From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 24 Jun 2012 20:05:14 +0200
Subject: [refpolicy] [PATCH v2 4/5] Grant dracut_manage_tmp_files to domains
 called by dracut
In-Reply-To: <20120624180258.GA11810@siphos.be>
References: <20120624180258.GA11810@siphos.be>
Message-ID: <20120624180514.GE11810@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The dracut application calls, amongst other applications, ldconfig and depmod
and gets them to write information in a temporary location created by dracut.
This allows those domains manage access to these locations.

Write privileges alone were not sufficient as new files were created as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/libraries.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 992d105..834b7fe 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -131,6 +131,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	dracut_manage_tmp_files(ldconfig_t)
+')
+
+optional_policy(`
 	puppet_rw_tmp(ldconfig_t)
 ')
 
-- 
1.7.3.4