- Update to ref policy

- cgred needs chown capability
- Add /dev/crash crash_dev_t
- systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability
This commit is contained in:
Dan Walsh 2011-02-08 18:00:22 -05:00
parent 812781becc
commit d3861ceab3
2 changed files with 11 additions and 2 deletions

View File

@ -1242,10 +1242,10 @@ index 47c4723..4866a08 100644
+ domtrans_pattern($1, readahead_exec_t, readahead_t)
+')
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index b4ac57e..e2d07b1 100644
index b4ac57e..c00f4d9 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -16,6 +16,7 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t;
@@ -16,13 +16,14 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t;
type readahead_var_run_t;
files_pid_file(readahead_var_run_t)
@ -1253,6 +1253,14 @@ index b4ac57e..e2d07b1 100644
########################################
#
# Local policy
#
-allow readahead_t self:capability { fowner dac_override dac_read_search };
+allow readahead_t self:capability { sys_admin fowner dac_override dac_read_search };
dontaudit readahead_t self:capability { net_admin sys_tty_config };
allow readahead_t self:process { setsched signal_perms };
@@ -31,7 +32,9 @@ manage_files_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
files_search_var_lib(readahead_t)

View File

@ -476,6 +476,7 @@ exit 0
- Update to ref policy
- cgred needs chown capability
- Add /dev/crash crash_dev_t
- systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability
* Tue Feb 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-10
- New labeling for postfmulti #675654