Call init_domain() in addition to init_daemon_domain(), this adds permissions needed...

[selinux.git] / ts3 / ts3.te

diff --git a/ts3/ts3.te b/ts3/ts3.te
index 3688ad6..4afdf06 100644 (file)
--- a/ts3/ts3.te
+++ b/ts3/ts3.te
@@ -1,4 +1,4 @@
-policy_module(ts3, 0.1.23)
+policy_module(ts3, 0.1.29)
 
 # File context for the executable process
 type ts3_t;
@@ -10,6 +10,7 @@ files_type(ts3_rw_t)
 type ts3_ro_t;
 files_type(ts3_ro_t)
 
+init_domain(ts3_t, ts3_exec_t)
 init_daemon_domain(ts3_t, ts3_exec_t)
 
 corenet_udp_sendrecv_generic_port(ts3_t)
@@ -23,11 +24,15 @@ allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket
 
 read_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
 list_dirs_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
+mmap_exec_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
 
 manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+mmap_exec_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 
+mmap_exec_files_pattern(ts3_t, tmpfs_t, tmpfs_t)
+
 sysnet_dns_name_resolve(ts3_t)
 
 # Needed to load shared libraries