| 1 |
commit: 77bed1b44f95619267e8a36a197fc6b5513e11ed |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Sun May 7 03:24:40 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun May 7 17:40:29 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=77bed1b4 |
| 7 |
|
| 8 |
modutils: kmod_tmpfiles_conf_t create should be allowed even for openrc |
| 9 |
|
| 10 |
policy/modules/system/modutils.te | 3 +-- |
| 11 |
1 file changed, 1 insertion(+), 2 deletions(-) |
| 12 |
|
| 13 |
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te |
| 14 |
index 1c52e0b5..80831320 100644 |
| 15 |
--- a/policy/modules/system/modutils.te |
| 16 |
+++ b/policy/modules/system/modutils.te |
| 17 |
@@ -49,6 +49,7 @@ manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t) |
| 18 |
filetrans_add_pattern(kmod_t, modules_object_t, modules_dep_t, file) |
| 19 |
create_files_pattern(kmod_t, modules_object_t, modules_dep_t) |
| 20 |
delete_files_pattern(kmod_t, modules_object_t, modules_dep_t) |
| 21 |
+allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms; |
| 22 |
|
| 23 |
can_exec(kmod_t, kmod_exec_t) |
| 24 |
|
| 25 |
@@ -115,8 +116,6 @@ userdom_use_user_terminals(kmod_t) |
| 26 |
userdom_dontaudit_search_user_home_dirs(kmod_t) |
| 27 |
|
| 28 |
ifdef(`init_systemd',` |
| 29 |
- # for /run/tmpfiles.d/kmod.conf |
| 30 |
- allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms; |
| 31 |
# kmod needs to create /run/tmpdiles.d |
| 32 |
systemd_tmpfiles_creator(kmod_t) |
Archives