commit: 15b931e08acd789f7fc9bdf35c8866a263a8417b
Author: Luis Ressel <aranea <AT> aixah <DOT> de>
AuthorDate: Sun Nov 27 15:06:24 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 27 16:05:00 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=15b931e0
modutils.te: Re-add custom gentoo changes
TODO: Check if we indeed still need those permissions.
policy/modules/system/modutils.te | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/system/modutils.te
b/policy/modules/system/modutils.te
index 3bf9bff..b516d99 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -180,3 +180,22 @@ optional_policy(`
xserver_getattr_log(kmod_t)
')
+optional_policy(`
+ dracut_rw_tmp_files(kmod_t)
+')
+
+ifdef(`distro_gentoo',`
+ ############################
+ #
+ # insmod_t
+ #
+
+ # During "make modules_install" temp files created by admin
+ # that invoked the command are later used by kmod.
+ userdom_manage_user_tmp_files(kmod_t)
+ userdom_manage_user_tmp_dirs(kmod_t)
+
+ files_list_src(kmod_t)
+ files_manage_src_files(kmod_t)
+ files_manage_kernel_modules(kmod_t)
+')
