Re: 'allow XXXX udev_tdb_t:dir r_dir_perms' needed...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 22 Dec 2004 12:58:23 -0500, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> Tom London wrote:
>
> Does this solve the problem?
> 
> diff -u global_macros.te~ global_macros.te
> --- global_macros.te~   2004-12-22 11:18:14.000000000 -0500
> +++ global_macros.te    2004-12-22 12:56:43.883461279 -0500
> @@ -242,7 +242,7 @@
>  allow $1_t { self proc_t }:dir r_dir_perms;
>  allow $1_t { self proc_t }:lnk_file read;
> 
> -allow $1_t device_t:dir { getattr search };
> +r_dir_file($1_t, device_t)
>  allow $1_t null_device_t:chr_file rw_file_perms;
>  dontaudit $1_t console_device_t:chr_file rw_file_perms;
>  dontaudit $1_t unpriv_userdomain:fd use;
> 
> 

Dan,

I'm at work, so I'll test this later.

Since the AVCs had read/getattr denials
for udev_tdb_t (not device_t), I would think
that we would need a fix like this:

> +r_dir_file($1_t, { device_t udev_tdb_t })

Am I missing something obvious?

tom


-- 
Tom London


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux