103 lines
2.7 KiB
Diff
103 lines
2.7 KiB
Diff
From e6506d8ed109fe85ae9236a62c17f68a8eeedb8f Mon Sep 17 00:00:00 2001
|
|
From: Zdenek Pytela <zpytela@redhat.com>
|
|
Date: Fri, 4 Sep 2020 12:28:24 +0200
|
|
Reference: https://github.com/fedora-selinux/selinux-policy/commit/e6506d8ed109fe85ae9236a62c17f68a8eeedb8f
|
|
Conflict: NA
|
|
Subject: [PATCH] Add new devices and filesystem interfaces
|
|
|
|
Add dev_remount_sysfs_fs(), fs_all_mount_fs_perms_xattr_fs(),
|
|
fs_all_mount_fs_perms_tmpfs() interfaces.
|
|
---
|
|
policy/modules/kernel/devices.if | 18 ++++++++++++++++++
|
|
policy/modules/kernel/filesystem.if | 38 +++++++++++++++++++++++++++++++++++++
|
|
2 files changed, 56 insertions(+)
|
|
|
|
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
|
|
index 2a69660..61fedbb 100644
|
|
--- a/policy/modules/kernel/devices.if
|
|
+++ b/policy/modules/kernel/devices.if
|
|
@@ -4832,6 +4832,24 @@ interface(`dev_unmount_sysfs_fs',`
|
|
|
|
########################################
|
|
## <summary>
|
|
+## Remount sysfs filesystems.
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed access.
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`dev_remount_sysfs_fs',`
|
|
+ gen_require(`
|
|
+ type sysfs_t;
|
|
+ ')
|
|
+
|
|
+ allow $1 sysfs_t:filesystem remount;
|
|
+')
|
|
+
|
|
+########################################
|
|
+## <summary>
|
|
## Search the sysfs directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
|
|
index 17a9f08..d3f24d2 100644
|
|
--- a/policy/modules/kernel/filesystem.if
|
|
+++ b/policy/modules/kernel/filesystem.if
|
|
@@ -169,6 +169,26 @@ interface(`fs_unmount_xattr_fs',`
|
|
|
|
########################################
|
|
## <summary>
|
|
+## Mount, remount, unmount a persistent filesystem which
|
|
+## has extended attributes, such as
|
|
+## ext3, JFS, or XFS.
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed access.
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`fs_all_mount_fs_perms_xattr_fs',`
|
|
+ gen_require(`
|
|
+ type fs_t;
|
|
+ ')
|
|
+
|
|
+ allow $1 fs_t:filesystem mount_fs_perms;
|
|
+')
|
|
+
|
|
+########################################
|
|
+## <summary>
|
|
## Get the attributes of persistent
|
|
## filesystems which have extended
|
|
## attributes, such as ext3, JFS, or XFS.
|
|
@@ -5206,6 +5226,24 @@ interface(`fs_unmount_tmpfs',`
|
|
|
|
########################################
|
|
## <summary>
|
|
+## Mount, remount, unmount a tmpfs filesystem.
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed access.
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`fs_all_mount_fs_perms_tmpfs',`
|
|
+ gen_require(`
|
|
+ type tmpfs_t;
|
|
+ ')
|
|
+
|
|
+ allow $1 tmpfs_t:filesystem mount_fs_perms;
|
|
+')
|
|
+
|
|
+########################################
|
|
+## <summary>
|
|
## Mount on tmpfs directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
--
|
|
1.8.3.1
|
|
|