memlockd: Move lines.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
parent
88c8189207
commit
157b7edcbb
|
@ -15,9 +15,6 @@ init_daemon_domain(memlockd_t, memlockd_exec_t)
|
|||
#
|
||||
|
||||
allow memlockd_t self:capability { setgid setuid ipc_lock };
|
||||
ifndef(`distro_debian', `
|
||||
allow memlockd_t self:capability dac_read_search;
|
||||
')
|
||||
allow memlockd_t self:fifo_file rw_file_perms;
|
||||
|
||||
# cache /etc/shadow too
|
||||
|
@ -30,10 +27,15 @@ corecmd_exec_shell(memlockd_t)
|
|||
corecmd_read_all_executables(memlockd_t)
|
||||
corecmd_search_bin(memlockd_t)
|
||||
files_read_etc_files(memlockd_t)
|
||||
libs_exec_ld_so(memlockd_t)
|
||||
files_map_etc_files(memlockd_t)
|
||||
|
||||
libs_exec_ld_so(memlockd_t)
|
||||
|
||||
logging_send_syslog_msg(memlockd_t)
|
||||
miscfiles_read_localization(memlockd_t)
|
||||
|
||||
sysnet_mmap_read_config(memlockd_t)
|
||||
|
||||
ifndef(`distro_debian', `
|
||||
allow memlockd_t self:capability dac_read_search;
|
||||
')
|
||||
|
|
Loading…
Reference in New Issue