RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor fixes for Chris Richards' mount patchset.

This commit is contained in:
Chris PeBenito 2010-11-11 09:47:37 -05:00
parent a861c7c6fd
commit 66ef236c90
4 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/kernel/files.if
View File

@ -1463,7 +1463,7 @@ interface(`files_list_root',`
allow $1 root_t:lnk_file { read_lnk_file_perms ioctl lock }; allow $1 root_t:lnk_file { read_lnk_file_perms ioctl lock };
') ')
############################################################# ########################################
## <summary> ## <summary>
## Do not audit attempts to write to / dirs. ## Do not audit attempts to write to / dirs.
## </summary> ## </summary>

2
policy/modules/kernel/filesystem.if
View File

@ -3796,7 +3796,7 @@ interface(`fs_manage_tmpfs_dirs',`
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## Domain allowed access. ## Domain to not audit.
## </summary> ## </summary>
## </param> ## </param>
# #

36
policy/modules/kernel/kernel.if
View File

@ -676,24 +676,6 @@ interface(`kernel_dontaudit_search_debugfs',`
dontaudit $1 debugfs_t:dir search_dir_perms; dontaudit $1 debugfs_t:dir search_dir_perms;
') ')
########################################
## <summary>
## Do not audit attempts to write kernel debugging filesystem dirs.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_write_debugfs_dirs',`
gen_require(`
type debugfs_t;
')
dontaudit $1 debugfs_t:dir write;
')
######################################## ########################################
## <summary> ## <summary>
## Read information from the debugging filesystem. ## Read information from the debugging filesystem.
@ -714,6 +696,24 @@ interface(`kernel_read_debugfs',`
list_dirs_pattern($1, debugfs_t, debugfs_t) list_dirs_pattern($1, debugfs_t, debugfs_t)
') ')
########################################
## <summary>
## Do not audit attempts to write kernel debugging filesystem dirs.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`kernel_dontaudit_write_debugfs_dirs',`
gen_require(`
type debugfs_t;
')
dontaudit $1 debugfs_t:dir write;
')
######################################## ########################################
## <summary> ## <summary>
## Mount a kernel VM filesystem. ## Mount a kernel VM filesystem.

3
policy/modules/system/mount.te
View File

@ -58,12 +58,11 @@ corecmd_exec_bin(mount_t)
dev_getattr_all_blk_files(mount_t) dev_getattr_all_blk_files(mount_t)
dev_list_all_dev_nodes(mount_t) dev_list_all_dev_nodes(mount_t)
dev_read_sysfs(mount_t) dev_read_sysfs(mount_t)
dev_dontaudit_write_sysfs_dirs(mount_t)
dev_rw_lvm_control(mount_t) dev_rw_lvm_control(mount_t)
dev_dontaudit_getattr_all_chr_files(mount_t) dev_dontaudit_getattr_all_chr_files(mount_t)
dev_dontaudit_getattr_memory_dev(mount_t) dev_dontaudit_getattr_memory_dev(mount_t)
dev_dontaudit_write_sysfs_dirs(mount_t)
dev_getattr_sound_dev(mount_t) dev_getattr_sound_dev(mount_t)
# Early devtmpfs, before udev relabel # Early devtmpfs, before udev relabel
dev_dontaudit_rw_generic_chr_files(mount_t) dev_dontaudit_rw_generic_chr_files(mount_t)