Skip to content
Snippets Groups Projects
Commit 2e934f7f authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "init: allow init to restorecon on block devices and their symlinks"

parents 0aca0241 1c8e606f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 1 deletion
public/init.te
+ 3
1
View file @ 2e934f7f
...@@ -27,9 +27,11 @@ allow init random_device:chr_file relabelto; ...@@ -27,9 +27,11 @@ allow init random_device:chr_file relabelto;
# /dev/device-mapper, /dev/block(/.*)? # /dev/device-mapper, /dev/block(/.*)?
allow init tmpfs:{ chr_file blk_file } relabelfrom; allow init tmpfs:{ chr_file blk_file } relabelfrom;
allow init tmpfs:blk_file getattr; allow init tmpfs:blk_file getattr;
allow init block_device:{ dir blk_file } relabelto; allow init block_device:{ dir blk_file lnk_file } relabelto;
allow init dm_device:{ chr_file blk_file } relabelto; allow init dm_device:{ chr_file blk_file } relabelto;
allow init kernel:fd use; allow init kernel:fd use;
# restorecon for early mount device symlinks
allow init tmpfs:lnk_file { getattr read relabelfrom };
# setrlimit # setrlimit
allow init self:capability sys_resource; allow init self:capability sys_resource;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment