Add Selinux rule to allow iorapd to execute compiler.
Bug: 147320338 Test: Run the maintenance and check if the compiled is executed. Change-Id: Idbd193483a106969a8a421150101efa00aee460d
This commit is contained in:
Yan Wang
parent
4f362b1c68
commit
7d844ee436
1 changed files with 3 additions and 0 deletions
|
|
@ -36,6 +36,9 @@ allow iorapd self:global_capability_class_set sys_nice;
|
|||
# tracing sessions and read trace data.
|
||||
unix_socket_connect(iorapd, traced_consumer, traced)
|
||||
|
||||
# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
|
||||
allow iorapd system_file:file execute_no_trans;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
|
|||
Loading…
Reference in a new issue