Linux-Help/selinux-mlogc
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Added cert_t and urandom access

Browse source
This commit is contained in:
Eric Renfro 2015-11-09 02:57:27 -05:00
parent 9265dff6d1
commit df7f2cd60d
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
mlogc.te
View file

@ -1,5 +1,5 @@
policy_module(mlogc,1.0.42) policy_module(mlogc,1.0.43)
######################################## ########################################
# #
@ -22,7 +22,7 @@ type mlogc_tmp_t;
files_tmp_file(mlogc_tmp_t) files_tmp_file(mlogc_tmp_t)
require { require {
#type cert_t; type cert_t;
type mlogc_log_t; type mlogc_log_t;
#type urandom_device_t; #type urandom_device_t;
type mlogc_t; type mlogc_t;
@ -110,6 +110,11 @@ allow mlogc_t http_port_t:tcp_socket name_connect;
allow mlogc_t self:tcp_socket { write read }; allow mlogc_t self:tcp_socket { write read };
allow mlogc_t self:tcp_socket { connect getopt getattr create setopt }; allow mlogc_t self:tcp_socket { connect getopt getattr create setopt };
allow mlogc_t cert_t:dir getattr;
allow mlogc_t cert_t:file { read getattr open lock };
allow mlogc_t urandom_device_t:chr_file { read getattr open };
#allow mlogc_t http_port_t:tcp_socket { create connect name_connect getopt getattr setopt }; #allow mlogc_t http_port_t:tcp_socket { create connect name_connect getopt getattr setopt };
#allow mlogc_t cert_t:dir { write getattr }; #allow mlogc_t cert_t:dir { write getattr };