commit
883cfaed99
policy/modules/system
@ -719,6 +719,7 @@ kernel_dontaudit_getattr_proc(systemd_hostnamed_t)
|
||||
dev_read_sysfs(systemd_hostnamed_t)
|
||||
|
||||
files_read_etc_files(systemd_hostnamed_t)
|
||||
files_read_etc_runtime_files(systemd_hostnamed_t)
|
||||
|
||||
fs_getattr_all_fs(systemd_hostnamed_t)
|
||||
|
||||
@ -726,6 +727,8 @@ init_delete_runtime_files(systemd_hostnamed_t)
|
||||
init_read_runtime_files(systemd_hostnamed_t)
|
||||
init_write_runtime_files(systemd_hostnamed_t)
|
||||
|
||||
miscfiles_read_localization(systemd_hostnamed_t)
|
||||
|
||||
selinux_use_status_page(systemd_hostnamed_t)
|
||||
|
||||
seutil_read_config(systemd_hostnamed_t)
|
||||
@ -1510,7 +1513,7 @@ logging_send_syslog_msg(systemd_pstore_t)
|
||||
# Rfkill local policy
|
||||
#
|
||||
|
||||
allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read setopt };
|
||||
allow systemd_rfkill_t self:netlink_kobject_uevent_socket { bind create getattr read getopt setopt };
|
||||
|
||||
manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
|
||||
manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
|
||||
|
@ -40,7 +40,7 @@ optional_policy(`
|
||||
|
||||
allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
|
||||
allow udev_t self:capability2 { wake_alarm block_suspend };
|
||||
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
|
||||
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate setrlimit getrlimit };
|
||||
allow udev_t self:fd use;
|
||||
allow udev_t self:fifo_file rw_fifo_file_perms;
|
||||
allow udev_t self:sock_file read_sock_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user