[PATCH] refpolicy: services_audioentropy changes

From: <dwalsh_at_nospam>
Date: Thu Aug 02 2007 - 21:00:46 GMT
To: cpebenito@tresys.com

Audit entropy needs dav_override and read/write random device

nsaserefpolicy/policy/modules/services/audioentropy.te 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/audioentropy.te 2007-08-02 11:02:02.000000000 -0400
@@ -18,7 +18,7 @@ # Local policy #

-allow entropyd_t self:capability { ipc_lock sys_admin };
+allow entropyd_t self:capability { dac_override ipc_lock sys_admin };
dontaudit entropyd_t self:capability sys_tty_config; allow entropyd_t self:process signal_perms;

@@ -32,6 +32,8 @@ dev_read_sysfs(entropyd_t) dev_read_urand(entropyd_t) dev_write_urand(entropyd_t)
+dev_read_rand(entropyd_t)
+dev_write_rand(entropyd_t)

dev_read_sound(entropyd_t)

fs_getattr_all_fs(entropyd_t) -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: Joshua Brindle: "Re: reference policy mailing list (was [PATCH] refpolicy: system_udev changes including brctl policy. Mostly xen related)"
Previous message: dwalsh_at_nospam: "[PATCH] refpolicy: services_automount changes"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]