ba31e59cd1
This is the update I have made based on suggestions for the previous patches to add a udev_run interface. This adds the new domain udevadm_t which is entered from /usr/bin/udevadm. It seems to meet the needs that I have, but there are some things to note that are probably important. 1) There are a few systemd services that use udevadm during startup. I have granted the permisssions that I need based on denials I was seeing during startup (the machine would fail to start without the permisions). 2) In the udev.fc file there are other binaries that I don't have on a RHEL7 box that maybe should also be labeled udevadm_exec_t. e.g. /usr/bin/udevinfo and /usr/bin/udevsend But as I don't have those binaries to test, I have not updated the type of that binary. 3) There are some places that call udev_domtrans that maybe should now be using udevadm_domtrans - rpm.te, hal.te, hotplug.te. Again, these are not things that I am using in my current situation and am unable to test the interactions to know if the change is correct. Other than that, I think this was a good suggestion to split udevadm into a different domain. Only change for v4 is to use stream_connect_pattern as suggested. Signed-off-by: Dave Sugar <dsugar@tresys.com> |
||
|---|---|---|
| .. | ||
| flask | ||
| modules | ||
| support | ||
| constraints | ||
| context_defaults | ||
| global_booleans | ||
| global_tunables | ||
| mcs | ||
| mls | ||
| policy_capabilities | ||
| users | ||