From 8e2fb69f881b7ef3593b9011f46aa49b293cc3c8 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 24 Oct 2007 18:37:26 +0000 Subject: [PATCH] trunk: filesystem patch from dan. --- policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++ policy/modules/kernel/filesystem.te | 15 ++++++++------- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index 37fef674..20902e6b 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -2139,6 +2139,24 @@ interface(`fs_rw_nfsd_fs',` rw_files_pattern($1,nfsd_fs_t,nfsd_fs_t) ') +######################################## +## +## Allow the type to associate to ramfs filesystems. +## +## +## +## The type of the object to be associated. +## +## +# +interface(`fs_associate_ramfs',` + gen_require(` + type ramfs_t; + ') + + allow $1 ramfs_t:filesystem associate; +') + ######################################## ## ## Mount a RAM filesystem. diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index 5da665c6..01806d71 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -1,5 +1,5 @@ -policy_module(filesystem,1.8.0) +policy_module(filesystem,1.8.1) ######################################## # @@ -77,12 +77,6 @@ fs_type(eventpollfs_t) # change to task SID 20060628 #genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0) -type fusefs_t; -fs_noxattr_type(fusefs_t) -allow fusefs_t self:filesystem associate; -genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0) -genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0) - type futexfs_t; fs_type(futexfs_t) genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) @@ -191,6 +185,13 @@ genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0) genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0) genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0) +type fusefs_t; +fs_noxattr_type(fusefs_t) +allow fusefs_t self:filesystem associate; +allow fusefs_t fs_t:filesystem associate; +genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0) +genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0) + # # iso9660_t is the type for CD filesystems # and their files.