modutils: kmod_tmpfiles_conf_t create should be allowed even for openrc

author: Jason Zaman <jason@perfinion.com> 2017-05-07 11:24:40 +0800
committer: Jason Zaman <jason@perfinion.com> 2017-05-08 01:40:29 +0800
commit: 77bed1b44f95619267e8a36a197fc6b5513e11ed (patch)
tree: 73ecbaee1e9c08f190e8169defe7bbda8251d64a
parent: consolekit: allow run fifo_files (diff)
download: hardened-refpolicy-77bed1b4.tar.gz
hardened-refpolicy-77bed1b4.tar.bz2
hardened-refpolicy-77bed1b4.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 1c52e0b58..808313203 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -49,6 +49,7 @@ manage_files_pattern(kmod_t, modules_dep_t, modules_dep_t)
 filetrans_add_pattern(kmod_t, modules_object_t, modules_dep_t, file)
 create_files_pattern(kmod_t, modules_object_t, modules_dep_t)
 delete_files_pattern(kmod_t, modules_object_t, modules_dep_t)
+allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms;
 
 can_exec(kmod_t, kmod_exec_t)
 
@@ -115,8 +116,6 @@ userdom_use_user_terminals(kmod_t)
 userdom_dontaudit_search_user_home_dirs(kmod_t)
 
 ifdef(`init_systemd',`
-	# for /run/tmpfiles.d/kmod.conf
-	allow kmod_t kmod_tmpfiles_conf_t:file manage_file_perms;
 	# kmod needs to create /run/tmpdiles.d
 	systemd_tmpfiles_creator(kmod_t)
author	Jason Zaman <jason@perfinion.com>	2017-05-07 11:24:40 +0800
committer	Jason Zaman <jason@perfinion.com>	2017-05-08 01:40:29 +0800
commit	77bed1b44f95619267e8a36a197fc6b5513e11ed (patch)
tree	73ecbaee1e9c08f190e8169defe7bbda8251d64a
parent	consolekit: allow run fifo_files (diff)
download	hardened-refpolicy-77bed1b4.tar.gz hardened-refpolicy-77bed1b4.tar.bz2 hardened-refpolicy-77bed1b4.zip