setrans patch from Dan Walsh

Edits: - Leaving out the mls_trusted_object(setrans_t) for now
2010-09-24 16:14:00 -04:00 · 2010-09-24 16:14:00 -04:00 · 1b0ce6c984
parent d8572a6f5f
commit 1b0ce6c984
1 changed files with 2 additions and 1 deletions
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@ -44,9 +44,10 @@ can_exec(setrans_t, setrans_exec_t)
 corecmd_search_bin(setrans_t)

 # create unix domain socket in /var
+manage_dirs_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
 manage_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
 manage_sock_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
-files_pid_filetrans(setrans_t, setrans_var_run_t, file)
+files_pid_filetrans(setrans_t, setrans_var_run_t, { file dir })

 kernel_read_kernel_sysctls(setrans_t)
 kernel_read_proc_symlinks(setrans_t)