On Mon, 2008-08-04 at 14:35 +0200, david@xxxxxxxxxxx wrote: > plain text document attachment (policy_modules_admin_bootloader.patch) > Most of the changes here are in a distro_redhat block and shouldn't be > controversial... Merged. I moved the unconfined into the distro_redhat. > Index: refpolicy/policy/modules/admin/bootloader.if > =================================================================== > --- refpolicy.orig/policy/modules/admin/bootloader.if 2008-08-03 16:47:00.000000000 +0200 > +++ refpolicy/policy/modules/admin/bootloader.if 2008-08-03 21:09:17.000000000 +0200 > @@ -49,6 +49,11 @@ > > role $2 types bootloader_t; > allow bootloader_t $3:chr_file rw_term_perms; > + > + ifdef(`distro_redhat',` > + # for mke2fs > + mount_run(bootloader_t, $2, $3) > + ') > ') > > ######################################## > Index: refpolicy/policy/modules/admin/bootloader.te > =================================================================== > --- refpolicy.orig/policy/modules/admin/bootloader.te 2008-08-03 16:47:00.000000000 +0200 > +++ refpolicy/policy/modules/admin/bootloader.te 2008-08-03 21:09:17.000000000 +0200 > @@ -218,3 +218,7 @@ > optional_policy(` > sysadm_dontaudit_search_home_dirs(bootloader_t) > ') > + > +optional_policy(` > + unconfined_domain(bootloader_t) > +') > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
