From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 14 Feb 2011 09:01:00 -0500 Subject: [refpolicy] [PATCH 1/1] Allow mdadm to generate uevents (write to /sys/.../uevent) when raids are (dis)assembled In-Reply-To: <20110202193720.GA12476@siphos.be> References: <20110202193720.GA12476@siphos.be> Message-ID: <4D59359C.9070604@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 2/2/2011 2:37 PM, Sven Vermeulen wrote: > The mdadm application will write into /sys/.../uevent whenever arrays are > assembled or disassembled. Merged. > Signed-off-by: Sven Vermeulen > --- > policy/modules/system/raid.te | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te > index 09845c4..e5e61c5 100644 > --- a/policy/modules/system/raid.te > +++ b/policy/modules/system/raid.te > @@ -42,7 +42,7 @@ kernel_getattr_core_if(mdadm_t) > corecmd_exec_bin(mdadm_t) > corecmd_exec_shell(mdadm_t) > > -dev_read_sysfs(mdadm_t) > +dev_rw_sysfs(mdadm_t) > # Ignore attempts to read every device file > dev_dontaudit_getattr_all_blk_files(mdadm_t) > dev_dontaudit_getattr_all_chr_files(mdadm_t) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com