← Back to branch summary

~ubuntu-branches/ubuntu/natty/refpolicy-ubuntu/natty

« back to all changes in this revision

Viewing changes to policy/modules/kernel/kernel.te

  • Committer: Bazaar Package Importer
  • Author(s): Caleb Case
  • Date: 2009-10-19 01:48:39 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20091019014839-0rpi67ygkrjya30k
Tags: 0.2.20090730-0ubuntu1
https://launchpad.net/bugs/434084
* Updated to upstream release 2.20090730
* Handle Upstart direct execution of daemons.
* Pre-depend on selinux to ensure that the trigger is handled (LP: #434084).

Show diffs side-by-side

added added

removed removed

Lines of Context:
policy/modules/kernel/kernel.te
1
1
 
2
 
policy_module(kernel, 1.10.3)
 
2
policy_module(kernel, 1.10.5)
3
3
 
4
4
########################################
5
5
#
100
100
genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
101
101
 
102
102
type proc_xen_t, proc_type;
 
103
files_mountpoint(proc_xen_t)
103
104
genfscon proc /xen gen_context(system_u:object_r:proc_xen_t,s0)
104
105
 
105
106
#
120
121
type sysctl_rpc_t, sysctl_type;
121
122
genfscon proc /net/rpc gen_context(system_u:object_r:sysctl_rpc_t,s0)
122
123
 
 
124
# /proc/sys/crypto directory and files
 
125
type sysctl_crypto_t, sysctl_type;
 
126
genfscon proc /sys/crypto gen_context(system_u:object_r:sysctl_crypto_t,s0)
 
127
 
123
128
# /proc/sys/fs directory and files
124
129
type sysctl_fs_t, sysctl_type;
125
130
files_mountpoint(sysctl_fs_t)
198
203
allow kernel_t self:sock_file read_sock_file_perms;
199
204
allow kernel_t self:fd use;
200
205
 
 
206
allow kernel_t debugfs_t:dir search_dir_perms;
 
207
 
201
208
allow kernel_t proc_t:dir list_dir_perms;
202
209
allow kernel_t proc_t:file read_file_perms;
203
210
allow kernel_t proc_t:lnk_file read_lnk_file_perms;
275
282
        fs_rw_tmpfs_chr_files(kernel_t)
276
283
')
277
284
 
278
 
tunable_policy(`read_default_t',`
279
 
        files_list_default(kernel_t)
280
 
        files_read_default_files(kernel_t)
281
 
        files_read_default_symlinks(kernel_t)
282
 
        files_read_default_sockets(kernel_t)
283
 
        files_read_default_pipes(kernel_t)
284
 
')
285
 
 
286
285
optional_policy(`
287
286
        hotplug_search_config(kernel_t)
288
287
')