From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 26 Aug 2014 09:15:20 -0400 Subject: [refpolicy] [PATCH 6/7] Add ioctl and lock to manage_lnk_file_perms In-Reply-To: <1408793751-11289-7-git-send-email-nicolas.iooss@m4x.org> References: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org> <1408793751-11289-7-git-send-email-nicolas.iooss@m4x.org> Message-ID: <53FC8868.1030905@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 8/23/2014 7:35 AM, Nicolas Iooss wrote: > manage_lnk_file_perms permission is expected to be larger than > write_lnk_file_perms and therefore include ioctl and lock. > --- > policy/support/obj_perm_sets.spt | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt > index 5e8718a8be67..cefc35f7b547 100644 > --- a/policy/support/obj_perm_sets.spt > +++ b/policy/support/obj_perm_sets.spt > @@ -178,7 +178,7 @@ define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }') > define(`create_lnk_file_perms',`{ create getattr }') > define(`rename_lnk_file_perms',`{ getattr rename }') > define(`delete_lnk_file_perms',`{ getattr unlink }') > -define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename }') > +define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename ioctl lock }') > define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }') > define(`relabelto_lnk_file_perms',`{ getattr relabelto }') > define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }') Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com