minor fixes
This commit is contained in:
Chris PeBenito
parent
b5860610b4
commit
f9cfa192a4
|
|
@ -37,7 +37,7 @@ allow udev_t udev_tbl_t:file { create ioctl read getattr lock write setattr appe
|
|||
|
||||
kernel_read_system_state(udev_t)
|
||||
kernel_get_core_interface_attributes(udev_t)
|
||||
kernel_use_kernel_fd(udev_t)
|
||||
kernel_use_file_descriptors(udev_t)
|
||||
kernel_read_device_sysctl(udev_t)
|
||||
kernel_read_hotplug_sysctl(udev_t)
|
||||
kernel_read_modprobe_sysctl(udev_t)
|
||||
|
|
@ -61,7 +61,7 @@ domain_execute_all_entrypoint_programs(udev_t)
|
|||
# Security
|
||||
selinux_read_config(udev_t)
|
||||
selinux_read_default_contexts(udev_t)
|
||||
#selinux_read_file_contexts(udev_t)
|
||||
selinux_read_file_contexts(udev_t)
|
||||
|
||||
modutils_insmod_transition(udev_t)
|
||||
|
||||
|
|
@ -78,10 +78,6 @@ allow udev_t var_lock_t:file getattr;
|
|||
# TODO: Need macro for reading daemon runtime data.
|
||||
allow udev_t initrc_var_run_t:file r_file_perms;
|
||||
|
||||
# Sysctl
|
||||
# The following probably should be added to the kernel_read_device_sysctl() macro
|
||||
#allow udev_t sysctl_dev_t:dir search;
|
||||
|
||||
# Devices
|
||||
allow udev_t device_t:dir { relabelfrom relabelto create_dir_perms };
|
||||
file_type_auto_trans(udev_t, device_t, udev_tbl_t, file)
|
||||
|
|
|
|||
Loading…
Reference in New Issue