add audit_write and a little style cleanup.
This commit is contained in:
parent
385e624407
commit
3aab4a8398
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(clock,1.0.0)
|
||||
policy_module(clock,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -19,16 +19,15 @@ role system_r types hwclock_t;
|
||||
# Local policy
|
||||
#
|
||||
|
||||
allow hwclock_t self:process signal_perms;
|
||||
|
||||
# Give hwclock the capabilities it requires. dac_override is a surprise,
|
||||
# but hwclock does require it.
|
||||
allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config };
|
||||
allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config audit_write };
|
||||
dontaudit hwclock_t self:capability sys_tty_config;
|
||||
allow hwclock_t self:process signal_perms;
|
||||
allow hwclock_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
|
||||
|
||||
# Allow hwclock to store & retrieve correction factors.
|
||||
allow hwclock_t adjtime_t:file { setattr ioctl read getattr lock write append };
|
||||
allow hwclock_t adjtime_t:file { rw_file_perms setattr };
|
||||
|
||||
kernel_read_kernel_sysctls(hwclock_t)
|
||||
kernel_list_proc(hwclock_t)
|
||||
|
Loading…
Reference in New Issue
Block a user