Modutils patch from Dan Walsh.

2010-03-17 11:59:14 -04:00 · 2010-03-17 11:59:14 -04:00 · d13c6758a4
commit d13c6758a4
parent 0417386142
1 changed files with 3 additions and 2 deletions
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@ -1,5 +1,5 @@

-policy_module(modutils, 1.9.2)
+policy_module(modutils, 1.9.3)

 gen_require(`
 	bool secure_mode_insmod;
@ -136,7 +136,6 @@ corecmd_exec_bin(insmod_t)
 corecmd_exec_shell(insmod_t)

 dev_rw_sysfs(insmod_t)
-dev_mount_usbfs(insmod_t)
 dev_search_usbfs(insmod_t)
 dev_rw_mtrr(insmod_t)
 dev_read_urand(insmod_t)
@ -161,6 +160,7 @@ files_dontaudit_search_isid_type_dirs(insmod_t)
 files_write_kernel_modules(insmod_t)

 fs_getattr_xattr_fs(insmod_t)
+fs_dontaudit_use_tmpfs_chr_dev(insmod_t)

 init_rw_initctl(insmod_t)
 init_use_fds(insmod_t)
@ -232,6 +232,7 @@ optional_policy(`

 optional_policy(`
 	unconfined_domain(insmod_t)
+	unconfined_dontaudit_rw_pipes(insmod_t)
 ')

 optional_policy(`