RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow mount to write to all of its runtime files, from Guido Trentalancia 

Allow mount to write not only to /etc/mtab but also to the /etc/mtab~[0-9]\{0,20\}
lock files (the number corresponds to the PID). Such files are still mistakenly
being labelled as etc_t instead of etc_runtime_t (thus preventing the successful
completion of the write operation and the accumulation of unremovable stale lock
files over several operation attempts as in normal system reboots, for example).

Do the same with the standard mount temporary file /etc/mtab.tmp.

The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv
for the location of such files.
This commit is contained in:
Chris PeBenito 2012-06-26 09:51:57 -04:00
parent 4f14c21a0d
commit b4cbbb1fd8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/kernel/files.fc
View File

@ -54,6 +54,8 @@ ifdef(`distro_suse',`
/etc/killpower -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
/etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/mtab~[0-9]* -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/mtab\.tmp -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/mtab\.fuselock -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)