commit: f17aea4c3e4b4c9848d7fe4132cf8652ba3f58a6
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Sep 10 12:49:59 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep 10 12:49:59 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f17aea4c
files: Allow files_*_etc_files to map files
policy/modules/kernel/files.if | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 7a15f1dd..f2b76f86 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -2920,6 +2920,7 @@ interface(`files_read_etc_files',`
')
allow $1 etc_t:dir list_dir_perms;
+ allow $1 etc_t:file map;
read_files_pattern($1, etc_t, etc_t)
read_lnk_files_pattern($1, etc_t, etc_t)
')
@@ -2959,6 +2960,7 @@ interface(`files_rw_etc_files',`
')
allow $1 etc_t:dir list_dir_perms;
+ allow $1 etc_t:file map;
rw_files_pattern($1, etc_t, etc_t)
read_lnk_files_pattern($1, etc_t, etc_t)
')
@@ -2980,6 +2982,7 @@ interface(`files_manage_etc_files',`
type etc_t;
')
+ allow $1 etc_t:file map;
manage_files_pattern($1, etc_t, etc_t)
read_lnk_files_pattern($1, etc_t, etc_t)
')
