From: jason@perfinion.com (Jason Zaman)
Date: Sun, 31 Jul 2016 22:24:30 +0800
Subject: [refpolicy] [PATCH] rpcbind needs to read sysfs
In-Reply-To: <20160731092708.r3otc6nhhe5keo4w@athena.coker.com.au>
References: <20160731092708.r3otc6nhhe5keo4w@athena.coker.com.au>
Message-ID: <20160731142430.GA8181@meriadoc>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, Jul 31, 2016 at 07:27:09PM +1000, Russell Coker wrote:
> Tiny patch for rpcbind to read sysfs.
> 
> 
> diff -ruN /home/rjc/src/pol-git/policy/modules/contrib/rpcbind.te ./policy/modules/contrib/rpcbind.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/rpcbind.te	2016-07-30 08:14:41.145651133 +1000
> +++ ./policy/modules/contrib/rpcbind.te	2016-07-31 19:26:02.416587318 +1000
> @@ -39,6 +39,9 @@
>  manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
>  files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
>  
> +# for /sys/devices/system/cpu/online
> +dev_read_sysfs(rpcbind_t)
We have this interface now instead: dev_read_cpu_online()
that file is labelled cpu_online_t now.
> +
>  kernel_read_system_state(rpcbind_t)
>  kernel_read_network_state(rpcbind_t)
>  kernel_request_load_module(rpcbind_t)
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy