Rename mount_read_mount_loopback() to mount_read_loopback_file().
Also make kernel block optional since the calls are to a higher layer.
This commit is contained in:
parent
38a2d8e581
commit
acf1229dad
@ -287,9 +287,6 @@ files_list_etc(kernel_t)
|
||||
files_list_home(kernel_t)
|
||||
files_read_usr_files(kernel_t)
|
||||
|
||||
mount_use_fds(kernel_t)
|
||||
mount_read_mount_loopback(kernel_t)
|
||||
|
||||
mcs_process_set_categories(kernel_t)
|
||||
|
||||
mls_process_read_up(kernel_t)
|
||||
@ -319,6 +316,11 @@ optional_policy(`
|
||||
logging_send_syslog_msg(kernel_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
mount_use_fds(kernel_t)
|
||||
mount_read_loopback_file(kernel_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
nis_use_ypbind(kernel_t)
|
||||
')
|
||||
|
@ -184,7 +184,7 @@ interface(`mount_run_unconfined',`
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mount_read_mount_loopback',`
|
||||
interface(`mount_read_loopback_file',`
|
||||
gen_require(`
|
||||
type mount_t;
|
||||
')
|
||||
|
@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
|
||||
# setuid/setgid needed to mount cifs
|
||||
allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
|
||||
|
||||
mount_read_mount_loopback(mount_t)
|
||||
mount_read_loopback_file(mount_t)
|
||||
|
||||
allow mount_t mount_tmp_t:file manage_file_perms;
|
||||
allow mount_t mount_tmp_t:dir manage_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user