From: dac.override@gmail.com (Dominick Grift) Date: Sun, 18 Dec 2016 22:04:07 +0100 Subject: [refpolicy] [PATCH] udev: manage tmpfs files and directories In-Reply-To: <1482094977.22132.14.camel@trentalancia.net> References: <1482084808.2921.1.camel@trentalancia.net> <0659ff80-fa2a-9120-387a-1b2ddf383ba0@gmail.com> <1482094977.22132.14.camel@trentalancia.net> Message-ID: <974616ad-cb9d-107c-4a29-88d4a31b77ab@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/18/2016 10:02 PM, Guido Trentalancia via refpolicy wrote: > On Sun, 18/12/2016 at 21.24 +0100, Dominick Grift via refpolicy wrote: >> On 12/18/2016 08:37 PM, cgzones via refpolicy wrote: >>> >>> Hi, >>> on debian with systemd's udev these permissions are not needed, >>> maybe >>> you can put hem into a ifndef(`init_systemd',...) block? >>> >> >> I do not believe that udev should be able to do this at all. Please >> explain why you would want to add these rules > > It needs the permissions to manage /run during bootup. I see. Yes that makes sense i suppose. > >>> Kindly Regards, >>> Christian G?ttsche >>> >>> 2016-12-18 19:13 GMT+01:00 Guido Trentalancia via refpolicy >>> : >>>> >>>> Update the udev module so that the udev domain can manage tmpfs >>>> files >>>> and directories. >>>> >>>> Signed-off-by: Guido Trentalancia >>>> --- >>>> policy/modules/system/udev.te | 2 ++ >>>> 1 file changed, 2 insertions(+) >>>> >>>> --- a/policy/modules/system/udev.te 2016-09-10 >>>> 18:09:13.359710389 +0200 >>>> +++ b/policy/modules/system/udev.te 2016-12-18 >>>> 18:09:55.935617782 +0100 >>>> @@ -123,6 +126,8 @@ files_getattr_generic_locks(udev_t) >>>> files_search_mnt(udev_t) >>>> >>>> fs_getattr_all_fs(udev_t) >>>> +fs_manage_tmpfs_dirs(udev_t) >>>> +fs_manage_tmpfs_files(udev_t) >>>> fs_list_inotifyfs(udev_t) >>>> fs_rw_anon_inodefs_files(udev_t) > > Guido > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161218/c63db070/attachment.bin