* [refpolicy] [PATCH 1/2] Label /bin/fusermount like /usr/bin/fusermount @ 2013-12-16 16:08 Laurent Bigonville 2013-12-16 16:08 ` [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d Laurent Bigonville 0 siblings, 1 reply; 3+ messages in thread From: Laurent Bigonville @ 2013-12-16 16:08 UTC (permalink / raw) To: refpolicy From: Laurent Bigonville <bigon@bigon.be> On Debian, fusermount is installed under that path --- policy/modules/system/mount.fc | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc index a38605e..4619000 100644 --- a/policy/modules/system/mount.fc +++ b/policy/modules/system/mount.fc @@ -1,3 +1,4 @@ +/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) -- 1.8.5.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d 2013-12-16 16:08 [refpolicy] [PATCH 1/2] Label /bin/fusermount like /usr/bin/fusermount Laurent Bigonville @ 2013-12-16 16:08 ` Laurent Bigonville 2013-12-20 20:18 ` Christopher J. PeBenito 0 siblings, 1 reply; 3+ messages in thread From: Laurent Bigonville @ 2013-12-16 16:08 UTC (permalink / raw) To: refpolicy From: Laurent Bigonville <bigon@bigon.be> Udev is writing persistent rules in /etc/udev/rules.d to ensure the network interfaces and storage devices have a persistent name. This patch has been taken from the Fedora policy --- policy/modules/system/udev.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index 1643ae0..bcb4bd9 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -68,7 +68,8 @@ allow udev_t udev_tbl_t:file manage_file_perms; dev_filetrans(udev_t, udev_tbl_t, file) list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t) -read_files_pattern(udev_t, udev_rules_t, udev_rules_t) +manage_files_pattern(udev_t, udev_rules_t, udev_rules_t) +manage_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t) manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t) manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t) -- 1.8.5.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d 2013-12-16 16:08 ` [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d Laurent Bigonville @ 2013-12-20 20:18 ` Christopher J. PeBenito 0 siblings, 0 replies; 3+ messages in thread From: Christopher J. PeBenito @ 2013-12-20 20:18 UTC (permalink / raw) To: refpolicy On 12/16/13 11:08, Laurent Bigonville wrote: > From: Laurent Bigonville <bigon@bigon.be> > > Udev is writing persistent rules in /etc/udev/rules.d to ensure the > network interfaces and storage devices have a persistent name. > > This patch has been taken from the Fedora policy > --- > policy/modules/system/udev.te | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te > index 1643ae0..bcb4bd9 100644 > --- a/policy/modules/system/udev.te > +++ b/policy/modules/system/udev.te > @@ -68,7 +68,8 @@ allow udev_t udev_tbl_t:file manage_file_perms; > dev_filetrans(udev_t, udev_tbl_t, file) > > list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t) > -read_files_pattern(udev_t, udev_rules_t, udev_rules_t) > +manage_files_pattern(udev_t, udev_rules_t, udev_rules_t) > +manage_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t) > > manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t) > manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t) Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-12-20 20:18 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-12-16 16:08 [refpolicy] [PATCH 1/2] Label /bin/fusermount like /usr/bin/fusermount Laurent Bigonville 2013-12-16 16:08 ` [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d Laurent Bigonville 2013-12-20 20:18 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.