selinux-refpolicy/policy
Sven Vermeulen 1668ffb244 Mark temporary block device as fixed_disk_device_t
When udev creates the temporary block devices (such as /dev/.tmp-block-8:1) they
get by default marked as device_t. However, in case of software raid devices,
the mdadm application (running in mdadm_t) does not hold the proper privileges
to access this for its auto-assembly of the raids.

Other block device applications, like blkid (running in fsadm_t) use these
temporary block devices as well, but already hold the necessary privileges on
device_t to continue their work.

By marking the temporary block device as a fixed_disk_device_t, all these block
device handling applications (such as blkid, but also mdadm) now hold the proper
privileges. Since udev is selinux-aware, the created files are immediately
restorecon'ed before the rules are applied.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2012-02-22 08:32:42 -05:00
..
flask Update access vectors. 2011-03-28 11:45:46 -04:00
modules Mark temporary block device as fixed_disk_device_t 2012-02-22 08:32:42 -05:00
support Add optional file name to filetrans_pattern. 2011-11-02 08:48:25 -04:00
constraints Allow user and role changes on dynamic transitions with the same constraints as regular transitions. 2011-09-02 09:59:26 -04:00
global_booleans Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
global_tunables Rename allow_console tunable to console_login. 2011-01-14 11:44:42 -05:00
mcs Pull in mcs constraint changes from Fedora. 2011-03-31 08:28:01 -04:00
mls l1 domby l2 for contains MLS constraint 2011-02-16 10:00:11 -05:00
policy_capabilities
users