blob: 3c6a9790c6f3b1cc0eeb616d65f27da33a0ed31c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Allow udev the block_suspend capability
Upstream-Status: backport
upstream commit: 5905067f2acf710ffbb13ba32575e6316619ddd8
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
policy/modules/system/udev.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 90e4ab3..efe6c02 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -39,6 +39,7 @@ ifdef(`enable_mcs',`
allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid sys_admin mknod net_raw net_admin sys_nice sys_rawio sys_resource setuid setgid sys_nice sys_ptrace };
dontaudit udev_t self:capability sys_tty_config;
+allow udev_t self:capability2 block_suspend;
allow udev_t self:process ~{ setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow udev_t self:process { execmem setfscreate };
allow udev_t self:fd use;
--
1.7.9.5
|
