From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 26 Aug 2014 09:15:20 -0400
Subject: [refpolicy] [PATCH 6/7] Add ioctl and lock to
	manage_lnk_file_perms
In-Reply-To: <1408793751-11289-7-git-send-email-nicolas.iooss@m4x.org>
References: <1408793751-11289-1-git-send-email-nicolas.iooss@m4x.org>
	<1408793751-11289-7-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <53FC8868.1030905@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 8/23/2014 7:35 AM, Nicolas Iooss wrote:
> manage_lnk_file_perms permission is expected to be larger than
> write_lnk_file_perms and therefore include ioctl and lock.
> ---
>  policy/support/obj_perm_sets.spt | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
> index 5e8718a8be67..cefc35f7b547 100644
> --- a/policy/support/obj_perm_sets.spt
> +++ b/policy/support/obj_perm_sets.spt
> @@ -178,7 +178,7 @@ define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }')
>  define(`create_lnk_file_perms',`{ create getattr }')
>  define(`rename_lnk_file_perms',`{ getattr rename }')
>  define(`delete_lnk_file_perms',`{ getattr unlink }')
> -define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename }')
> +define(`manage_lnk_file_perms',`{ create read write getattr setattr link unlink rename ioctl lock }')
>  define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
>  define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
>  define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com