rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

/dev/fuse should be s0 not mls_high

Browse Source 
> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device.  Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs.  It will also make it unusable I
believe on an MLS machine.  Mostly I have seen fusefs used for remote
access to data.  sshfs for example.
This commit is contained in:
Chris PeBenito 2009-07-29 11:08:50 -04:00
parent 363e8fb98a
commit 105e85ac8e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/kernel/storage.fc
View File

@ -57,7 +57,7 @@ ifdef(`distro_redhat', `
/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/fuse -c gen_context(system_u:object_r:fuse_device_t,mls_systemhigh)
/dev/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
/dev/floppy/[^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/i2o/hd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)