Skip to content
Snippets Groups Projects
Commit 6bf855a8 authored by Dan van der Ster's avatar Dan van der Ster
Browse files

FUSE: allow domain:process getpgid and cleanup

parent 1dbe8c16
No related branches found
No related tags found
No related merge requests found
No preview for this file type
module eosfuse 1.2;
module eosfuse 1.3;
require {
attribute domain;
type initrc_tmp_t;
type var_log_t;
type var_run_t;
type automount_t;
type mount_t;
type unconfined_t;
type sshd_t;
type su_exec_t;
class lnk_file { read getattr };
class dir add_name;
class file { write read create setattr };
class file { write read create setattr getattr };
class process { getpgid };
}
......@@ -18,11 +20,9 @@ allow automount_t initrc_tmp_t:file write;
#============= mount_t ==============
allow mount_t var_log_t:dir add_name;
allow mount_t var_log_t:file create;
allow mount_t var_log_t:file { create setattr };
allow mount_t var_run_t:lnk_file { read getattr };
allow mount_t domain:process getpgid;
allow mount_t var_log_t:file setattr;
allow mount_t var_run_t:lnk_file getattr;
allow mount_t var_run_t:lnk_file read;
allow mount_t unconfined_t:process getpgid;
\ No newline at end of file
#============= sshd_t ==============
allow sshd_t su_exec_t:file getattr;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment