||||||
|
allow kmod_t modules_dep_t:file map;
|
||||||
filetrans_add_pattern(kmod_t, modules_object_t, modules_dep_t, file)
|
filetrans_add_pattern(kmod_t, modules_object_t, modules_dep_t, file)
|
||||||
create_files_pattern(kmod_t, modules_object_t, modules_dep_t)
|
create_files_pattern(kmod_t, modules_object_t, modules_dep_t)
|
||||||
delete_files_pattern(kmod_t, modules_object_t, modules_dep_t)
|
delete_files_pattern(kmod_t, modules_object_t, modules_dep_t)
|
||||||
|
allow kmod_t modules_object_t:file map;
|
||||||
|
|
||||||
can_exec(kmod_t, kmod_exec_t)
|
can_exec(kmod_t, kmod_exec_t)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue