From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Sat, 23 Aug 2014 13:35:50 +0200
Subject: [refpolicy] [PATCH 6/7] Add ioctl and lock to manage_lnk_file_perms
In-Reply-To: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org>
References: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <1408793751-11289-7-git-send-email-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

manage_lnk_file_perms permission is expected to be larger than
write_lnk_file_perms and therefore include ioctl and lock.
---
 policy/support/obj_perm_sets.spt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index 5e8718a8be67..cefc35f7b547 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -178,7 +178,7 @@ define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }')
 define(`create_lnk_file_perms',`{ create getattr }')
 define(`rename_lnk_file_perms',`{ getattr rename }')
 define(`delete_lnk_file_perms',`{ getattr unlink }')
-define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename }')
+define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename ioctl lock }')
 define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
 define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
-- 
2.0.4