Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:coolo:alp:hostos
selinux-policy
fix_snapper.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix_snapper.patch of Package selinux-policy
Index: fedora-policy/policy/modules/contrib/snapper.te =================================================================== --- fedora-policy.orig/policy/modules/contrib/snapper.te +++ fedora-policy/policy/modules/contrib/snapper.te @@ -18,6 +18,9 @@ files_config_file(snapperd_conf_t) type snapperd_data_t; files_type(snapperd_data_t) +type snapperd_tmp_t; +files_tmp_file(snapperd_tmp_t) + ######################################## # # snapperd local policy @@ -43,6 +46,10 @@ allow snapperd_t snapperd_data_t:dir { r allow snapperd_t snapperd_data_t:file relabelfrom; snapper_filetrans_named_content(snapperd_t) +allow snapperd_t snapperd_tmp_t:file manage_file_perms; +allow snapperd_t snapperd_tmp_t:dir manage_dir_perms; +files_tmp_filetrans(snapperd_t, snapperd_tmp_t, { file dir }) + kernel_setsched(snapperd_t) domain_read_all_domains_state(snapperd_t) @@ -73,6 +80,10 @@ storage_raw_read_fixed_disk(snapperd_t) auth_use_nsswitch(snapperd_t) optional_policy(` + packagekit_dbus_chat(snapperd_t) +') + +optional_policy(` cron_system_entry(snapperd_t, snapperd_exec_t) ') Index: fedora-policy/policy/modules/contrib/snapper.fc =================================================================== --- fedora-policy.orig/policy/modules/contrib/snapper.fc +++ fedora-policy/policy/modules/contrib/snapper.fc @@ -7,9 +7,17 @@ /var/log/snapper\.log.* -- gen_context(system_u:object_r:snapperd_log_t,s0) -/mnt/(.*/)?\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) -/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) -/usr/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) -/var/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) -/etc/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) -HOME_ROOT/(.*/)?\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) +/mnt/(.*/)?\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) +/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) +/usr/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) +/var/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) +/etc/\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) +HOME_ROOT/(.*/)?\.snapshots(/.*)? gen_context(system_u:object_r:snapperd_data_t,s0) + +# ensure that the snapshots itself aren't relabled +/mnt/(.*/)?\.snapshots/[^/]*/snapshot(/.*)? <<none>> +/\.snapshots/[^/]*/snapshot(/.*)? <<none>> +/usr/\.snapshots/[^/]*/snapshot(/.*)? <<none>> +/var/\.snapshots/[^/]*/snapshot(/.*)? <<none>> +/etc/\.snapshots/[^/]*/snapshot(/.*)? <<none>> +HOME_ROOT/(.*/)?\.snapshots/[^/]*/snapshot(/.*)? <<none>>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
