selinux-policy/allow-systemd-to-mount-unlabeled-filesystemd.patch

From 79198658c50f0747b4ea8636db7e349bbd6f3571 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Thu, 4 Jun 2020 20:27:15 +0800
Subject: [PATCH] allow systemd to mount unlabeled filesystemd

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/system/init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 8de5b08..e3e8b37 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -282,6 +282,7 @@ files_dontaudit_mounton_modules_object(init_t)
 files_manage_mnt_dirs(init_t)
 files_manage_mnt_files(init_t)
 files_mounton_etc(init_t)
+files_mounton_isid(init_t)
 
 fs_list_inotifyfs(init_t)
 # cjp: this may be related to /dev/log
-- 
1.8.3.1
add avc for openEuler 2020-06-04 20:48:55 +08:00			`From 79198658c50f0747b4ea8636db7e349bbd6f3571 Mon Sep 17 00:00:00 2001`
			`From: guoxiaoqi <guoxiaoqi2@huawei.com>`
			`Date: Thu, 4 Jun 2020 20:27:15 +0800`
			`Subject: [PATCH] allow systemd to mount unlabeled filesystemd`

			`Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>`
			`---`
			`policy/modules/system/init.te \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te`
			`index 8de5b08..e3e8b37 100644`
			`--- a/policy/modules/system/init.te`
			`+++ b/policy/modules/system/init.te`
			`@@ -282,6 +282,7 @@ files_dontaudit_mounton_modules_object(init_t)`
			`files_manage_mnt_dirs(init_t)`
			`files_manage_mnt_files(init_t)`
			`files_mounton_etc(init_t)`
			`+files_mounton_isid(init_t)`

			`fs_list_inotifyfs(init_t)`
			`# cjp: this may be related to /dev/log`
			`--`
			`1.8.3.1`