From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 29 Aug 2012 21:28:46 +0200 Subject: [refpolicy] [PATCH v1 5/5] Udev's tables (run data) is stored in directories In-Reply-To: <1346268526-22260-1-git-send-email-sven.vermeulen@siphos.be> References: <1346268526-22260-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1346268526-22260-6-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com When udev creates a directory to store its runtime data in, it will attempt to relabel the directory too. So allow udev SELinux policy to do so, as well as manage the udev_tbl_t files and directories. Signed-off-by: Sven Vermeulen --- policy/modules/system/udev.te | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index 00fcf27..261055d 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -63,8 +63,11 @@ can_exec(udev_t, udev_helper_exec_t) # read udev config allow udev_t udev_etc_t:file read_file_perms; -# create udev database in /dev/.udevdb -allow udev_t udev_tbl_t:file manage_file_perms; +allow udev_t udev_tbl_t:dir relabelto; +manage_dirs_pattern(udev_t, udev_tbl_t, udev_tbl_t) +manage_files_pattern(udev_t, udev_tbl_t, udev_tbl_t) +manage_lnk_files_pattern(udev_t, udev_tbl_t, udev_tbl_t) + dev_filetrans(udev_t, udev_tbl_t, file) list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t) -- 1.7.8.6