system/mount.if: Add mount_read_mount_loopback interface
This commit is contained in:
parent
781377da9f
commit
09370605a3
@ -173,3 +173,21 @@ interface(`mount_run_unconfined',`
|
||||
mount_domtrans_unconfined($1)
|
||||
role $2 types unconfined_mount_t;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read mount_loopback files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`mount_read_mount_loopback',`
|
||||
gen_require(`
|
||||
type mount_t;
|
||||
')
|
||||
|
||||
allow $1 mount_loopback_t:file read_file_perms;
|
||||
')
|
||||
|
@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
|
||||
# setuid/setgid needed to mount cifs
|
||||
allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
|
||||
|
||||
allow mount_t mount_loopback_t:file read_file_perms;
|
||||
mount_read_mount_loopback(mount_t)
|
||||
|
||||
allow mount_t mount_tmp_t:file manage_file_perms;
|
||||
allow mount_t mount_tmp_t:dir manage_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user