From: bigon@debian.org (Laurent Bigonville)
Date: Mon, 16 Dec 2013 17:08:19 +0100
Subject: [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d
In-Reply-To: <1387210099-30414-1-git-send-email-bigon@debian.org>
References: <1387210099-30414-1-git-send-email-bigon@debian.org>
Message-ID: <1387210099-30414-2-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Udev is writing persistent rules in /etc/udev/rules.d to ensure the
network interfaces and storage devices have a persistent name.

This patch has been taken from the Fedora policy
---
 policy/modules/system/udev.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 1643ae0..bcb4bd9 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -68,7 +68,8 @@ allow udev_t udev_tbl_t:file manage_file_perms;
 dev_filetrans(udev_t, udev_tbl_t, file)
 
 list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)
-read_files_pattern(udev_t, udev_rules_t, udev_rules_t)
+manage_files_pattern(udev_t, udev_rules_t, udev_rules_t)
+manage_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t)
 
 manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
-- 
1.8.5.1