From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 18 Dec 2016 22:02:57 +0100 Subject: [refpolicy] [PATCH] udev: manage tmpfs files and directories In-Reply-To: <0659ff80-fa2a-9120-387a-1b2ddf383ba0@gmail.com> References: <1482084808.2921.1.camel@trentalancia.net> <0659ff80-fa2a-9120-387a-1b2ddf383ba0@gmail.com> Message-ID: <1482094977.22132.14.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 18/12/2016 at 21.24 +0100, Dominick Grift via refpolicy wrote: > On 12/18/2016 08:37 PM, cgzones via refpolicy wrote: > > > > Hi, > > on debian with systemd's udev these permissions are not needed, > > maybe > > you can put hem into a ifndef(`init_systemd',...) block? > > > > I do not believe that udev should be able to do this at all. Please > explain why you would want to add these rules It needs the permissions to manage /run during bootup. > > Kindly Regards, > > ?Christian G?ttsche > > > > 2016-12-18 19:13 GMT+01:00 Guido Trentalancia via refpolicy > > : > > > > > > Update the udev module so that the udev domain can manage tmpfs > > > files > > > and directories. > > > > > > Signed-off-by: Guido Trentalancia > > > --- > > > ?policy/modules/system/udev.te |????2 ++ > > > ?1 file changed, 2 insertions(+) > > > > > > --- a/policy/modules/system/udev.te?????2016-09-10 > > > 18:09:13.359710389 +0200 > > > +++ b/policy/modules/system/udev.te?????2016-12-18 > > > 18:09:55.935617782 +0100 > > > @@ -123,6 +126,8 @@ files_getattr_generic_locks(udev_t) > > > ?files_search_mnt(udev_t) > > > > > > ?fs_getattr_all_fs(udev_t) > > > +fs_manage_tmpfs_dirs(udev_t) > > > +fs_manage_tmpfs_files(udev_t) > > > ?fs_list_inotifyfs(udev_t) > > > ?fs_rw_anon_inodefs_files(udev_t) Guido