- Allow all domains that can use cgroups to search tmpfs_t directory

- Allow init to send audit messages
2010-09-14 15:18:34 -04:00 · 2010-09-14 15:18:34 -04:00 · d7f2020c46
commit d7f2020c46
parent c2dae98501
2 changed files with 9 additions and 0 deletions
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',`
 	')
 	search_dirs_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -665,6 +666,7 @@ interface(`fs_list_cgroup_dirs', `
 	')
 	list_dirs_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -684,6 +686,7 @@ interface(`fs_delete_cgroup_dirs', `
 	')
 	delete_dirs_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -704,6 +707,7 @@ interface(`fs_manage_cgroup_dirs',`
 	')
 	manage_dirs_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -724,6 +728,7 @@ interface(`fs_read_cgroup_files',`
 	')
 	read_files_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -743,6 +748,7 @@ interface(`fs_write_cgroup_files', `
 	')
 	write_files_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -763,6 +769,7 @@ interface(`fs_rw_cgroup_files',`
 	')
 	rw_files_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
@ -803,6 +810,7 @@ interface(`fs_manage_cgroup_files',`
 	')
 	manage_files_pattern($1, cgroup_t, cgroup_t)
 	fs_search_tmpfs($1)
 	dev_search_sysfs($1)
 ')
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@ -191,6 +191,7 @@ init_domtrans_script(init_t)
 libs_rw_ld_so_cache(init_t)
 logging_send_syslog_msg(init_t)
 logging_send_audit_msgs(init_t)
 logging_rw_generic_logs(init_t)
 seutil_read_config(init_t)