nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add missing dir and file perms for selinuxfs in unconfined

This commit is contained in:
Chris PeBenito 2005-07-20 14:57:13 +00:00
parent 689f6ddb35
commit 1e3f610b3b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
refpolicy/policy/modules/kernel/selinux.if
View File

@ -279,6 +279,8 @@ interface(`selinux_unconfined',`
gen_require(` gen_require(`
attribute can_load_policy, can_setenforce, can_setsecparam; attribute can_load_policy, can_setenforce, can_setsecparam;
type security_t; type security_t;
class dir { getattr search read };
class file { getattr read write };
class security { load_policy setenforce setbool }; class security { load_policy setenforce setbool };
') ')
@ -286,5 +288,9 @@ interface(`selinux_unconfined',`
allow $1 security_t:security *; allow $1 security_t:security *;
auditallow $1 security_t:security { load_policy setenforce setbool }; auditallow $1 security_t:security { load_policy setenforce setbool };
# use SELinuxfs
allow $1 security_t:dir { getattr search read };
allow $1 secuirty_t:file { getattr read write };
typeattribute $1 can_load_policy, can_setenforce, can_setsecparam; typeattribute $1 can_load_policy, can_setenforce, can_setsecparam;
') ')