commit: 1288708d6097b3d28587465b562b038d3df1bb14 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Wed Dec 13 18:15:36 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Dec 14 04:55:22 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1288708d
storage: Add fcontexts for NVMe disks NVMe has several dev nodes for each device: /dev/nvme0 is a char device for communicating with the controller /dev/nvme0n1 is the block device that stores the data. /dev/nvme0n1p1 is the first partition policy/modules/kernel/storage.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc index 375b10bc..c7e3ac0d 100644 --- a/policy/modules/kernel/storage.fc +++ b/policy/modules/kernel/storage.fc @@ -33,6 +33,8 @@ /dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0) /dev/mtd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) +/dev/nvme[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) +/dev/nvme[0-9]n[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0) /dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0) /dev/pcd[0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
