Most of the changes here are in a distro_redhat block and shouldn't be controversial... Index: refpolicy/policy/modules/admin/bootloader.if =================================================================== --- refpolicy.orig/policy/modules/admin/bootloader.if 2008-08-03 16:47:00.000000000 +0200 +++ refpolicy/policy/modules/admin/bootloader.if 2008-08-03 21:09:17.000000000 +0200 @@ -49,6 +49,11 @@ role $2 types bootloader_t; allow bootloader_t $3:chr_file rw_term_perms; + + ifdef(`distro_redhat',` + # for mke2fs + mount_run(bootloader_t, $2, $3) + ') ') ######################################## Index: refpolicy/policy/modules/admin/bootloader.te =================================================================== --- refpolicy.orig/policy/modules/admin/bootloader.te 2008-08-03 16:47:00.000000000 +0200 +++ refpolicy/policy/modules/admin/bootloader.te 2008-08-03 21:09:17.000000000 +0200 @@ -218,3 +218,7 @@ optional_policy(` sysadm_dontaudit_search_home_dirs(bootloader_t) ') + +optional_policy(` + unconfined_domain(bootloader_t) +') -- David Härdeman -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
