diff options
Diffstat (limited to 'policy/modules/system/fstools.te')
| -rw-r--r-- | policy/modules/system/fstools.te | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te index 0e3a98967..b2d22e90a 100644 --- a/policy/modules/system/fstools.te +++ b/policy/modules/system/fstools.te @@ -34,6 +34,7 @@ ifdef(`distro_gentoo',` # ipc_lock is for losetup allow fsadm_t self:capability { dac_override dac_read_search ipc_lock sys_admin sys_rawio sys_resource sys_tty_config }; +dontaudit fsadm_t self:capability net_admin; allow fsadm_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition execstack setkeycreate setsockcreate getrlimit }; allow fsadm_t self:fd use; allow fsadm_t self:fifo_file rw_fifo_file_perms; @@ -123,6 +124,8 @@ files_manage_lost_found(fsadm_t) files_manage_etc_runtime_files(fsadm_t) files_etc_filetrans_etc_runtime(fsadm_t, file) +fs_getattr_cgroup(fsadm_t) +fs_getattr_dos_fs(fsadm_t) fs_rw_all_image_files(fsadm_t) fs_search_auto_mountpoints(fsadm_t) fs_getattr_xattr_fs(fsadm_t) @@ -135,6 +138,8 @@ fs_list_auto_mountpoints(fsadm_t) fs_search_tmpfs(fsadm_t) fs_getattr_tmpfs_dirs(fsadm_t) fs_read_tmpfs_symlinks(fsadm_t) +# for fstrim +files_manage_boot_dirs(fsadm_t) # Recreate /mnt/cdrom. files_manage_mnt_dirs(fsadm_t) # for tune2fs @@ -145,6 +150,8 @@ mls_file_write_all_levels(fsadm_t) selinux_getattr_fs(fsadm_t) +storage_dev_filetrans_fixed_disk(fsadm_t, chr_file, "megaraid_sas_ioctl_node") +storage_manage_fixed_disk(fsadm_t) storage_raw_read_fixed_disk(fsadm_t) storage_raw_write_fixed_disk(fsadm_t) storage_raw_read_removable_device(fsadm_t) @@ -157,6 +164,8 @@ term_use_console(fsadm_t) init_use_fds(fsadm_t) init_use_script_ptys(fsadm_t) init_dontaudit_getattr_initctl(fsadm_t) +# for systemd-fsckd to access /proc/1/environ +init_read_state(fsadm_t) init_rw_script_stream_sockets(fsadm_t) logging_send_syslog_msg(fsadm_t) @@ -200,6 +209,10 @@ optional_policy(` ') optional_policy(` + fsdaemon_read_lib(fsadm_t) +') + +optional_policy(` livecd_rw_tmp_files(fsadm_t) ') @@ -213,6 +226,10 @@ optional_policy(` ') optional_policy(` + mon_dontaudit_use_fds(fsadm_t) +') + +optional_policy(` nis_use_ypbind(fsadm_t) ') |