Allow colord to execute shell

author Miroslav Grepl <mgrepl@redhat.com>

Thu, 24 Nov 2011 10:41:10 +0000 (11:41 +0100)

committer Miroslav Grepl <mgrepl@redhat.com>

Thu, 24 Nov 2011 10:41:58 +0000 (11:41 +0100)
author Miroslav Grepl <mgrepl@redhat.com>
Thu, 24 Nov 2011 10:41:10 +0000 (11:41 +0100)
committer Miroslav Grepl <mgrepl@redhat.com>
Thu, 24 Nov 2011 10:41:58 +0000 (11:41 +0100)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc

index 37d3b990fcae1a29fab41452caec7d8d02cbd688..c82360e6f4b037bbf3d78e34f7bc95a4bd7e340c 100644 (file)
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -406,6 +406,7 @@ ifdef(`distro_suse',`
  # /usr/lib
  #
  
+/usr/lib/iscan/network                         --      gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/ruby/gems/.*/agents(/.*)?             gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/virtualbox/VBoxManage         --      gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/yp/.+                                         --      gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te

index 145a4eb83eefea9c52a8797edb5a6eca7fb61b34..25283e476278d50d1326b126263743f3d2b9c93a 100644 (file)
--- a/policy/modules/services/colord.te
+++ b/policy/modules/services/colord.te
@@ -49,6 +49,7 @@ kernel_request_load_module(colord_t)
  
  # reads *.ini files
  corecmd_exec_bin(colord_t)
+corecmd_exec_shell(colord_t)
  
  corenet_all_recvfrom_unlabeled(colord_t)
  corenet_all_recvfrom_netlabel(colord_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 24 Nov 2011 10:41:10 +0000 (11:41 +0100)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Thu, 24 Nov 2011 10:41:58 +0000 (11:41 +0100)
policy/modules/kernel/corecommands.fc		patch \| blob \| blame \| history
policy/modules/services/colord.te		patch \| blob \| blame \| history