nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Label (/var)?/tmp/systemd-private-.../tmp like /tmp

Browse Source 
Such directories are used by systemd as private mountpoints for
services.
This commit is contained in:
Nicolas Iooss 2014-08-23 13:35:51 +02:00 committed by Chris PeBenito
parent c4ea6cc594
commit 7487f355dd
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/modules/kernel/files.fc
View File

@ -191,6 +191,10 @@ ifdef(`distro_debian',`
/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/tmp/lost\+found/.* <<none>>
/tmp/systemd-private-[^/]+ -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
/tmp/systemd-private-[^/]+/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
/tmp/systemd-private-[^/]+/tmp/.* <<none>>
#
# /usr
#
@ -265,6 +269,9 @@ ifndef(`distro_redhat',`
/var/tmp/.* <<none>>
/var/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/var/tmp/lost\+found/.* <<none>>
/var/tmp/systemd-private-[^/]+ -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
/var/tmp/systemd-private-[^/]+/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
/var/tmp/systemd-private-[^/]+/tmp/.* <<none>>
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
ifdef(`distro_debian',`