[DSE-Dev] Bug#875676: also needs other access
Russell Coker
russell at coker.com.au
Wed Sep 13 12:36:06 UTC 2017
fs_unmount_xattr_fs(bootloader_t)
allow bootloader_t bootloader_tmp_t:dir mounton;
files_search_mnt(bootloader_t)
fs_mount_fusefs(bootloader_t)
fs_mounton_fusefs(bootloader_t)
fs_read_fusefs_symlinks(bootloader_t)
fs_read_fusefs_files(bootloader_t)
fs_stat_fusefs(bootloader_t)
fs_unmount_fusefs(bootloader_t)
fstools_manage_runfile(bootloader_t)
mount_rw_runfiles(bootloader_t)
dpkg_rw_pipes(bootloader_t)
storage_rw_fuse(bootloader_t)
udev_read_pid_files(bootloader_t)
raid_manage_mdadm_pid(bootloader_t)
bootloader_t needs the above access to make initramfs images, to talk to
dpkg_t, and to correctly recognise software RAID installations. It also needs
to send sigchild to dpkg_t for when it's run from a kernel image postinst.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel
mailing list