SELinux: Allow cachefilesd to use rmdir on directories in the cache

Amend the SELinux policy to allow cachefilesd to use rmdir on directories in the cache. Without this, messages like the following: node=barsoom.rdu.redhat.com type=AVC msg=audit(1269518332.550:21841): avc: denied { rmdir } for pid=1670 comm="cachefilesd" name="@b5" dev=dm-0 ino=1177664 scontext=unconfined_u:system_r:cachefilesd_t:s0 tcontext=system_u:object_r:cachefiles_var_t:s0 tclass=dir in the audit log. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2010-03-25 18:40:01 +0000
committer: David Howells <dhowells@redhat.com> 2010-03-25 18:40:01 +0000
commit: 957323efa5fa95c1f8008145bc0e8d720f4fb153 (patch)
tree: 95b1b6c2569f33e965bba98d8bd9f8eadd3d80f1
parent: f90aa81f363c80b901af89f240f52942d7bcec89 (diff)
download: cachefilesd-957323efa5fa95c1f8008145bc0e8d720f4fb153.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/selinux/cachefilesd.te b/selinux/cachefilesd.te
index 61372e6..d76038b 100644
--- a/selinux/cachefilesd.te
+++ b/selinux/cachefilesd.te
@@ -102,7 +102,7 @@ files_pid_filetrans(cachefilesd_t,cachefilesd_var_run_t,file)
 allow cachefilesd_t cachefiles_dev_t : chr_file rw_file_perms;
 
 # Allow access to cache superstructure
-allow cachefilesd_t cachefiles_var_t : dir rw_dir_perms;
+allow cachefilesd_t cachefiles_var_t : dir { rw_dir_perms rmdir };
 allow cachefilesd_t cachefiles_var_t : file { getattr rename unlink };
 
 # Permit statfs on the backing filesystem
author	David Howells <dhowells@redhat.com>	2010-03-25 18:40:01 +0000
committer	David Howells <dhowells@redhat.com>	2010-03-25 18:40:01 +0000
commit	957323efa5fa95c1f8008145bc0e8d720f4fb153 (patch)
tree	95b1b6c2569f33e965bba98d8bd9f8eadd3d80f1
parent	f90aa81f363c80b901af89f240f52942d7bcec89 (diff)
download	cachefilesd-957323efa5fa95c1f8008145bc0e8d720f4fb153.tar.gz