1 |
commit: 7e6eaa2e942d4ea5924fceabf404167b80f93a50 |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Fri May 27 20:44:51 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 25 17:03:59 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7e6eaa2e |
7 |
|
8 |
virt: virtlockd doesnt need ps_process_pattern |
9 |
|
10 |
policy/modules/contrib/virt.te | 6 ++++-- |
11 |
1 file changed, 4 insertions(+), 2 deletions(-) |
12 |
|
13 |
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te |
14 |
index 63fef29b..b80abb97 100644 |
15 |
--- a/policy/modules/contrib/virt.te |
16 |
+++ b/policy/modules/contrib/virt.te |
17 |
@@ -1308,6 +1308,10 @@ kernel_dontaudit_read_system_state(virt_leaseshelper_t) |
18 |
allow virtlockd_t self:capability dac_override; |
19 |
allow virtlockd_t self:fifo_file rw_fifo_file_perms; |
20 |
|
21 |
+allow virtlockd_t virtd_t:dir list_dir_perms; |
22 |
+allow virtlockd_t virtd_t:file read_file_perms; |
23 |
+allow virtlockd_t virtd_t:lnk_file read_lnk_file_perms; |
24 |
+ |
25 |
allow virtlockd_t virt_image_type:dir list_dir_perms; |
26 |
allow virtlockd_t virt_image_type:file rw_file_perms; |
27 |
|
28 |
@@ -1326,8 +1330,6 @@ files_pid_filetrans(virtlockd_t, virtlockd_run_t, file) |
29 |
|
30 |
can_exec(virtlockd_t, virtlockd_exec_t) |
31 |
|
32 |
-ps_process_pattern(virtlockd_t, virtd_t) |
33 |
- |
34 |
files_read_etc_files(virtlockd_t) |
35 |
files_list_var_lib(virtlockd_t) |