From b4cbbb1fd86a8ba3d2c00b91b8b585c8d8dc0b35 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 26 Jun 2012 09:51:57 -0400 Subject: [PATCH] Allow mount to write to all of its runtime files, from Guido Trentalancia Allow mount to write not only to /etc/mtab but also to the /etc/mtab~[0-9]\{0,20\} lock files (the number corresponds to the PID). Such files are still mistakenly being labelled as etc_t instead of etc_runtime_t (thus preventing the successful completion of the write operation and the accumulation of unremovable stale lock files over several operation attempts as in normal system reboots, for example). Do the same with the standard mount temporary file /etc/mtab.tmp. The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv for the location of such files. --- policy/modules/kernel/files.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc index 4429d3090..8796ca3a0 100644 --- a/policy/modules/kernel/files.fc +++ b/policy/modules/kernel/files.fc @@ -54,6 +54,8 @@ ifdef(`distro_suse',` /etc/killpower -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/localtime -l gen_context(system_u:object_r:etc_t,s0) /etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/mtab~[0-9]* -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/mtab\.tmp -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/mtab\.fuselock -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)