commit: 1487f95addb4ccbcc6e0bb6164b39b72e345f532
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Aug 23 11:35:50 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Aug 26 14:52:08 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1487f95a
Add ioctl and lock to manage_lnk_file_perms
manage_lnk_file_perms permission is expected to be larger than
write_lnk_file_perms and therefore include ioctl and lock.
---
policy/support/obj_perm_sets.spt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index d241410..0ff760b 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -183,7 +183,7 @@ define(`rw_lnk_file_perms',`{ getattr read write lock ioctl
}')
define(`create_lnk_file_perms',`{ create getattr }')
define(`rename_lnk_file_perms',`{ getattr rename }')
define(`delete_lnk_file_perms',`{ getattr unlink }')
-define(`manage_lnk_file_perms',`{ create read write getattr setattr link
unlink rename }')
+define(`manage_lnk_file_perms',`{ create read write getattr setattr link
unlink rename ioctl lock }')
define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
