RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Run grub(2)-mkconfig in bootloader domain 

In order to write the grub configuration and perform the preliminary
checks, the grub-mkconfig command should run in the bootloader_t domain.
As such, update the file context definition to be bootloader_exec_t.
This commit is contained in:
Sven Vermeulen 2014-11-22 22:16:34 +01:00 committed by Chris PeBenito
parent f428babc50
commit fbdf5f0ef8
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/admin/bootloader.fc
View File

@ -9,4 +9,5 @@
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub2?-bios-setup -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub2?-install -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub2?-mkconfig -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub2?-probe -- gen_context(system_u:object_r:bootloader_exec_t,s0)