diff options
Diffstat (limited to 'policy/modules/kernel/files.if')
| -rw-r--r-- | policy/modules/kernel/files.if | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 29c8b72f3..e0337d044 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -6912,6 +6912,24 @@ interface(`files_rw_runtime_dirs',` ######################################## ## <summary> +## Watch /var/lib directories. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`files_watch_var_lib_dirs',` + gen_require(` + type var_lib_t; + ') + + allow $1 var_lib_t:dir watch; +') + +######################################## +## <summary> ## Watch /var/run directories. ## </summary> ## <param name="domain"> @@ -6930,6 +6948,24 @@ interface(`files_watch_runtime_dirs',` ######################################## ## <summary> +## Watch /var directories. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`files_watch_var_dirs',` + gen_require(` + type var_t; + ') + + allow $1 var_t:dir watch; +') + +######################################## +## <summary> ## Read generic runtime files. ## </summary> ## <param name="domain"> |