From e81afdf5c971f26f290eb422230b45c688ec5a79 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Sep 09 2010 18:26:32 +0000 Subject: raid tools now store pid file and sock_file in /dev/md for early boot. --- diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index b42af1b..23a1d11 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -154,7 +154,9 @@ ifdef(`distro_gentoo',` /opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) -/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0) +/opt/google/talkplugin/cron(/.*)? gen_context(system_u:object_r:bin_t,s0) + +/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0) /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/system/raid.fc b/policy/modules/system/raid.fc index ed9c70d..1eed007 100644 --- a/policy/modules/system/raid.fc +++ b/policy/modules/system/raid.fc @@ -1,4 +1,5 @@ -/dev/.mdadm.map -- gen_context(system_u:object_r:mdadm_map_t,s0) +/dev/.mdadm\.map -- gen_context(system_u:object_r:mdadm_map_t,s0) +/dev/md(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0) /sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0) /sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0) diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te index 2fe5969..afb14e9 100644 --- a/policy/modules/system/raid.te +++ b/policy/modules/system/raid.te @@ -15,6 +15,7 @@ files_type(mdadm_map_t) type mdadm_var_run_t; files_pid_file(mdadm_var_run_t) +dev_associate(mdadm_var_run_t) ######################################## # @@ -32,7 +33,9 @@ dev_filetrans(mdadm_t, mdadm_map_t, file) manage_dirs_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t) manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t) +manage_sock_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t) files_pid_filetrans(mdadm_t, mdadm_var_run_t, { file dir }) +dev_filetrans(mdadm_t, mdadm_var_run_t, { file dir sock_file }) kernel_read_system_state(mdadm_t) kernel_read_kernel_sysctls(mdadm_t)