devices: label /dev/sysdig0
`sysdig` is a tool that enables introspecting the system, debugging it, etc. It uses a driver that creates `/dev/sysdig0`. Define a specific label in order to be able to allow using it. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
dd04789465
commit
1a13a5410b
|
@ -113,6 +113,7 @@
|
||||||
/dev/snapshot -c gen_context(system_u:object_r:acpi_bios_t,s0)
|
/dev/snapshot -c gen_context(system_u:object_r:acpi_bios_t,s0)
|
||||||
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
|
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||||
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
|
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||||
|
/dev/sysdig[0-9] -c gen_context(system_u:object_r:sysdig_device_t,s0)
|
||||||
/dev/tee[0-9] -c gen_context(system_u:object_r:tee_device_t,s0)
|
/dev/tee[0-9] -c gen_context(system_u:object_r:tee_device_t,s0)
|
||||||
/dev/teepriv[0-9] -c gen_context(system_u:object_r:tee_priv_device_t,s0)
|
/dev/teepriv[0-9] -c gen_context(system_u:object_r:tee_priv_device_t,s0)
|
||||||
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
|
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||||
|
|
|
@ -4176,6 +4176,25 @@ interface(`dev_manage_smartcard',`
|
||||||
manage_chr_files_pattern($1, device_t, smartcard_device_t)
|
manage_chr_files_pattern($1, device_t, smartcard_device_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read, write and map the sysdig device.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dev_rw_sysdig',`
|
||||||
|
gen_require(`
|
||||||
|
type device_t, sysdig_device_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
rw_chr_files_pattern($1, device_t, sysdig_device_t)
|
||||||
|
allow $1 sysdig_device_t:chr_file map;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Mount a filesystem on sysfs.
|
## Mount a filesystem on sysfs.
|
||||||
|
|
|
@ -255,6 +255,12 @@ dev_node(smartcard_device_t)
|
||||||
type sound_device_t;
|
type sound_device_t;
|
||||||
dev_node(sound_device_t)
|
dev_node(sound_device_t)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Type for sysdig device
|
||||||
|
#
|
||||||
|
type sysdig_device_t;
|
||||||
|
dev_node(sysdig_device_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
# sysfs_t is the type for the /sys pseudofs
|
# sysfs_t is the type for the /sys pseudofs
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue