This patch defines rw_inherited_file_perms. It's needed by a few patches
I'm going to send soon so I need to get it in before they go in.
Also it's generally a good thing to have. We should reconsider some of the
other policy for whether it should use this.
Index: refpolicy-2.20170221/policy/support/obj_perm_sets.spt
===================================================================
--- refpolicy-2.20170221.orig/policy/support/obj_perm_sets.spt
+++ refpolicy-2.20170221/policy/support/obj_perm_sets.spt
@@ -158,7 +158,8 @@ define(`mmap_file_perms',`{ getattr open
define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
define(`append_file_perms',`{ getattr open append lock ioctl }')
define(`write_file_perms',`{ getattr open write append lock ioctl }')
-define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
+define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
+define(`rw_file_perms',`{ open rw_inherited_file_perms }')
define(`create_file_perms',`{ getattr create open }')
define(`rename_file_perms',`{ getattr rename }')
define(`delete_file_perms',`{ getattr unlink }')
On 02/22/17 23:14, Russell Coker via refpolicy wrote:
> This patch defines rw_inherited_file_perms. It's needed by a few patches
> I'm going to send soon so I need to get it in before they go in.
>
> Also it's generally a good thing to have. We should reconsider some of the
> other policy for whether it should use this.
>
> Index: refpolicy-2.20170221/policy/support/obj_perm_sets.spt
> ===================================================================
> --- refpolicy-2.20170221.orig/policy/support/obj_perm_sets.spt
> +++ refpolicy-2.20170221/policy/support/obj_perm_sets.spt
> @@ -158,7 +158,8 @@ define(`mmap_file_perms',`{ getattr open
> define(`exec_file_perms',`{ getattr open read execute ioctl execute_no_trans }')
> define(`append_file_perms',`{ getattr open append lock ioctl }')
> define(`write_file_perms',`{ getattr open write append lock ioctl }')
> -define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
> +define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
> +define(`rw_file_perms',`{ open rw_inherited_file_perms }')
> define(`create_file_perms',`{ getattr create open }')
> define(`rename_file_perms',`{ getattr rename }')
> define(`delete_file_perms',`{ getattr unlink }')
Merged.
--
Chris PeBenito