Mostly to allow xen/cifs/nfs file management Index: refpolicy/policy/modules/system/fstools.if =================================================================== --- refpolicy.orig/policy/modules/system/fstools.if 2008-07-19 19:15:43.000000000 +0200 +++ refpolicy/policy/modules/system/fstools.if 2008-08-03 18:06:57.000000000 +0200 @@ -142,3 +142,21 @@ allow $1 swapfile_t:file getattr; ') + +######################################## +## <summary> +## Send signal to fsadm process +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`fstools_signal',` + gen_require(` + type fsadm_t; + ') + + allow $1 fsadm_t:process signal; +') Index: refpolicy/policy/modules/system/fstools.te =================================================================== --- refpolicy.orig/policy/modules/system/fstools.te 2008-07-19 19:15:43.000000000 +0200 +++ refpolicy/policy/modules/system/fstools.te 2008-08-03 18:06:57.000000000 +0200 @@ -97,6 +97,10 @@ fs_getattr_tmpfs_dirs(fsadm_t) fs_read_tmpfs_symlinks(fsadm_t) +fs_manage_nfs_files(fsadm_t) + +fs_manage_cifs_files(fsadm_t) + mls_file_read_all_levels(fsadm_t) mls_file_write_all_levels(fsadm_t) @@ -184,4 +188,9 @@ optional_policy(` xen_append_log(fsadm_t) + xen_rw_image_files(fsadm_t) +') + +optional_policy(` + unconfined_domain(fsadm_t) ') -- David Härdeman -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
