- Update to ref policy
- cgred needs chown capability - Add /dev/crash crash_dev_t - systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability
This commit is contained in:
parent
812781becc
commit
d3861ceab3
@ -1242,10 +1242,10 @@ index 47c4723..4866a08 100644
|
||||
+ domtrans_pattern($1, readahead_exec_t, readahead_t)
|
||||
+')
|
||||
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
|
||||
index b4ac57e..e2d07b1 100644
|
||||
index b4ac57e..c00f4d9 100644
|
||||
--- a/policy/modules/admin/readahead.te
|
||||
+++ b/policy/modules/admin/readahead.te
|
||||
@@ -16,6 +16,7 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t;
|
||||
@@ -16,13 +16,14 @@ typealias readahead_var_lib_t alias readahead_etc_rw_t;
|
||||
|
||||
type readahead_var_run_t;
|
||||
files_pid_file(readahead_var_run_t)
|
||||
@ -1253,6 +1253,14 @@ index b4ac57e..e2d07b1 100644
|
||||
|
||||
########################################
|
||||
#
|
||||
# Local policy
|
||||
#
|
||||
|
||||
-allow readahead_t self:capability { fowner dac_override dac_read_search };
|
||||
+allow readahead_t self:capability { sys_admin fowner dac_override dac_read_search };
|
||||
dontaudit readahead_t self:capability { net_admin sys_tty_config };
|
||||
allow readahead_t self:process { setsched signal_perms };
|
||||
|
||||
@@ -31,7 +32,9 @@ manage_files_pattern(readahead_t, readahead_var_lib_t, readahead_var_lib_t)
|
||||
files_search_var_lib(readahead_t)
|
||||
|
||||
|
@ -476,6 +476,7 @@ exit 0
|
||||
- Update to ref policy
|
||||
- cgred needs chown capability
|
||||
- Add /dev/crash crash_dev_t
|
||||
- systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability
|
||||
|
||||
* Tue Feb 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-10
|
||||
- New labeling for postfmulti #675654
|
||||
|
Loading…
Reference in New Issue
Block a user