Minor fixes for Chris Richards' mount patchset.
This commit is contained in:
Chris PeBenito
parent
a861c7c6fd
commit
66ef236c90
|
|
@ -1463,7 +1463,7 @@ interface(`files_list_root',`
|
|||
allow $1 root_t:lnk_file { read_lnk_file_perms ioctl lock };
|
||||
')
|
||||
|
||||
#############################################################
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write to / dirs.
|
||||
## </summary>
|
||||
|
|
|
|||
|
|
@ -3796,7 +3796,7 @@ interface(`fs_manage_tmpfs_dirs',`
|
|||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
|
|
|
|||
|
|
@ -676,24 +676,6 @@ interface(`kernel_dontaudit_search_debugfs',`
|
|||
dontaudit $1 debugfs_t:dir search_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write kernel debugging filesystem dirs.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`kernel_dontaudit_write_debugfs_dirs',`
|
||||
gen_require(`
|
||||
type debugfs_t;
|
||||
')
|
||||
|
||||
dontaudit $1 debugfs_t:dir write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read information from the debugging filesystem.
|
||||
|
|
@ -714,6 +696,24 @@ interface(`kernel_read_debugfs',`
|
|||
list_dirs_pattern($1, debugfs_t, debugfs_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to write kernel debugging filesystem dirs.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`kernel_dontaudit_write_debugfs_dirs',`
|
||||
gen_require(`
|
||||
type debugfs_t;
|
||||
')
|
||||
|
||||
dontaudit $1 debugfs_t:dir write;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Mount a kernel VM filesystem.
|
||||
|
|
|
|||
|
|
@ -58,12 +58,11 @@ corecmd_exec_bin(mount_t)
|
|||
dev_getattr_all_blk_files(mount_t)
|
||||
dev_list_all_dev_nodes(mount_t)
|
||||
dev_read_sysfs(mount_t)
|
||||
dev_dontaudit_write_sysfs_dirs(mount_t)
|
||||
dev_rw_lvm_control(mount_t)
|
||||
dev_dontaudit_getattr_all_chr_files(mount_t)
|
||||
dev_dontaudit_getattr_memory_dev(mount_t)
|
||||
dev_dontaudit_write_sysfs_dirs(mount_t)
|
||||
dev_getattr_sound_dev(mount_t)
|
||||
|
||||
# Early devtmpfs, before udev relabel
|
||||
dev_dontaudit_rw_generic_chr_files(mount_t)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue