X-Git-Url: https://git.camperquake.de/gitweb.cgi?a=blobdiff_plain;ds=sidebyside;f=tf2%2Ftf2.te;h=3e6bcdc5fc11aff3e957987dce2955511851ff13;hb=7951a32abb9f4affd8cf0fb879bf6fce4e960b40;hp=bf69c5d3238e3ee4ffc1d2803f0d1327820869f8;hpb=c226ce3ae21764ee6fabd754bc9a9cc567ba8b46;p=selinux.git

diff --git a/tf2/tf2.te b/tf2/tf2.te
index bf69c5d..3e6bcdc 100644
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.25)
+policy_module(tf2, 0.1.29)
 
 require {
     type default_t;
@@ -17,6 +17,7 @@ type tf2_ro_t;
 files_type(tf2_ro_t)
 
 
+init_domain(tf2_t, tf2_exec_t)
 init_daemon_domain(tf2_t, tf2_exec_t)
 
 allow tf2_t self:process { setsched signal signull };
@@ -38,6 +39,9 @@ manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 
+# TF2 wants to create /tmp/dumps
+files_manage_generic_tmp_dirs(tf2_t)
+
 sysnet_dns_name_resolve(tf2_t)
 
 # Needed to load shared libs
@@ -56,3 +60,4 @@ kernel_read_network_state(tf2_t)
 dontaudit tf2_t default_t:dir read;
 
 allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;