git://git.camperquake.de
/
selinux.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
tf2: Allow creation of directories in /tmp
[selinux.git]
/
tf2
/
tf2.te
diff --git
a/tf2/tf2.te
b/tf2/tf2.te
index
fd3f755
..
3e6bcdc
100644
(file)
--- a/
tf2/tf2.te
+++ b/
tf2/tf2.te
@@
-1,4
+1,4
@@
-policy_module(tf2, 0.1.2
2
)
+policy_module(tf2, 0.1.2
9
)
require {
type default_t;
require {
type default_t;
@@
-17,6
+17,7
@@
type tf2_ro_t;
files_type(tf2_ro_t)
files_type(tf2_ro_t)
+init_domain(tf2_t, tf2_exec_t)
init_daemon_domain(tf2_t, tf2_exec_t)
allow tf2_t self:process { setsched signal signull };
init_daemon_domain(tf2_t, tf2_exec_t)
allow tf2_t self:process { setsched signal signull };
@@
-30,11
+31,17
@@
corenet_tcp_bind_generic_port(tf2_t)
corenet_tcp_bind_generic_node(tf2_t)
read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
corenet_tcp_bind_generic_node(tf2_t)
read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+mmap_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
+# TF2 wants to create /tmp/dumps
+files_manage_generic_tmp_dirs(tf2_t)
+
sysnet_dns_name_resolve(tf2_t)
# Needed to load shared libs
sysnet_dns_name_resolve(tf2_t)
# Needed to load shared libs
@@
-53,3
+60,4
@@
kernel_read_network_state(tf2_t)
dontaudit tf2_t default_t:dir read;
allow init_t tf2_t:process { noatsecure };
dontaudit tf2_t default_t:dir read;
allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;