bootloader: permission set.
Signed-off-by: Dominick Grift <domg472@gmail.com>
This commit is contained in:
parent
eac0de8785
commit
23f4caad54
|
@ -39,7 +39,7 @@ dev_node(bootloader_tmp_t)
|
||||||
#
|
#
|
||||||
|
|
||||||
allow bootloader_t self:capability { dac_override dac_read_search fsetid sys_rawio sys_admin mknod chown };
|
allow bootloader_t self:capability { dac_override dac_read_search fsetid sys_rawio sys_admin mknod chown };
|
||||||
allow bootloader_t self:process { sigkill sigstop signull signal execmem };
|
allow bootloader_t self:process { signal_perms execmem };
|
||||||
allow bootloader_t self:fifo_file rw_fifo_file_perms;
|
allow bootloader_t self:fifo_file rw_fifo_file_perms;
|
||||||
|
|
||||||
allow bootloader_t bootloader_etc_t:file read_file_perms;
|
allow bootloader_t bootloader_etc_t:file read_file_perms;
|
||||||
|
@ -153,7 +153,7 @@ ifdef(`distro_redhat',`
|
||||||
allow bootloader_t self:capability ipc_lock;
|
allow bootloader_t self:capability ipc_lock;
|
||||||
|
|
||||||
# new file system defaults to file_t, granting file_t access is still bad.
|
# new file system defaults to file_t, granting file_t access is still bad.
|
||||||
allow bootloader_t boot_runtime_t:file { read_file_perms unlink };
|
allow bootloader_t boot_runtime_t:file { read_file_perms delete_file_perms };
|
||||||
|
|
||||||
# new file system defaults to file_t, granting file_t access is still bad.
|
# new file system defaults to file_t, granting file_t access is still bad.
|
||||||
files_manage_isid_type_dirs(bootloader_t)
|
files_manage_isid_type_dirs(bootloader_t)
|
||||||
|
|
Loading…
Reference in New Issue