From: domg472@gmail.com (Dominick Grift) Date: Mon, 14 Feb 2011 21:43:34 +0100 Subject: [refpolicy] [ access_vectors patch 1/2] Add access vectors: audit_access, read_policy. Message-ID: <20110214204329.GA9388@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I guess read_policy is a permissive required together with read_file_perms for /selinux/policy. What audit_access actually does i do not know. Also i re-ordered execmod and open because currently it was not complete. Signed-off-by: Dominick Grift --- :100644 100644 0ef9b12... 1966443... M policy/flask/access_vectors policy/flask/access_vectors | 18 ++++-------------- 1 files changed, 4 insertions(+), 14 deletions(-) diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 0ef9b12..1966443 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -27,6 +27,9 @@ common file swapon quotaon mounton + audit_access + open + execmod } @@ -152,7 +155,6 @@ inherits file reparent search rmdir - open } class file @@ -160,8 +162,6 @@ inherits file { execute_no_trans entrypoint - execmod - open } class lnk_file @@ -172,27 +172,16 @@ inherits file { execute_no_trans entrypoint - execmod - open } class blk_file inherits file -{ - open -} class sock_file inherits file -{ - open -} class fifo_file inherits file -{ - open -} class fd { @@ -363,6 +352,7 @@ class security setbool setsecparam setcheckreqprot + read_policy } -- 1.7.4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110214/4436a879/attachment.bin