commit: afd06230f6385557bd0aaf8b6ca8df1e5b5513b3 Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> AuthorDate: Sat Jan 30 13:22:01 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri Feb 12 03:15:07 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=afd06230
Label /sys/kernel/debug/tracing filesystem tracefs filesystem is automounted in /sys/kernel/debug/tracing directory since Linux 4.1. Label this filesystem properly. Linux commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f76180bc07abc399977bfbe8c43bf58c4570e893 policy/modules/kernel/filesystem.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index 6ee0996..7d64035 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -166,6 +166,10 @@ files_mountpoint(sysv_t) genfscon sysv / gen_context(system_u:object_r:sysv_t,s0) genfscon v7 / gen_context(system_u:object_r:sysv_t,s0) +type tracefs_t; +fs_type(tracefs_t) +genfscon tracefs / gen_context(system_u:object_r:tracefs_t,s0) + type vmblock_t; fs_noxattr_type(vmblock_t) files_mountpoint(vmblock_t)
