Add missing kernel_rw_security_state()
This commit is contained in:
parent
8155b37c25
commit
06cfcd1c01
@ -14897,7 +14897,7 @@ index 7be4ddf..d5ef507 100644
|
|||||||
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
|
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
|
||||||
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
|
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||||
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
|
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
|
||||||
index e100d88..c8e32a2 100644
|
index e100d88..854e39d 100644
|
||||||
--- a/policy/modules/kernel/kernel.if
|
--- a/policy/modules/kernel/kernel.if
|
||||||
+++ b/policy/modules/kernel/kernel.if
|
+++ b/policy/modules/kernel/kernel.if
|
||||||
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
|
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
|
||||||
@ -15349,7 +15349,7 @@ index e100d88..c8e32a2 100644
|
|||||||
## Unconfined access to kernel module resources.
|
## Unconfined access to kernel module resources.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -2972,5 +3192,505 @@ interface(`kernel_unconfined',`
|
@@ -2972,5 +3192,525 @@ interface(`kernel_unconfined',`
|
||||||
')
|
')
|
||||||
|
|
||||||
typeattribute $1 kern_unconfined;
|
typeattribute $1 kern_unconfined;
|
||||||
@ -15746,6 +15746,26 @@ index e100d88..c8e32a2 100644
|
|||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Allow caller to read the security state symbolic links.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`kernel_rw_security_state',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type proc_t, proc_security_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ rw_files_pattern($1, { proc_t proc_security_t }, proc_security_t)
|
||||||
|
+
|
||||||
|
+ list_dirs_pattern($1, proc_t, proc_security_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
+## Read and write userhelper state
|
+## Read and write userhelper state
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
|
Loading…
Reference in New Issue
Block a user