nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove cgroup_t usage in cgroup_admin() since it is not owned by the module.

Browse Source
This commit is contained in:
Chris PeBenito 2010-06-08 09:12:03 -04:00
parent 860c05d9de
commit 0041a78ef7
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/services/cgroup.if
View File

@ -121,7 +121,7 @@ interface(`cgroup_admin',`
gen_require(` gen_require(`
type cgred_t, cgconfigparser_t, cgred_var_run_t; type cgred_t, cgconfigparser_t, cgred_var_run_t;
type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t; type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
type cgred_etc_t, cgroup_t; type cgred_etc_t;
') ')
allow $1 cgconfigparser_t:process { ptrace signal_perms getattr }; allow $1 cgconfigparser_t:process { ptrace signal_perms getattr };
@ -130,8 +130,6 @@ interface(`cgroup_admin',`
allow $1 cgred_t:process { ptrace signal_perms getattr }; allow $1 cgred_t:process { ptrace signal_perms getattr };
read_files_pattern($1, cgred_t, cgred_t) read_files_pattern($1, cgred_t, cgred_t)
admin_pattern($1, cgroup_t)
admin_pattern($1, cgconfig_etc_t) admin_pattern($1, cgconfig_etc_t)
admin_pattern($1, cgred_etc_t) admin_pattern($1, cgred_etc_t)
files_search_etc($1) files_search_etc($1)