On Tue, Aug 24, 2004 at 05:01:26PM +0100, Luke Kenneth Casson Leighton wrote:
> diff -Naur
> --- default.1.14/domains/program/udev.te 2004-08-02 08:28:37.000000000 +0100
> +++ current/domains/program/udev.te 2004-08-06 19:20:29.000000000 +0100
> @@ -79,3 +83,15 @@
> domain_auto_trans(udev_t, ifconfig_exec_t, ifconfig_t)
>
> dontaudit udev_t file_t:dir search;
> +
> +# hacked stuff...
> +
> +can_ps(udev_t, domain)
> +
> +# for /etc/dev.d/net/hotplug.dev
> +
> +allow udev_t etc_runtime_t:file { append lock write };
> +can_exec(udev_t hotplug_etc_t)
^^^^^^
yes my policy _does_ really have this (spotted it just now)
without the comma.
no, the policy compiler _doesn't_ spot it.
l.
