nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

RAID patch from Dan Walsh.

Browse Source
This commit is contained in:
Chris PeBenito 2009-11-25 11:17:19 -05:00
parent c8d563fcbc
commit 0cad9a734e
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/system/raid.fc
View File

@ -1,3 +1,4 @@
/dev/.mdadm.map -- gen_context(system_u:object_r:mdadm_map_t,s0)
/sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0) /sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0)
/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0) /sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0)

9
policy/modules/system/raid.te
View File

@ -1,5 +1,5 @@
policy_module(raid, 1.9.0) policy_module(raid, 1.9.1)
######################################## ########################################
# #
@ -11,6 +11,9 @@ type mdadm_exec_t;
init_daemon_domain(mdadm_t, mdadm_exec_t) init_daemon_domain(mdadm_t, mdadm_exec_t)
role system_r types mdadm_t; role system_r types mdadm_t;
type mdadm_map_t;
files_type(mdadm_map_t)
type mdadm_var_run_t; type mdadm_var_run_t;
files_pid_file(mdadm_var_run_t) files_pid_file(mdadm_var_run_t)
@ -24,6 +27,10 @@ dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal }; allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
allow mdadm_t self:fifo_file rw_fifo_file_perms; allow mdadm_t self:fifo_file rw_fifo_file_perms;
# create .mdadm files in /dev
allow mdadm_t mdadm_map_t:file manage_file_perms;
dev_filetrans(mdadm_t, mdadm_map_t, file)
manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t) manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
files_pid_filetrans(mdadm_t, mdadm_var_run_t, file) files_pid_filetrans(mdadm_t, mdadm_var_run_t, file)