minor fixes
This commit is contained in:
Chris PeBenito
parent
b5860610b4
commit
f9cfa192a4
@ -37,7 +37,7 @@ allow udev_t udev_tbl_t:file { create ioctl read getattr lock write setattr appe
|
|||||||
|
|
||||||
kernel_read_system_state(udev_t)
|
kernel_read_system_state(udev_t)
|
||||||
kernel_get_core_interface_attributes(udev_t)
|
kernel_get_core_interface_attributes(udev_t)
|
||||||
kernel_use_kernel_fd(udev_t)
|
kernel_use_file_descriptors(udev_t)
|
||||||
kernel_read_device_sysctl(udev_t)
|
kernel_read_device_sysctl(udev_t)
|
||||||
kernel_read_hotplug_sysctl(udev_t)
|
kernel_read_hotplug_sysctl(udev_t)
|
||||||
kernel_read_modprobe_sysctl(udev_t)
|
kernel_read_modprobe_sysctl(udev_t)
|
||||||
@ -61,7 +61,7 @@ domain_execute_all_entrypoint_programs(udev_t)
|
|||||||
# Security
|
# Security
|
||||||
selinux_read_config(udev_t)
|
selinux_read_config(udev_t)
|
||||||
selinux_read_default_contexts(udev_t)
|
selinux_read_default_contexts(udev_t)
|
||||||
#selinux_read_file_contexts(udev_t)
|
selinux_read_file_contexts(udev_t)
|
||||||
|
|
||||||
modutils_insmod_transition(udev_t)
|
modutils_insmod_transition(udev_t)
|
||||||
|
|
||||||
@ -78,10 +78,6 @@ allow udev_t var_lock_t:file getattr;
|
|||||||
# TODO: Need macro for reading daemon runtime data.
|
# TODO: Need macro for reading daemon runtime data.
|
||||||
allow udev_t initrc_var_run_t:file r_file_perms;
|
allow udev_t initrc_var_run_t:file r_file_perms;
|
||||||
|
|
||||||
# Sysctl
|
|
||||||
# The following probably should be added to the kernel_read_device_sysctl() macro
|
|
||||||
#allow udev_t sysctl_dev_t:dir search;
|
|
||||||
|
|
||||||
# Devices
|
# Devices
|
||||||
allow udev_t device_t:dir { relabelfrom relabelto create_dir_perms };
|
allow udev_t device_t:dir { relabelfrom relabelto create_dir_perms };
|
||||||
file_type_auto_trans(udev_t, device_t, udev_tbl_t, file)
|
file_type_auto_trans(udev_t, device_t, udev_tbl_t, file)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user