From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 21 Jun 2005 01:43:36 +0000 (+0000)
Subject: Added urandom access.
X-Git-Tag: 1.3~51
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=5494a34a4307d8aaab8c6592a94f1a96767a81f8

Added urandom access.
---

diff --git a/selinux/shibshar.te b/selinux/shibshar.te
index d6d462f..9227f30 100644
--- a/selinux/shibshar.te
+++ b/selinux/shibshar.te
@@ -23,6 +23,8 @@ allow shibshar_t shibshar_t:unix_stream_socket create_stream_socket_perms;
 allow shibshar_t shibshar_t:netlink_route_socket { create bind getattr};
 allow shibshar_t usr_t:dir r_dir_perms;
 allow shibshar_t usr_t:file rx_file_perms;
+
+allow shibshar_t urandom_device_t:chr_file { getattr read };
  
 # Enable HTTPD to connect to the shib-shar socket and read/write to it
 can_unix_connect(httpd_t, shibshar_var_run_t)