add rootfs dontaudits for use in init.te
This commit is contained in:
parent
053f6a200a
commit
7aebdb853d
@ -67,6 +67,34 @@ type root_t;
|
||||
class dir { getattr search read write add_name };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# files_ignore_modify_rootfs_file(domain,[`optional'])
|
||||
#
|
||||
define(`files_ignore_modify_rootfs_file',`
|
||||
requires_block_template(files_ignore_modify_rootfs_file_depend,$2)
|
||||
dontaudit $1 root_t:file { read write };
|
||||
')
|
||||
|
||||
define(`files_ignore_modify_rootfs_file_depend',`
|
||||
type root_t;
|
||||
class file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# files_ignore_modify_rootfs_device(domain,[`optional'])
|
||||
#
|
||||
define(`files_ignore_modify_rootfs_device',`
|
||||
requires_block_template(files_ignore_modify_rootfs_device_depend,$2)
|
||||
dontaudit $1 root_t:chr_file { read write };
|
||||
')
|
||||
|
||||
define(`files_ignore_modify_rootfs_device_depend',`
|
||||
type root_t;
|
||||
class chr_file { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# files_create_private_root_dir_entry(domain,privatetype,[class(es)],[`optional'])
|
||||
|
Loading…
Reference in New Issue
Block a user