[su] Give more right to control dynamic partitions
This commit is contained in:
parent
7fd5c1e596
commit
e8303f1b67
@ -94,8 +94,8 @@ allow phhsu_daemon phhsu_daemon_tmpfs:file rwx_file_perms;
|
|||||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:file { rwx_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename };
|
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:file { rwx_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename };
|
||||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:lnk_file { rw_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:lnk_file { rw_file_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
||||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:dir { rw_dir_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:dir { rw_dir_perms create mounton setattr getattr relabelto relabelfrom unlink rename};
|
||||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:chr_file { rwx_file_perms unlink rename};
|
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:chr_file { rwx_file_perms unlink rename ioctl};
|
||||||
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:blk_file { rw_file_perms create unlink rename};
|
allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type phhsu_daemon }:blk_file { rw_file_perms create unlink rename ioctl};
|
||||||
|
|
||||||
allow phhsu_daemon device:file rwx_file_perms;
|
allow phhsu_daemon device:file rwx_file_perms;
|
||||||
allow phhsu_daemon device:dir rw_dir_perms;
|
allow phhsu_daemon device:dir rw_dir_perms;
|
||||||
@ -140,3 +140,9 @@ allow phhsu_daemon file_type:file create_file_perms;
|
|||||||
allow phhsu_daemon file_type:dir create_dir_perms;
|
allow phhsu_daemon file_type:dir create_dir_perms;
|
||||||
|
|
||||||
allow phhsu_daemon domain:process { transition };
|
allow phhsu_daemon domain:process { transition };
|
||||||
|
|
||||||
|
|
||||||
|
# 05-09 00:05:30.149 18450 18450 W lprename: type=1400 audit(0.0:40923): avc: denied { ioctl } for path="/dev/block/sda25" dev="tmpfs" ino=19441 ioctlcmd=0x1278 scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:super_block_device:s0 tclass=blk_file permissive=0
|
||||||
|
|
||||||
|
allowxperm phhsu_daemon { file_type block_device }:blk_file ioctl { 0-0xffff };
|
||||||
|
allowxperm phhsu_daemon super_block_device:blk_file ioctl { 0x1278-0x127a };
|
||||||
|
Loading…
Reference in New Issue
Block a user