nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bf5f1853f3
selinux-refpolicy/policy/modules/system
History
Guido Trentalancia via refpolicy bf5f1853f3 Let unprivileged users list mounted filesystems 
Let unprivileged users list filesystems mounted on mount points such
as /mnt (cdrom, FAT, NTFS and so on).

This makes a great difference to the usability and effectiveness of
graphical filesystem browsers such as Gnome Nautilus and currently
comes at no security penalty because mounted filesystems can be
listed with programs such as the "df" program from GNU coreutils or
by simply reading /proc/mounts.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
2016-10-30 14:25:07 -04:00
..
application.fc
application.if
application.te
authlogin.fc authlogin: remove fcontext for /var/run/user 2016-06-01 13:22:39 -04:00
authlogin.if Implement core systemd policy. 2015-10-23 10:16:59 -04:00
authlogin.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
clock.fc
clock.if
clock.te
fstools.fc fstools: add in filetrans for /run dir 2015-04-15 12:16:32 -04:00
fstools.if system/fstools.if: Add fstools_use_fds interface 2014-08-18 15:24:46 -04:00
fstools.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
getty.fc
getty.if
getty.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
hostname.fc
hostname.if
hostname.te
hotplug.fc
hotplug.if
hotplug.te
init.fc Implement core systemd policy. 2015-10-23 10:16:59 -04:00
init.if Fix typo in init_dbus_chat requirements 2016-01-19 00:17:05 +01:00
init.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
ipsec.fc system/ipsec: Add policy for StrongSwan 2015-10-12 09:16:28 -04:00
ipsec.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
ipsec.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
iptables.fc iptables: add fcontext for nftables 2016-05-16 09:13:30 -04:00
iptables.if Fix interface descriptions when duplicate ones are found 2016-01-19 00:17:34 +01:00
iptables.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
libraries.fc libraries: Move libsystemd fc entry. 2016-08-02 20:21:24 -04:00
libraries.if
libraries.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
locallogin.fc
locallogin.if Fix interface descriptions when duplicate ones are found 2016-01-19 00:17:34 +01:00
locallogin.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
logging.fc Systemd units from Russell Coker. 2016-08-06 19:14:18 -04:00
logging.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
logging.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
lvm.fc Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
lvm.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
lvm.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
metadata.xml
miscfiles.fc Label /etc/locale.alias as locale_t on Debian 2014-04-21 09:02:26 -04:00
miscfiles.if Fix interface descriptions when duplicate ones are found 2016-01-19 00:17:34 +01:00
miscfiles.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
modutils.fc single binary modutils 2016-10-23 19:12:07 -04:00
modutils.if Fix interface descriptions when duplicate ones are found 2016-01-19 00:17:34 +01:00
modutils.te single binary modutils 2016-10-23 19:12:07 -04:00
mount.fc
mount.if system/mount.if: Add mount_rw_loopback_files interface 2014-08-18 15:24:46 -04:00
mount.te Bump module versions for release. 2014-12-03 13:37:38 -05:00
netlabel.fc
netlabel.if
netlabel.te Bump module versions for release. 2015-12-08 09:53:02 -05:00
selinuxutil.fc Systemd units from Russell Coker. 2016-08-06 19:14:18 -04:00
selinuxutil.if selinuxutil: allow setfiles to read semanage store 2016-09-18 16:40:45 -04:00
selinuxutil.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
setrans.fc Systemd units from Russell Coker. 2016-08-06 19:14:18 -04:00
setrans.if Add systemd units for core refpolicy services. 2015-10-23 10:17:46 -04:00
setrans.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
sysnetwork.fc Label /sbin/iw as ifconfig_exec_t 2014-10-23 08:07:44 -04:00
sysnetwork.if
sysnetwork.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
systemd.fc Add policy for systemd-resolved 2016-05-26 08:52:23 -04:00
systemd.if systemd: Add support for --log-target 2016-03-31 08:22:50 -04:00
systemd.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
udev.fc Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 2014-04-21 10:15:51 -04:00
udev.if Implement core systemd policy. 2015-10-23 10:16:59 -04:00
udev.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
unconfined.fc
unconfined.if Allow unconfined domains to use syslog capability 2014-06-09 09:28:33 -04:00
unconfined.te Bump module versions for release. 2016-10-23 16:58:59 -04:00
userdomain.fc userdomain: introduce the user certificate file context (was miscfiles: introduce the user certificate file context) 2016-09-08 19:06:57 -04:00
userdomain.if Let unprivileged users list mounted filesystems 2016-10-30 14:25:07 -04:00
userdomain.te Bump module versions for release. 2016-10-23 16:58:59 -04:00