From: guido@trentalancia.net (Guido Trentalancia)
Date: Sun, 14 Aug 2016 22:55:49 +0200 (CEST)
Subject: [refpolicy] [PATCH] Update the lvm module
Message-ID: <1426268394.997176.1471208149952.JavaMail.open-xchange@popper06.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Update the lvm module to add a permission needed by cryptsetup.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/system/lvm.te |    5 +++++
 1 file changed, 5 insertions(+)

--- refpolicy-git-06082016-orig/policy/modules/system/lvm.te	2016-08-06
21:26:43.305774396 +0200
+++ refpolicy-git-06082016/policy/modules/system/lvm.te	2016-08-14
22:46:26.233136106 +0200
@@ -179,6 +179,7 @@ allow lvm_t self:fifo_file manage_fifo_f
 allow lvm_t self:unix_dgram_socket create_socket_perms;
 allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
 allow lvm_t self:sem create_sem_perms;
+allow lvm_t self:socket create_stream_socket_perms;
 
 allow lvm_t self:unix_stream_socket { connectto create_stream_socket_perms };
 allow lvm_t clvmd_t:unix_stream_socket { connectto rw_socket_perms };
@@ -253,6 +254,8 @@ dev_dontaudit_getattr_generic_chr_files(
 dev_dontaudit_getattr_generic_blk_files(lvm_t)
 dev_dontaudit_getattr_generic_pipes(lvm_t)
 dev_create_generic_dirs(lvm_t)
+# the following one is needed by cryptsetup
+dev_getattr_fs(lvm_t)
 
 domain_use_interactive_fds(lvm_t)
 domain_read_all_domains_state(lvm_t)