From 1e480c3cd6aca57480a0994fe3982dc4e5d19f4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 27 Oct 2021 21:18:27 +0200 Subject: [PATCH] filesystem: add fs_use_trans for ramfs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enable extended attributes for inodes on ramfs filesystems, similar to tmpfs filesystems. For example systemd uses ramfs for service credentials[1], and xattr support is needed for per service based labeling[2]. [1]: https://www.freedesktop.org/software/systemd/man/systemd-creds.html [2]: https://github.com/systemd/systemd/pull/21158 Signed-off-by: Christian Göttsche --- policy/modules/kernel/filesystem.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index 06bfe8d74..d60fe0448 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -155,9 +155,9 @@ dev_associate_sysfs(pstore_t) genfscon pstore / gen_context(system_u:object_r:pstore_t,s0) type ramfs_t; -fs_type(ramfs_t) +fs_xattr_type(ramfs_t) files_mountpoint(ramfs_t) -genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0) +fs_use_trans ramfs gen_context(system_u:object_r:ramfs_t,s0); type romfs_t; fs_type(romfs_t)