diff options
Diffstat (limited to 'policy/modules/services/rpc.te')
| -rw-r--r-- | policy/modules/services/rpc.te | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te index 63693603f..bfcb8fa8a 100644 --- a/policy/modules/services/rpc.te +++ b/policy/modules/services/rpc.te @@ -121,6 +121,7 @@ corenet_udp_bind_all_rpc_ports(rpc_domain) fs_rw_rpc_named_pipes(rpc_domain) fs_search_auto_mountpoints(rpc_domain) +fs_watch_rpc_pipefs_dirs(rpc_domain) files_read_etc_runtime_files(rpc_domain) files_read_usr_files(rpc_domain) @@ -312,7 +313,8 @@ optional_policy(` # NFSD local policy # -allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource }; +allow nfsd_t self:capability { dac_override dac_read_search setpcap sys_admin sys_resource lease }; +allow nfsd_t self:process setcap; allow nfsd_t exports_t:file read_file_perms; allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms; @@ -342,6 +344,8 @@ fs_mount_nfsd_fs(nfsd_t) fs_getattr_all_fs(nfsd_t) fs_getattr_all_dirs(nfsd_t) fs_list_nfsd_fs(nfsd_t) +fs_list_rpc(nfsd_t) + fs_watch_nfsd_dirs(nfsd_t) fs_watch_nfsd_files(nfsd_t) fs_rw_nfsd_fs(nfsd_t) |