From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 20 Dec 2013 15:18:51 -0500
Subject: [refpolicy] [PATCH 2/2] Allow udev to write in /etc/udev/rules.d
In-Reply-To: <1387210099-30414-2-git-send-email-bigon@debian.org>
References: <1387210099-30414-1-git-send-email-bigon@debian.org>
	<1387210099-30414-2-git-send-email-bigon@debian.org>
Message-ID: <52B4A62B.8010209@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/16/13 11:08, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> Udev is writing persistent rules in /etc/udev/rules.d to ensure the
> network interfaces and storage devices have a persistent name.
> 
> This patch has been taken from the Fedora policy
> ---
>  policy/modules/system/udev.te | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
> index 1643ae0..bcb4bd9 100644
> --- a/policy/modules/system/udev.te
> +++ b/policy/modules/system/udev.te
> @@ -68,7 +68,8 @@ allow udev_t udev_tbl_t:file manage_file_perms;
>  dev_filetrans(udev_t, udev_tbl_t, file)
>  
>  list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)
> -read_files_pattern(udev_t, udev_rules_t, udev_rules_t)
> +manage_files_pattern(udev_t, udev_rules_t, udev_rules_t)
> +manage_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t)
>  
>  manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
>  manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com