Allow prelink to read dbus config/Broken

nsplugin_config wants the kernel to load modules for it.
mount writes into livecd_tmp_t directories

diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
index 0154b7793b019a4034554a30a3fed7199548a333..cdbaddacb72478e4a48245bde8edf5cfda273457 100644 (file)
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -175,3 +175,8 @@ optional_policy(`
                rpm_read_db(prelink_cron_system_t)
        ')
 ')
+ifdef(`hide_broken_symptoms', `
+       optional_policy(`
+             dbus_read_config(prelink_t)
+       ')
+')

diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
index ccb12034dbb79a5335dcc8713ac39ca98fc9fdf3..7c8e23b16ce8f33639e9a9013620b1c409bd6447 100644 (file)
--- a/policy/modules/apps/nsplugin.te
+++ b/policy/modules/apps/nsplugin.te
@@ -239,6 +239,7 @@ corecmd_exec_bin(nsplugin_config_t)
 corecmd_exec_shell(nsplugin_config_t)
 
 kernel_read_system_state(nsplugin_config_t)
+kernel_request_load_module(nsplugin_config_t)
 
 files_read_etc_files(nsplugin_config_t)
 files_read_usr_files(nsplugin_config_t)

diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 24ffd8a6ca1a8bc46009a098e572beb062b94a9f..2639086db3ef7f22dd31c3759fcc93b6c828b7c2 100644 (file)
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -269,6 +269,10 @@ optional_policy(`
        ')
 ')
 
+optional_policy(`
+       livecd_rw_tmp_files(mount_t)
+')
+
 # Needed for mount crypt https://bugzilla.redhat.com/show_bug.cgi?id=418711
 optional_policy(`
        lvm_domtrans(mount_t)