When using kdevtmpfs, the kernel domain needs the
dev_manage_all_dev_nodes(kernel_t) permission (for example on
(un)plugging USB devices).
The permissions which are currently granted don't suffice
(dev_create_generic_chr_files(kernel_t) etc.), as it also has to
operate on mouse_device_t, usb_device_t and other device_node devices.
Regards,
Luis Ressel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20131102/1c502e72/attachment.bin