Chris PeBenito
GitHub
commit
89488a5b26
@ -3,6 +3,9 @@
|
||||
/usr/bin/bcfg2 -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/debuginfo-install -- gen_context(system_u:object_r:debuginfo_exec_t,s0)
|
||||
/usr/bin/dnf -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/dnf-[0-9]+ -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/dnf-automatic -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/dnf-automatic-[0-9]+ -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/fedora-rmdevelrpms -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
|
||||
@ -360,7 +360,7 @@ systemd_log_parse_environment(systemd_backlight_t)
|
||||
# Allow systemd-backlight to write to /sys/class/backlight/*/brightness
|
||||
dev_rw_sysfs(systemd_backlight_t)
|
||||
|
||||
kernel_dontaudit_search_kernel_sysctl(systemd_backlight_t)
|
||||
kernel_read_kernel_sysctls(systemd_backlight_t)
|
||||
|
||||
# for udev.conf
|
||||
files_read_etc_files(systemd_backlight_t)
|
||||
@ -370,6 +370,9 @@ udev_read_runtime_files(systemd_backlight_t)
|
||||
|
||||
files_search_var_lib(systemd_backlight_t)
|
||||
|
||||
fs_getattr_all_fs(systemd_backlight_t)
|
||||
fs_search_cgroup_dirs(systemd_backlight_t)
|
||||
|
||||
#######################################
|
||||
#
|
||||
# Binfmt local policy
|
||||
@ -469,7 +472,7 @@ seutil_search_default_contexts(systemd_coredump_t)
|
||||
#
|
||||
|
||||
allow systemd_generator_t self:fifo_file rw_fifo_file_perms;
|
||||
allow systemd_generator_t self:capability dac_override;
|
||||
allow systemd_generator_t self:capability { dac_override sys_admin };
|
||||
allow systemd_generator_t self:process setfscreate;
|
||||
|
||||
corecmd_exec_shell(systemd_generator_t)
|
||||
@ -699,6 +702,7 @@ fs_getattr_all_fs(systemd_hostnamed_t)
|
||||
|
||||
selinux_use_status_page(systemd_hostnamed_t)
|
||||
|
||||
seutil_read_config(systemd_hostnamed_t)
|
||||
seutil_read_file_contexts(systemd_hostnamed_t)
|
||||
|
||||
sysnet_etc_filetrans_config(systemd_hostnamed_t)
|
||||
@ -1391,8 +1395,7 @@ manage_dirs_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_v
|
||||
manage_files_pattern(systemd_rfkill_t, systemd_rfkill_var_lib_t, systemd_rfkill_var_lib_t)
|
||||
init_var_lib_filetrans(systemd_rfkill_t, systemd_rfkill_var_lib_t, dir)
|
||||
|
||||
fs_getattr_cgroup(systemd_rfkill_t)
|
||||
fs_getattr_xattr_fs(systemd_rfkill_t)
|
||||
fs_getattr_all_fs(systemd_rfkill_t)
|
||||
|
||||
kernel_getattr_proc(systemd_rfkill_t)
|
||||
kernel_read_kernel_sysctls(systemd_rfkill_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user