Allow searching /proc/sys/fs when using /proc/sys/fs/binfmt_misc
Interface fs_register_binary_executable_type allow registering interpreters using a filesystem monted on /proc/sys/fs/binfmt_misc. In order to access this filesystem, the process needs to search every parent directory of the mountpoint. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
da59af22f4
commit
0494f3c0b9
|
@ -612,6 +612,8 @@ interface(`fs_register_binary_executable_type',`
|
|||
type binfmt_misc_fs_t;
|
||||
')
|
||||
|
||||
# binfmt_misc filesystem is usually mounted on /proc/sys/fs/binfmt_misc
|
||||
kernel_search_fs_sysctls($1)
|
||||
rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
|
||||
')
|
||||
|
||||
|
|
|
@ -1985,6 +1985,25 @@ interface(`kernel_rw_kernel_sysctl',`
|
|||
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search filesystem sysctl directories.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`kernel_search_fs_sysctls',`
|
||||
gen_require(`
|
||||
type proc_t, sysctl_t, sysctl_fs_t;
|
||||
')
|
||||
|
||||
search_dirs_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read filesystem sysctls.
|
||||
|
|
Loading…
Reference in New Issue