cdrecord patch from dan.

author: Chris PeBenito <cpebenito@tresys.com> 2009-09-01 09:22:40 -0400
committer: Chris PeBenito <cpebenito@tresys.com> 2009-09-01 09:22:40 -0400
commit: a4b6385b9d4abfbc246d3ebb7edd632394060327 (patch)
tree: a4de85c0700b42e316dfc6d35d844a3871631071
parent: 1a7919344950d7dab17a3aaa604b4e3450526eba (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
index f2ef078d..57ad303e 100644
--- a/policy/modules/apps/cdrecord.te
+++ b/policy/modules/apps/cdrecord.te
@@ -1,5 +1,5 @@
 
-policy_module(cdrecord, 2.1.0)
+policy_module(cdrecord, 2.1.1)
 
 ########################################
 #
@@ -28,12 +28,13 @@ ubac_constrained(cdrecord_t)
 #
 
 allow cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
-allow cdrecord_t self:process { getsched setsched sigkill };
+allow cdrecord_t self:process { getcap getsched setsched sigkill };
 allow cdrecord_t self:unix_dgram_socket create_socket_perms;
 allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
 
 # allow searching for cdrom-drive
 dev_list_all_dev_nodes(cdrecord_t) 
+dev_read_sysfs(cdrecord_t)
 
 domain_interactive_fd(cdrecord_t)
 domain_use_interactive_fds(cdrecord_t)
@@ -44,6 +45,7 @@ term_use_controlling_term(cdrecord_t)
 term_list_ptys(cdrecord_t)
 
 # allow cdrecord to write the CD
+storage_raw_read_removable_device(cdrecord_t)
 storage_raw_write_removable_device(cdrecord_t)
 storage_write_scsi_generic(cdrecord_t)
author	Chris PeBenito <cpebenito@tresys.com>	2009-09-01 09:22:40 -0400
committer	Chris PeBenito <cpebenito@tresys.com>	2009-09-01 09:22:40 -0400
commit	a4b6385b9d4abfbc246d3ebb7edd632394060327 (patch)
tree	a4de85c0700b42e316dfc6d35d844a3871631071
parent	1a7919344950d7dab17a3aaa604b4e3450526eba (diff)