From cb29c82a2871564731f4c73a64cd5c9b01daed4c Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 20 Apr 2012 15:38:51 -0400 Subject: [PATCH] Rearrange mountpoint interfaces in files. --- policy/modules/kernel/files.if | 40 +++++++++++++++++----------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index e13774795..3490ea530 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -1426,6 +1426,24 @@ interface(`files_setattr_all_mountpoints',` allow $1 mountpoint:dir setattr; ') +######################################## +## +## Do not audit attempts to set the attributes on all mount points. +## +## +## +## Domain to not audit. +## +## +# +interface(`files_dontaudit_setattr_all_mountpoints',` + gen_require(` + attribute mountpoint; + ') + + dontaudit $1 mountpoint:dir setattr; +') + ######################################## ## ## Search all mount points. @@ -1482,11 +1500,11 @@ interface(`files_dontaudit_list_all_mountpoints',` ######################################## ## -## Do not audit write attempts on mount points. +## Do not audit attempts to write to mount points. ## ## ## -## Domain to ignore write attempts from +## Domain to not audit. ## ## # @@ -1498,24 +1516,6 @@ interface(`files_dontaudit_write_all_mountpoints',` dontaudit $1 mountpoint:dir write; ') -######################################## -## -## Do not audit setattr attempts on mount points. -## -## -## -## Domain to ignore setattr attempts from -## -## -# -interface(`files_dontaudit_setattr_all_mountpoints',` - gen_require(` - attribute mountpoint; - ') - - dontaudit $1 mountpoint:dir setattr; -') - ######################################## ## ## List the contents of the root directory.