On Mon, 19 Apr 2004 23:12:29 EDT, Colin Walters <walters@xxxxxxxxxx> said: > I added stuff to try to fix this into policy, will be in the next > upload. Patch attached, let me know if it works for you... Almost right, it needs lvm_etc_t as well - fixed patch attached, thanks for the fast feedback...
*** domains/program/bootloader.te.lvm 2004-04-16 13:17:21.000000000 -0400
--- domains/program/bootloader.te 2004-04-19 23:22:52.160291952 -0400
***************
*** 50,61 ****
# maybe we should change the labeling for this
ifdef(`lvm.te', `
allow bootloader_t fixed_disk_device_t:chr_file rw_file_perms;
')
# uncomment the following line if you use "lilo -p"
#file_type_auto_trans(bootloader_t, etc_t, bootloader_etc_t, file);
! can_exec(bootloader_t, { bootloader_exec_t shell_exec_t bin_t sbin_t })
allow bootloader_t shell_exec_t:lnk_file read;
allow bootloader_t { bin_t sbin_t }:dir search;
allow bootloader_t { bin_t sbin_t }:lnk_file read;
--- 50,64 ----
# maybe we should change the labeling for this
ifdef(`lvm.te', `
allow bootloader_t fixed_disk_device_t:chr_file rw_file_perms;
+ domain_auto_trans(bootloader_t, lvm_exec_t, lvm_t)
+ domain_auto_trans(bootloader_t, lvm_etc_t, lvm_t)
+ r_dir_file(bootloader_t, lvm_t)
')
# uncomment the following line if you use "lilo -p"
#file_type_auto_trans(bootloader_t, etc_t, bootloader_etc_t, file);
! can_exec(bootloader_t, { bootloader_exec_t shell_exec_t ls_exec_t bin_t sbin_t })
allow bootloader_t shell_exec_t:lnk_file read;
allow bootloader_t { bin_t sbin_t }:dir search;
allow bootloader_t { bin_t sbin_t }:lnk_file read;
Attachment:
pgpRwzkzQU9Kx.pgp
Description: PGP signature
