RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lvm: add lvm_tmpfs_t type and rules 

cryptsetup uses tmpfs when performing some operations on encrypted
volumes such as changing keys.

Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge 2021-02-01 15:46:24 -05:00
parent 072c0a9458
commit ed5d860a8c
No known key found for this signature in database
GPG Key ID: 16DD27345D9905A7
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/modules/system/lvm.te
View File

@ -42,6 +42,9 @@ init_unit_file(lvm_unit_t)
type lvm_tmp_t;
files_tmp_file(lvm_tmp_t)
type lvm_tmpfs_t;
files_tmpfs_file(lvm_tmpfs_t)
type lvm_var_lib_t;
files_type(lvm_var_lib_t)
@ -183,6 +186,10 @@ manage_dirs_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t)
manage_files_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t)
files_tmp_filetrans(lvm_t, lvm_tmp_t, { file dir })
manage_dirs_pattern(lvm_t, lvm_tmpfs_t, lvm_tmpfs_t)
manage_files_pattern(lvm_t, lvm_tmpfs_t, lvm_tmpfs_t)
fs_tmpfs_filetrans(lvm_t, lvm_tmpfs_t, { dir file })
# /lib/lvm-<version> holds the actual LVM binaries (and symlinks)
read_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)
read_lnk_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)