Initial pstore support

Generic interface to platform dependent persistent storage https://www.kernel.org/doc/Documentation/ABI/testing/pstore This basically works pretty much the same as cgroup file systems from a SELinux perspective Make sure that the installed /sys/fs/pstore directory is labeled properly so that the pstore file system can be mounted on that I also removed the files_type() calls as they are duplicate (it is already called in files_mountpoint) Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2013-09-11 10:53:08 +02:00 · 2013-09-11 10:53:08 +02:00 · bf1ab85c1f
parent 36e088fa43
commit bf1ab85c1f
2 changed files with 12 additions and 5 deletions
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@ -11,10 +11,12 @@
 /lib/udev/devices/shm	-d	gen_context(system_u:object_r:tmpfs_t,s0)
 /lib/udev/devices/shm/.*	<<none>>

-# for systemd systems:
 /sys/fs/cgroup	-d	gen_context(system_u:object_r:cgroup_t,s0)
 /sys/fs/cgroup/.*	<<none>>

+/sys/fs/pstore	-d	gen_context(system_u:object_r:pstore_t,s0)
+/sys/fs/pstore/.*	<<none>>
+
 ifdef(`distro_debian',`
 /var/run/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
 /var/run/shm/.*			<<none>>
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@ -70,9 +70,8 @@ genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)

 type cgroup_t;
 fs_type(cgroup_t)
-files_type(cgroup_t)
 files_mountpoint(cgroup_t)
-dev_associate_sysfs(cgroup_t) # only for systemd systems
+dev_associate_sysfs(cgroup_t)
 genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)

 type configfs_t;
@ -125,6 +124,12 @@ type oprofilefs_t;
 fs_type(oprofilefs_t)
 genfscon oprofilefs / gen_context(system_u:object_r:oprofilefs_t,s0)

+type pstore_t;
+fs_type(pstore_t)
+files_mountpoint(pstore_t)
+dev_associate_sysfs(pstore_t)
+genfscon pstore / gen_context(system_u:object_r:pstore_t,s0)
+
 type ramfs_t;
 fs_type(ramfs_t)
 files_mountpoint(ramfs_t)