trunk: filesystem patch from dan
This commit is contained in:
Chris PeBenito
parent
939a4287b3
commit
3d6e962dfa
|
|
@ -269,6 +269,45 @@ interface(`fs_set_xattr_fs_quotas',`
|
|||
allow $1 fs_t:filesystem quotamod;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read files on anon_inodefs file systems.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fs_read_anon_inodefs_files',`
|
||||
gen_require(`
|
||||
type anon_inodefs_t;
|
||||
|
||||
')
|
||||
|
||||
read_files_pattern($1,anon_inodefs_t,anon_inodefs_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write files on anon_inodefs
|
||||
## file systems.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fs_rw_anon_inodefs_files',`
|
||||
gen_require(`
|
||||
type anon_inodefs_t;
|
||||
|
||||
')
|
||||
|
||||
rw_files_pattern($1,anon_inodefs_t,anon_inodefs_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Mount an automount pseudo filesystem.
|
||||
|
|
@ -1190,6 +1229,24 @@ interface(`fs_mount_fusefs',`
|
|||
allow $1 fusefs_t:filesystem mount;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Unmount a FUSE filesystem.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fs_unmount_fusefs',`
|
||||
gen_require(`
|
||||
type fusefs_t;
|
||||
')
|
||||
|
||||
allow $1 fusefs_t:filesystem unmount;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Search inotifyfs filesystem.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(filesystem,1.7.0)
|
||||
policy_module(filesystem,1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -43,6 +43,12 @@ fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
|
|||
#
|
||||
# Non-persistent/pseudo filesystems
|
||||
#
|
||||
|
||||
type anon_inodefs_t;
|
||||
fs_type(anon_inodefs_t)
|
||||
files_mountpoint(anon_inodefs_t)
|
||||
genfscon anon_inodefs / gen_context(system_u:object_r:anon_inodefs_t,s0)
|
||||
|
||||
type bdev_t;
|
||||
fs_type(bdev_t)
|
||||
genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
|
||||
|
|
@ -139,6 +145,7 @@ type tmpfs_t;
|
|||
fs_type(tmpfs_t)
|
||||
files_type(tmpfs_t)
|
||||
files_mountpoint(tmpfs_t)
|
||||
files_poly_parent(tmpfs_t)
|
||||
|
||||
# Use a transition SID based on the allocating task SID and the
|
||||
# filesystem SID to label inodes in the following filesystem types,
|
||||
|
|
|
|||
Loading…
Reference in New Issue