commit: 56d8957dcd7da20184b9604274f815b622a3a72f Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Wed Apr 16 18:02:23 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Mon Apr 21 15:17:58 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=56d8957d
Allow hugetlbfs_t to be associated to /dev Even if there is not FHS provision for this, systemd is using /dev/hugepages to mount the hugetlbfs fs by default. The needed file contexts are already present --- policy/modules/kernel/filesystem.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index bad3d16..1e5b262 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -98,6 +98,7 @@ genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) type hugetlbfs_t; fs_xattr_type(hugetlbfs_t) files_mountpoint(hugetlbfs_t) +dev_associate(hugetlbfs_t) fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0); type ibmasmfs_t;
