RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Marking debugfs and securityfs as mountpoints 

The locations for debugfs_t (/sys/kernel/debug) and security_t
(/selinux or /sys/fs/selinux) should be marked as mountpoints as well.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-03-25 14:42:37 +02:00 committed by Chris PeBenito
parent 100734ef64
commit 26cfbe5317
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/kernel/kernel.te
View File

@ -56,6 +56,7 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
#
type debugfs_t;
files_mountpoint(debugfs_t)
fs_type(debugfs_t)
allow debugfs_t self:filesystem associate;
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)

1
policy/modules/kernel/selinux.te
View File

@ -29,6 +29,7 @@ selinux_labeled_boolean(secure_mode_policyload_t, secure_mode_policyload)
# applied to selinuxfs inodes.
#
type security_t, boolean_type;
files_mountpoint(security_t)
fs_type(security_t)
mls_trusted_object(security_t)
sid security gen_context(system_u:object_r:security_t,mls_systemhigh)