From: cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Date: Tue, 21 Jun 2005 01:43:36 +0000 (+0000)
Subject: Added urandom access.
X-Git-Tag: 2.4~1287
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=f8691268ba748f3821c633051be2835b23bda8d3

Added urandom access.


git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@1721 cb58f699-b61c-0410-a6fe-9272a202ed29
---

diff --git a/selinux/shibshar.te b/selinux/shibshar.te
index d6d462f..9227f30 100644
--- a/selinux/shibshar.te
+++ b/selinux/shibshar.te
@@ -23,6 +23,8 @@ allow shibshar_t shibshar_t:unix_stream_socket create_stream_socket_perms;
 allow shibshar_t shibshar_t:netlink_route_socket { create bind getattr};
 allow shibshar_t usr_t:dir r_dir_perms;
 allow shibshar_t usr_t:file rx_file_perms;
+
+allow shibshar_t urandom_device_t:chr_file { getattr read };
  
 # Enable HTTPD to connect to the shib-shar socket and read/write to it
 can_unix_connect(httpd_t, shibshar_var_run_t)