| 1 |
commit: 900b67711c6e9c97828a61cc4922a0bc8b9b535f |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Fri May 27 20:44:51 2016 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Apr 30 09:31:51 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=900b6771 |
| 7 |
|
| 8 |
virt: virtlockd doesnt need ps_process_pattern |
| 9 |
|
| 10 |
policy/modules/contrib/virt.te | 6 ++++-- |
| 11 |
1 file changed, 4 insertions(+), 2 deletions(-) |
| 12 |
|
| 13 |
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te |
| 14 |
index e1a3bcaf..42e68a29 100644 |
| 15 |
--- a/policy/modules/contrib/virt.te |
| 16 |
+++ b/policy/modules/contrib/virt.te |
| 17 |
@@ -1308,6 +1308,10 @@ kernel_dontaudit_read_system_state(virt_leaseshelper_t) |
| 18 |
allow virtlockd_t self:capability dac_override; |
| 19 |
allow virtlockd_t self:fifo_file rw_fifo_file_perms; |
| 20 |
|
| 21 |
+allow virtlockd_t virtd_t:dir list_dir_perms; |
| 22 |
+allow virtlockd_t virtd_t:file read_file_perms; |
| 23 |
+allow virtlockd_t virtd_t:lnk_file read_lnk_file_perms; |
| 24 |
+ |
| 25 |
allow virtlockd_t virt_image_type:dir list_dir_perms; |
| 26 |
allow virtlockd_t virt_image_type:file rw_file_perms; |
| 27 |
|
| 28 |
@@ -1326,8 +1330,6 @@ files_pid_filetrans(virtlockd_t, virtlockd_run_t, file) |
| 29 |
|
| 30 |
can_exec(virtlockd_t, virtlockd_exec_t) |
| 31 |
|
| 32 |
-ps_process_pattern(virtlockd_t, virtd_t) |
| 33 |
- |
| 34 |
files_read_etc_files(virtlockd_t) |
| 35 |
files_list_var_lib(virtlockd_t) |
Archives