cdrecord patch from dan.

This commit is contained in:
Chris PeBenito 2009-09-01 09:22:40 -04:00
parent 1a79193449
commit a4b6385b9d

View File

@ -1,5 +1,5 @@
policy_module(cdrecord, 2.1.0) policy_module(cdrecord, 2.1.1)
######################################## ########################################
# #
@ -28,12 +28,13 @@ ubac_constrained(cdrecord_t)
# #
allow cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio }; allow cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
allow cdrecord_t self:process { getsched setsched sigkill }; allow cdrecord_t self:process { getcap getsched setsched sigkill };
allow cdrecord_t self:unix_dgram_socket create_socket_perms; allow cdrecord_t self:unix_dgram_socket create_socket_perms;
allow cdrecord_t self:unix_stream_socket create_stream_socket_perms; allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
# allow searching for cdrom-drive # allow searching for cdrom-drive
dev_list_all_dev_nodes(cdrecord_t) dev_list_all_dev_nodes(cdrecord_t)
dev_read_sysfs(cdrecord_t)
domain_interactive_fd(cdrecord_t) domain_interactive_fd(cdrecord_t)
domain_use_interactive_fds(cdrecord_t) domain_use_interactive_fds(cdrecord_t)
@ -44,6 +45,7 @@ term_use_controlling_term(cdrecord_t)
term_list_ptys(cdrecord_t) term_list_ptys(cdrecord_t)
# allow cdrecord to write the CD # allow cdrecord to write the CD
storage_raw_read_removable_device(cdrecord_t)
storage_raw_write_removable_device(cdrecord_t) storage_raw_write_removable_device(cdrecord_t)
storage_write_scsi_generic(cdrecord_t) storage_write_scsi_generic(cdrecord_t)