filesystem: add supporting FUSEFS interfaces
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge
parent
83df290da3
commit
c998839e98
|
|
@ -2306,6 +2306,24 @@ interface(`fs_unmount_fusefs',`
|
||||||
allow $1 fusefs_t:filesystem unmount;
|
allow $1 fusefs_t:filesystem unmount;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Remount a FUSE filesystem.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`fs_remount_fusefs',`
|
||||||
|
gen_require(`
|
||||||
|
type fusefs_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 fusefs_t:filesystem remount;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Mounton a FUSEFS filesystem.
|
## Mounton a FUSEFS filesystem.
|
||||||
|
|
@ -2324,6 +2342,58 @@ interface(`fs_mounton_fusefs',`
|
||||||
allow $1 fusefs_t:dir mounton;
|
allow $1 fusefs_t:dir mounton;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Make FUSEFS files an entrypoint for the
|
||||||
|
## specified domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## The domain for which fusefs_t is an entrypoint.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`fs_fusefs_entry_type',`
|
||||||
|
gen_require(`
|
||||||
|
type fusefs_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
domain_entry_file($1, fusefs_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute FUSEFS files in a specified domain.
|
||||||
|
## </summary>
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Execute FUSEFS files in a specified domain.
|
||||||
|
## </p>
|
||||||
|
## <p>
|
||||||
|
## No interprocess communication (signals, pipes,
|
||||||
|
## etc.) is provided by this interface since
|
||||||
|
## the domains are not owned by this module.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
## <param name="source_domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <param name="target_domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain to transition to.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`fs_fusefs_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type fusefs_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
domain_auto_transition_pattern($1, fusefs_t, $2)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Search directories
|
## Search directories
|
||||||
|
|
@ -2500,6 +2570,25 @@ interface(`fs_read_fusefs_symlinks',`
|
||||||
read_lnk_files_pattern($1, fusefs_t, fusefs_t)
|
read_lnk_files_pattern($1, fusefs_t, fusefs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Manage symlinks on a FUSEFS filesystem.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
## <rolecap/>
|
||||||
|
#
|
||||||
|
interface(`fs_manage_fusefs_symlinks',`
|
||||||
|
gen_require(`
|
||||||
|
type fusefs_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
manage_lnk_files_pattern($1, fusefs_t, fusefs_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Get the attributes of an hugetlbfs
|
## Get the attributes of an hugetlbfs
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue