RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

system/mount.if: Add mount_read_mount_loopback interface

This commit is contained in:
Luis Ressel 2014-02-01 14:50:22 +01:00 committed by Chris PeBenito
parent 781377da9f
commit 09370605a3
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
policy/modules/system/mount.if
View File

@ -173,3 +173,21 @@ interface(`mount_run_unconfined',`
mount_domtrans_unconfined($1) mount_domtrans_unconfined($1)
role $2 types unconfined_mount_t; role $2 types unconfined_mount_t;
') ')
########################################
## <summary>
## Read mount_loopback files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mount_read_mount_loopback',`
gen_require(`
type mount_t;
')
allow $1 mount_loopback_t:file read_file_perms;
')

2
policy/modules/system/mount.te
View File

@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
# setuid/setgid needed to mount cifs # setuid/setgid needed to mount cifs
allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid }; allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
allow mount_t mount_loopback_t:file read_file_perms; mount_read_mount_loopback(mount_t)
allow mount_t mount_tmp_t:file manage_file_perms; allow mount_t mount_tmp_t:file manage_file_perms;
allow mount_t mount_tmp_t:dir manage_dir_perms; allow mount_t mount_tmp_t:dir manage_dir_perms;