1 |
commit: 77bed1b44f95619267e8a36a197fc6b5513e11ed |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Sun May 7 03:24:40 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun May 7 17:40:29 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=77bed1b4 |
7 |
|
8 |
modutils: kmod_tmpfiles_conf_t create should be allowed even for openrc |
9 |
|
10 |
policy/modules/system/modutils.te | 3 +-- |
11 |
1 file changed, 1 insertion(+), 2 deletions(-) |
12 |
|
13 |
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te |
14 |
index 1c52e0b5..80831320 100644 |
15 |
--- a/policy/modules/system/modutils.te |
16 |
+++ b/policy/modules/system/modutils.te |
17 |
@@ -49,6 +49,7 @@ manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t) |
18 |
filetrans_add_pattern(kmod_t, modules_object_t, modules_dep_t, file) |
19 |
create_files_pattern(kmod_t, modules_object_t, modules_dep_t) |
20 |
delete_files_pattern(kmod_t, modules_object_t, modules_dep_t) |
21 |
+allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms; |
22 |
|
23 |
can_exec(kmod_t, kmod_exec_t) |
24 |
|
25 |
@@ -115,8 +116,6 @@ userdom_use_user_terminals(kmod_t) |
26 |
userdom_dontaudit_search_user_home_dirs(kmod_t) |
27 |
|
28 |
ifdef(`init_systemd',` |
29 |
- # for /run/tmpfiles.d/kmod.conf |
30 |
- allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms; |
31 |
# kmod needs to create /run/tmpdiles.d |
32 |
systemd_tmpfiles_creator(kmod_t) |