RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Let unprivileged users list mounted filesystems 

Let unprivileged users list filesystems mounted on mount points such
as /mnt (cdrom, FAT, NTFS and so on).

This makes a great difference to the usability and effectiveness of
graphical filesystem browsers such as Gnome Nautilus and currently
comes at no security penalty because mounted filesystems can be
listed with programs such as the "df" program from GNU coreutils or
by simply reading /proc/mounts.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
This commit is contained in:
Guido Trentalancia via refpolicy 2016-10-29 18:08:18 +02:00 committed by Chris PeBenito
parent c23fe5c298
commit bf5f1853f3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/system/userdomain.if
View File

@ -530,8 +530,8 @@ template(`userdom_common_user_template',`
files_exec_etc_files($1_t) files_exec_etc_files($1_t)
files_search_locks($1_t) files_search_locks($1_t)
# Check to see if cdrom is mounted # List mounted filesystems (cdrom, FAT, NTFS and so on)
files_search_mnt($1_t) files_list_mnt($1_t)
# cjp: perhaps should cut back on file reads: # cjp: perhaps should cut back on file reads:
files_read_var_files($1_t) files_read_var_files($1_t)
files_read_var_symlinks($1_t) files_read_var_symlinks($1_t)