RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add initrc_t to use block_suspend capability 

This is needed by nm-dispatcher.action witch is labeled as
NetworkManager_initc_exec_t and is transitioned to initrc_t
This commit is contained in:
Laurent Bigonville 2013-01-12 22:32:29 +01:00 committed by Chris PeBenito
parent 693532ae68
commit 8be0fad549
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/init.te
View File

@ -226,6 +226,7 @@ optional_policy(`
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched }; allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
allow initrc_t self:capability ~{ sys_admin sys_module }; allow initrc_t self:capability ~{ sys_admin sys_module };
allow initrc_t self:capability2 block_suspend;
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok; allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms; allow initrc_t self:key manage_key_perms;