dontaudit mount writes to newly mounted filesystems
Signed-off-by: Chris Richards <gizmo@giz-works.com>
This commit is contained in:
parent
55d8395f49
commit
4b825e21d4
|
@ -676,6 +676,24 @@ interface(`kernel_dontaudit_search_debugfs',`
|
||||||
dontaudit $1 debugfs_t:dir search_dir_perms;
|
dontaudit $1 debugfs_t:dir search_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Do not audit attempts to write kernel debugging filesystem dirs.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain to not audit.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`kernel_dontaudit_write_debugfs_dirs',`
|
||||||
|
gen_require(`
|
||||||
|
type debugfs_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
dontaudit $1 debugfs_t:dir write;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read information from the debugging filesystem.
|
## Read information from the debugging filesystem.
|
||||||
|
@ -805,6 +823,25 @@ interface(`kernel_dontaudit_list_proc',`
|
||||||
dontaudit $1 proc_t:dir list_dir_perms;
|
dontaudit $1 proc_t:dir list_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Do not audit attempts to write the
|
||||||
|
## directories in /proc.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain to not audit.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`kernel_dontaudit_write_proc_dirs',`
|
||||||
|
gen_require(`
|
||||||
|
type proc_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
dontaudit $1 proc_t:dir write;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Get the attributes of files in /proc.
|
## Get the attributes of files in /proc.
|
||||||
|
|
Loading…
Reference in New Issue