358bcef0a4
CryFS (https://www.cryfs.org/) is a software that can be run by non-root users that have access to /dev/fuse. Its command is directly used to mount a directory ("/usr/bin/cryfs basedir mountpoint"), like command "mount". Unmounting a mountpoint is done with "fusermount -u mountpoint", /usr/bin/fusermount being a setuid-root program labeled mount_exec_t. EncFS (https://www.arg0.net/encfs) is a similar software that has been considered insecure since a security audit in 2014 found vulnerabilities that are not yet fixed (like https://github.com/vgough/encfs/issues/9). gocryptfs (https://nuetzlich.net/gocryptfs/) is a similar software that has been inspired by EncFS. Allow users with role sysadm to use all these projects. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
4 lines
201 B
Plaintext
4 lines
201 B
Plaintext
/usr/bin/cryfs -- gen_context(system_u:object_r:cryfs_exec_t,s0)
|
|
/usr/bin/encfs -- gen_context(system_u:object_r:cryfs_exec_t,s0)
|
|
/usr/bin/gocryptfs -- gen_context(system_u:object_r:cryfs_exec_t,s0)
|