diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te index db30a480..42df7e51 100644 --- a/policy/modules/system/mount.te +++ b/policy/modules/system/mount.te @@ -51,6 +51,9 @@ kernel_read_system_state(mount_t) kernel_read_kernel_sysctls(mount_t) kernel_dontaudit_getattr_core_if(mount_t) +# required for mount.smbfs +corecmd_exec_bin(mount_t) + dev_getattr_all_blk_files(mount_t) dev_list_all_dev_nodes(mount_t) dev_rw_lvm_control(mount_t) @@ -58,26 +61,6 @@ dev_dontaudit_getattr_all_chr_files(mount_t) dev_dontaudit_getattr_memory_dev(mount_t) dev_getattr_sound_dev(mount_t) -storage_raw_read_fixed_disk(mount_t) -storage_raw_write_fixed_disk(mount_t) -storage_raw_read_removable_device(mount_t) -storage_raw_write_removable_device(mount_t) - -fs_getattr_xattr_fs(mount_t) -fs_getattr_cifs(mount_t) -fs_mount_all_fs(mount_t) -fs_unmount_all_fs(mount_t) -fs_remount_all_fs(mount_t) -fs_relabelfrom_all_fs(mount_t) -fs_list_auto_mountpoints(mount_t) -fs_rw_tmpfs_chr_files(mount_t) -fs_read_tmpfs_symlinks(mount_t) - -term_use_all_terms(mount_t) - -# required for mount.smbfs -corecmd_exec_bin(mount_t) - domain_use_interactive_fds(mount_t) files_search_all(mount_t) @@ -97,22 +80,40 @@ files_read_isid_type_files(mount_t) files_read_usr_files(mount_t) files_list_mnt(mount_t) +fs_getattr_xattr_fs(mount_t) +fs_getattr_cifs(mount_t) +fs_mount_all_fs(mount_t) +fs_unmount_all_fs(mount_t) +fs_remount_all_fs(mount_t) +fs_relabelfrom_all_fs(mount_t) +fs_list_auto_mountpoints(mount_t) +fs_rw_tmpfs_chr_files(mount_t) +fs_read_tmpfs_symlinks(mount_t) + +mls_file_read_all_levels(mount_t) +mls_file_write_all_levels(mount_t) + +selinux_get_enforce_mode(mount_t) + +storage_raw_read_fixed_disk(mount_t) +storage_raw_write_fixed_disk(mount_t) +storage_raw_read_removable_device(mount_t) +storage_raw_write_removable_device(mount_t) + +term_use_all_terms(mount_t) + +auth_use_nsswitch(mount_t) + init_use_fds(mount_t) init_use_script_ptys(mount_t) init_dontaudit_getattr_initctl(mount_t) -auth_use_nsswitch(mount_t) - logging_send_syslog_msg(mount_t) miscfiles_read_localization(mount_t) -mls_file_read_all_levels(mount_t) -mls_file_write_all_levels(mount_t) - sysnet_use_portmap(mount_t) -selinux_get_enforce_mode(mount_t) seutil_read_config(mount_t) userdom_use_all_users_fds(mount_t)