commit: decabd8c4269860861be981cec6f0936aeea9b10 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Apr 4 20:52:53 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Apr 11 17:47:57 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=decabd8c
Associate the new xattrfs attribute to fs_t and some pseudo-fs Associate the new xattrfs attribute to fs_t and the pseudo filesystems that we know support xattr This patch adds the attribute to the following (pseudo) filesystems - device_t - devpts_t - fs_t - hugetlbfs - sysfs_t - tmpfs_t --- policy/modules/kernel/devices.te | 4 ++-- policy/modules/kernel/filesystem.te | 6 +++--- policy/modules/kernel/terminal.te | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te index 25d28ce..2fdb01b 100644 --- a/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te @@ -18,7 +18,7 @@ fs_associate_tmpfs(device_t) files_type(device_t) files_mountpoint(device_t) files_associate_tmp(device_t) -fs_type(device_t) +fs_xattr_type(device_t) fs_use_trans devtmpfs gen_context(system_u:object_r:device_t,s0); # @@ -231,7 +231,7 @@ dev_node(sound_device_t) # type sysfs_t; files_mountpoint(sysfs_t) -fs_type(sysfs_t) +fs_xattr_type(sysfs_t) genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0) # diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index abaf5c0..31058f0 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -16,7 +16,7 @@ attribute xattrfs; # filesystems with extended attributes # type fs_t; -fs_type(fs_t) +fs_xattr_type(fs_t) sid fs gen_context(system_u:object_r:fs_t,s0) # Use xattrs for the following filesystem types. @@ -96,7 +96,7 @@ fs_type(futexfs_t) genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) type hugetlbfs_t; -fs_type(hugetlbfs_t) +fs_xattr_type(hugetlbfs_t) files_mountpoint(hugetlbfs_t) fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0); @@ -176,7 +176,7 @@ genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0) # type tmpfs_t; dev_associate(tmpfs_t) -fs_type(tmpfs_t) +fs_xattr_type(tmpfs_t) files_type(tmpfs_t) files_mountpoint(tmpfs_t) files_poly_parent(tmpfs_t) diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te index e05079a..01dbf46 100644 --- a/policy/modules/kernel/terminal.te +++ b/policy/modules/kernel/terminal.te @@ -27,7 +27,7 @@ dev_node(console_device_t) type devpts_t; files_mountpoint(devpts_t) fs_associate_tmpfs(devpts_t) -fs_type(devpts_t) +fs_xattr_type(devpts_t) fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0); #
