From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 3 Dec 2013 13:30:08 -0500
Subject: [refpolicy] [PATCH 07/39] setrans: needs to be able to get
 attributes of selinuxfs, else fails to start in Debian
In-Reply-To: <1383990320-3340-7-git-send-email-dominick.grift@gmail.com>
References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com>
	<1383990320-3340-7-git-send-email-dominick.grift@gmail.com>
Message-ID: <529E2330.4050804@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/09/13 04:44, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/system/setrans.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
> index 8e1e27d..48aefa2 100644
> --- a/policy/modules/system/setrans.te
> +++ b/policy/modules/system/setrans.te
> @@ -67,6 +67,7 @@ mls_socket_write_all_levels(setrans_t)
>  mls_process_read_up(setrans_t)
>  mls_socket_read_all_levels(setrans_t)
>  
> +selinux_getattr_fs(setrans_t)
>  selinux_compute_access_vector(setrans_t)
>  
>  term_dontaudit_use_generic_ptys(setrans_t)
 
Instead of merging this, I replaced the seutil_read_config() with seutil_libselinux_linked().  It has the above access that you wanted to add.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com