RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

hotplug patch from Dan Walsh

This commit is contained in:
Jeremy Solt 2010-09-28 14:13:52 -04:00 committed by Chris PeBenito
parent 6887b79031
commit 7aeef6680f
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policy/modules/system/hotplug.te
View File

@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t)
#
allow hotplug_t self:capability { net_admin sys_tty_config mknod sys_rawio };
dontaudit hotplug_t self:capability { sys_module sys_admin sys_tty_config };
dontaudit hotplug_t self:capability { sys_module sys_admin sys_ptrace sys_tty_config };
# for access("/etc/bashrc", X_OK) on Red Hat
dontaudit hotplug_t self:capability { dac_override dac_read_search };
allow hotplug_t self:process { setpgid getsession getattr signal_perms };
@ -39,14 +39,16 @@ allow hotplug_t hotplug_etc_t:dir list_dir_perms;
can_exec(hotplug_t, hotplug_exec_t)
manage_dirs_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
manage_files_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
files_pid_filetrans(hotplug_t, hotplug_var_run_t, file)
files_pid_filetrans(hotplug_t, hotplug_var_run_t, { dir file })
kernel_sigchld(hotplug_t)
kernel_setpgid(hotplug_t)
kernel_read_system_state(hotplug_t)
kernel_read_network_state(hotplug_t)
kernel_read_kernel_sysctls(hotplug_t)
kernel_read_net_sysctls(hotplug_t)
kernel_rw_net_sysctls(hotplug_t)
files_read_kernel_modules(hotplug_t)