rpms / selinux-policy

Clone
Source Code
GIT

Files

  1.   a2e8b9ca5de980419d6eb2fc0fdf9671f0d2b6ab
  2.   grub.patch
Blob Blame History Raw 
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
index 7a6f06f..e117271 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -1,9 +1,11 @@
-
+/etc/default/grub	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
 /etc/lilo\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
 /etc/yaboot\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
 
-/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+/sbin/grub.*	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+/sbin/installkernel	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
 /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+/sbin/new-kernel-pkg	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
 /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
 
 /usr/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/policy/modules/admin/permissivedomains.te b/policy/modules/admin/permissivedomains.te
index f95087c..e7d705e 100644
--- a/policy/modules/admin/permissivedomains.te
+++ b/policy/modules/admin/permissivedomains.te
@@ -2,6 +2,14 @@
 
 optional_policy(`
       gen_require(`
+             type bootloader_t;
+      ')
+
+      permissive bootloader_t;
+')
+
+optional_policy(`
+      gen_require(`
              type systemd_logger_t;
       ')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.