Changeset 2691
- Timestamp:
- 05/22/08 13:39:03
(7 months ago)
- Author:
- pebenito
- Message:
trunk: Module loading now requires setsched on kernel threads.
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r2681 |
r2691 |
|
| | 1 | - Module loading now requires setsched on kernel threads. |
|---|
| 1 | 2 | - Patch to allow gpg agent --write-env-file option from Vaclav Ovsik. |
|---|
| 2 | 3 | - X application data class from Eamon Walsh and Ted Toth. |
|---|
| r2659 |
r2691 |
|
| 331 | 331 | allow $1 self:capability sys_module; |
|---|
| 332 | 332 | typeattribute $1 can_load_kernmodule; |
|---|
| | 333 | |
|---|
| | 334 | # load_module() calls stop_machine() which |
|---|
| | 335 | # calls sched_setscheduler() |
|---|
| | 336 | allow $1 self:capability sys_nice; |
|---|
| | 337 | kernel_setsched($1) |
|---|
| 333 | 338 | ') |
|---|
| 334 | 339 | |
|---|
| r2659 |
r2691 |
|
| 1 | 1 | |
|---|
| 2 | | policy_module(kernel,1.9.1) |
|---|
| | 2 | policy_module(kernel,1.9.2) |
|---|
| 3 | 3 | |
|---|
| 4 | 4 | ######################################## |
|---|
| r2668 |
r2691 |
|
| 21 | 21 | # networkmanager will ptrace itself if gdb is installed |
|---|
| 22 | 22 | # and it receives a unexpected signal (rh bug #204161) |
|---|
| 23 | | allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock }; |
|---|
| | 23 | allow NetworkManager_t self:capability { kill setgid setuid dac_override net_admin net_raw net_bind_service ipc_lock }; |
|---|
| 24 | 24 | dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace }; |
|---|
| 25 | 25 | allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms }; |
|---|
Download in other formats:
* Generating other formats may take time.
