Skip to content

Commit

Permalink
Allow sysadm_t and user_t SELinux users to mmap mandb_cache_t domain
Browse files Browse the repository at this point in the history
  • Loading branch information
@wrabcak
wrabcak committed Dec 16, 2018
1 parent 85649d0 commit 2dc64e3
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions policy/modules/roles/sysadm.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,10 @@ optional_policy(`
lvm_run(sysadm_t, sysadm_r)
')

optional_policy(`
mandb_map_cache_files(sysadm_t)
')

optional_policy(`
modutils_run_depmod(sysadm_t, sysadm_r)
modutils_run_insmod(sysadm_t, sysadm_r)
Expand Down
4 changes: 4 additions & 0 deletions policy/modules/roles/unprivuser.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ optional_policy(`
oident_relabel_user_content(user_t)
')

optional_policy(`
mandb_map_cache_files(user_t)
')

optional_policy(`
mozilla_run_plugin(user_t, user_r)
')
Expand Down

0 comments on commit 2dc64e3

Please sign in to comment.