commit: 77bed1b44f95619267e8a36a197fc6b5513e11ed
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun May 7 03:24:40 2017 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun May 7 17:40:29 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=77bed1b4
modutils: kmod_tmpfiles_conf_t create should be allowed even for openrc
policy/modules/system/modutils.te | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/policy/modules/system/modutils.te
b/policy/modules/system/modutils.te
index 1c52e0b5..80831320 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -49,6 +49,7 @@ manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t)
filetrans_add_pattern(kmod_t, modules_object_t, modules_dep_t, file)
create_files_pattern(kmod_t, modules_object_t, modules_dep_t)
delete_files_pattern(kmod_t, modules_object_t, modules_dep_t)
+allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms;
can_exec(kmod_t, kmod_exec_t)
@@ -115,8 +116,6 @@ userdom_use_user_terminals(kmod_t)
userdom_dontaudit_search_user_home_dirs(kmod_t)
ifdef(`init_systemd',`
- # for /run/tmpfiles.d/kmod.conf
- allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms;
# kmod needs to create /run/tmpdiles.d
systemd_tmpfiles_creator(kmod_t)
