Call init_domain() in addition to init_daemon_domain(), this adds permissions needed...

[selinux.git] / tf2 / tf2.te

diff --git a/tf2/tf2.te b/tf2/tf2.te
index bf69c5d..1ef83e4 100644 (file)
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.25)
+policy_module(tf2, 0.1.28)
 
 require {
     type default_t;
@@ -17,6 +17,7 @@ type tf2_ro_t;
 files_type(tf2_ro_t)
 
 
+init_domain(tf2_t, tf2_exec_t)
 init_daemon_domain(tf2_t, tf2_exec_t)
 
 allow tf2_t self:process { setsched signal signull };
@@ -56,3 +57,4 @@ kernel_read_network_state(tf2_t)
 dontaudit tf2_t default_t:dir read;
 
 allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;