Skip to content
Snippets Groups Projects
Commit 91c290b8 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Allow access to unlabeled socket and fifo files. 


Just use notdevfile_class_set to pick up all non-device file classes.

Change-Id: Ib3604537ccfc25da67823f0f2b5d70b84edfaadf
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 959fdaaa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 2 deletions
domain.te
+ 1
2
View file @ 91c290b8
......@@ -129,9 +129,8 @@ allow domain security_file:file getattr;
# capability, it's essentially useless. This is needed to allow an app with
# relabelto to relabel unlabeled files.
#
allow domain unlabeled:file { create_file_perms relabelfrom };
allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
allow domain unlabeled:dir { create_dir_perms relabelfrom };
allow domain unlabeled:lnk_file { create_file_perms };
neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment