add lvm.fc, and move relevant entries to devices.fc and storage.fc
This commit is contained in:
parent
7bba9d317a
commit
24a7ae1a5a
@ -68,6 +68,8 @@ ifdef(`distro_suse', `
|
||||
/dev/input/mice -c system_u:object_r:mouse_device_t
|
||||
/dev/input/js.* -c system_u:object_r:mouse_device_t
|
||||
|
||||
/dev/mapper/control -c system_u:object_r:lvm_control_t
|
||||
|
||||
/dev/pts(/.*)? <<none>>
|
||||
|
||||
/dev/snd/.* -c system_u:object_r:sound_device_t
|
||||
|
@ -22,6 +22,7 @@
|
||||
/dev/jsfd -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/jsflash -c system_u:object_r:fixed_disk_device_t
|
||||
/dev/loop.* -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/lvm -c system_u:object_r:fixed_disk_device_t
|
||||
/dev/mcdx? -b system_u:object_r:removable_device_t
|
||||
/dev/nb[^/]+ -b system_u:object_r:fixed_disk_device_t
|
||||
/dev/optcd -b system_u:object_r:removable_device_t
|
||||
@ -51,6 +52,8 @@ ifdef(`distro_redhat', `
|
||||
|
||||
/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/mapper/.* -b system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t
|
||||
|
||||
/dev/scramdisk/.* -b system_u:object_r:fixed_disk_device_t
|
||||
|
91
refpolicy/policy/modules/system/lvm.fc
Normal file
91
refpolicy/policy/modules/system/lvm.fc
Normal file
@ -0,0 +1,91 @@
|
||||
# Copyright (C) 2005 Tresys Technology, LLC
|
||||
|
||||
# LVM creates lock files in /var before /var is mounted
|
||||
# configure LVM to put lockfiles in /etc/lvm/lock instead
|
||||
# for this policy to work (unless you have no separate /var)
|
||||
|
||||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/lvm(/.*)? system_u:object_r:lvm_etc_t
|
||||
/etc/lvm/\.cache -- system_u:object_r:lvm_metadata_t
|
||||
|
||||
/etc/lvm/archive(/.*)? system_u:object_r:lvm_metadata_t
|
||||
|
||||
/etc/lvm/backup(/.*)? system_u:object_r:lvm_metadata_t
|
||||
|
||||
/etc/lvm/lock(/.*)? system_u:object_r:lvm_lock_t
|
||||
|
||||
/etc/lvmtab(/.*)? system_u:object_r:lvm_metadata_t
|
||||
|
||||
/etc/lvmtab\.d(/.*)? system_u:object_r:lvm_metadata_t
|
||||
|
||||
#
|
||||
# /lib
|
||||
#
|
||||
/lib/lvm-10(/.*) -- system_u:object_r:lvm_exec_t
|
||||
|
||||
/lib/lvm-200(/.*) -- system_u:object_r:lvm_exec_t
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin/cryptsetup -- system_u:object_r:lvm_exec_t
|
||||
/sbin/dmsetup -- system_u:object_r:lvm_exec_t
|
||||
/sbin/dmsetup\.static -- system_u:object_r:lvm_exec_t
|
||||
/sbin/e2fsadm -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvchange -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvcreate -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvdisplay -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvextend -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvm -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvm\.static -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvmchange -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvmdiskscan -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvmiopversion -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvmsadc -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvmsar -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvreduce -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvremove -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvrename -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvresize -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvs -- system_u:object_r:lvm_exec_t
|
||||
/sbin/lvscan -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvchange -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvcreate -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvdata -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvdisplay -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvmove -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvremove -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvs -- system_u:object_r:lvm_exec_t
|
||||
/sbin/pvscan -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgcfgbackup -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgcfgrestore -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgchange -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgchange\.static -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgck -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgcreate -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgdisplay -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgexport -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgextend -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgimport -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgmerge -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgmknodes -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgreduce -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgremove -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgrename -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgs -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgscan -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgscan\.static -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgsplit -- system_u:object_r:lvm_exec_t
|
||||
/sbin/vgwrapper -- system_u:object_r:lvm_exec_t
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/lvm -- system_u:object_r:lvm_exec_t
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lock/lvm(/.*)? system_u:object_r:lvm_lock_t
|
Loading…
Reference in New Issue
Block a user