selinuxutil: Add map permissions neccessary for semanage

2017-09-11 08:40:53 +02:00 · 2017-09-11 08:40:53 +02:00 · bbab9e970d
commit bbab9e970d
parent c695860748
2 changed files with 5 additions and 0 deletions
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@ -1043,6 +1043,7 @@ interface(`seutil_read_module_store',`
 	list_dirs_pattern($1, selinux_config_t, semanage_store_t)
 	list_dirs_pattern($1, semanage_store_t, semanage_store_t)
 	read_files_pattern($1, semanage_store_t, semanage_store_t)
+	allow $1 semanage_store_t:file map;
 	read_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
 ')

@ -1067,6 +1068,7 @@ interface(`seutil_manage_module_store',`
 	manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
 	manage_dirs_pattern($1, semanage_store_t, semanage_store_t)
 	manage_files_pattern($1, semanage_store_t, semanage_store_t)
+	allow $1 semanage_store_t:file map;
 	manage_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
 ')

--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@ -500,6 +500,7 @@ domain_use_interactive_fds(semanage_t)

 files_read_etc_files(semanage_t)
 files_read_etc_runtime_files(semanage_t)
+files_map_usr_files(semanage_t)
 files_read_usr_files(semanage_t)
 files_list_pids(semanage_t)

@ -536,7 +537,9 @@ seutil_manage_default_contexts(semanage_t)

 # Handle pp files created in homedir and /tmp
 userdom_read_user_home_content_files(semanage_t)
+userdom_map_user_home_content_files(semanage_t)
 userdom_read_user_tmp_files(semanage_t)
+userdom_map_user_tmp_files(semanage_t)

 ifdef(`distro_debian',`
 	files_read_var_lib_files(semanage_t)