diff options
Diffstat (limited to 'redhat/core/tdebase/tdm.fc39.te')
| -rw-r--r-- | redhat/core/tdebase/tdm.fc39.te | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/redhat/core/tdebase/tdm.fc39.te b/redhat/core/tdebase/tdm.fc39.te index 3278f6ac9..f3bcb40d4 100644 --- a/redhat/core/tdebase/tdm.fc39.te +++ b/redhat/core/tdebase/tdm.fc39.te @@ -8,12 +8,13 @@ require { type tmp_t; type unconfined_service_t; type unconfined_t; + type var_lib_t; type var_run_t; type xdm_t; class capability2 mac_admin; class dbus send_msg; - class fifo_file { getattr open read setattr }; - class file { getattr lock map open read unlink write }; + class fifo_file { getattr open read setattr unlink }; + class file { create entrypoint getattr lock map open read rename unlink write }; class lnk_file unlink; class process transition; } @@ -21,8 +22,9 @@ require { allow fprintd_t init_t:dbus send_msg; allow unconfined_service_t unconfined_t:process transition; allow unconfined_t self:capability2 mac_admin; -allow xdm_t etc_t:file write; -allow xdm_t tmp_t:fifo_file { getattr open read setattr }; +allow xdm_t etc_t:file { create rename unlink write }; +allow xdm_t tmp_t:fifo_file { getattr open read setattr unlink }; allow xdm_t tmp_t:file { map open unlink }; allow xdm_t tmp_t:lnk_file unlink; +allow xdm_t var_lib_t:file { unlink }; allow xdm_t var_run_t:file { getattr lock open read write }; |