diff options
author | David Howells <dhowells@redhat.com> | 2010-03-25 18:40:01 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2010-03-25 18:40:01 +0000 |
commit | 957323efa5fa95c1f8008145bc0e8d720f4fb153 (patch) | |
tree | 95b1b6c2569f33e965bba98d8bd9f8eadd3d80f1 | |
parent | f90aa81f363c80b901af89f240f52942d7bcec89 (diff) | |
download | cachefilesd-957323efa5fa95c1f8008145bc0e8d720f4fb153.tar.gz |
SELinux: Allow cachefilesd to use rmdir on directories in the cache
Amend the SELinux policy to allow cachefilesd to use rmdir on directories in
the cache. Without this, messages like the following:
node=barsoom.rdu.redhat.com type=AVC msg=audit(1269518332.550:21841): avc:
denied { rmdir } for pid=1670 comm="cachefilesd" name="@b5" dev=dm-0
ino=1177664 scontext=unconfined_u:system_r:cachefilesd_t:s0
tcontext=system_u:object_r:cachefiles_var_t:s0 tclass=dir
in the audit log.
Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r-- | selinux/cachefilesd.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/selinux/cachefilesd.te b/selinux/cachefilesd.te index 61372e6..d76038b 100644 --- a/selinux/cachefilesd.te +++ b/selinux/cachefilesd.te @@ -102,7 +102,7 @@ files_pid_filetrans(cachefilesd_t,cachefilesd_var_run_t,file) allow cachefilesd_t cachefiles_dev_t : chr_file rw_file_perms; # Allow access to cache superstructure -allow cachefilesd_t cachefiles_var_t : dir rw_dir_perms; +allow cachefilesd_t cachefiles_var_t : dir { rw_dir_perms rmdir }; allow cachefilesd_t cachefiles_var_t : file { getattr rename unlink }; # Permit statfs on the backing filesystem |