tf2: Allow reading links

[selinux.git] / tf2 / tf2.te

diff --git a/tf2/tf2.te b/tf2/tf2.te
index 1e08a9f..cce8993 100644 (file)
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.22)
+policy_module(tf2, 0.1.24)
 
 require {
     type default_t;
@@ -30,6 +30,8 @@ corenet_tcp_bind_generic_port(tf2_t)
 corenet_tcp_bind_generic_node(tf2_t)
 
 read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 
 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
@@ -51,3 +53,5 @@ kernel_read_network_state(tf2_t)
 
 # There's a lot of noise from these accesses
 dontaudit tf2_t default_t:dir read;
+
+allow init_t tf2_t:process { noatsecure };