RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kernel: Drop unlabeled_t as a files_mountpoint(). 

This made unlabeled_t a file and provided much more access than an
unlabeled file should have.  Access to unlabeled objects should be
explicit.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2020-07-28 10:09:24 -04:00
parent aa6c3f4da3
commit 662d55ed5e
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/kernel/kernel.te
View File

@ -190,7 +190,6 @@ genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
# #
type unlabeled_t; type unlabeled_t;
kernel_rootfs_mountpoint(unlabeled_t) kernel_rootfs_mountpoint(unlabeled_t)
files_mountpoint(unlabeled_t)
fs_associate(unlabeled_t) fs_associate(unlabeled_t)
sid file gen_context(system_u:object_r:unlabeled_t,s0) sid file gen_context(system_u:object_r:unlabeled_t,s0)
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh) sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)