From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 4 May 2012 10:49:28 -0400
Subject: [refpolicy] [PATCH 1/1] Recent lvm utilities now use setfscreate
In-Reply-To: <20120501082310.GI32060@siphos.be>
References: <20120501082310.GI32060@siphos.be>
Message-ID: <4FA3EC78.1020208@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/01/12 04:23, Sven Vermeulen wrote:
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/lvm.te |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
> index 6a87211..fcdcb32 100644
> --- a/policy/modules/system/lvm.te
> +++ b/policy/modules/system/lvm.te
> @@ -167,7 +167,7 @@ optional_policy(`
>  # net_admin for multipath
>  allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio net_admin };
>  dontaudit lvm_t self:capability sys_tty_config;
> -allow lvm_t self:process { sigchld sigkill sigstop signull signal };
> +allow lvm_t self:process { sigchld sigkill sigstop signull signal setfscreate };
>  # LVM will complain a lot if it cannot set its priority.
>  allow lvm_t self:process setsched;
>  allow lvm_t self:file rw_file_perms;

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com