commit: db53283aab8d16614c4c72b3967d8570083a2e20
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Mon Feb 1 20:46:24 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 6 20:54:11 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=db53283a
lvm: add lvm_tmpfs_t type and rules
cryptsetup uses tmpfs when performing some operations on encrypted
volumes such as changing keys.
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/lvm.te | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index a0cc3bd9..99053132 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -42,6 +42,9 @@ init_unit_file(lvm_unit_t)
type lvm_tmp_t;
files_tmp_file(lvm_tmp_t)
+type lvm_tmpfs_t;
+files_tmpfs_file(lvm_tmpfs_t)
+
type lvm_var_lib_t;
files_type(lvm_var_lib_t)
@@ -183,6 +186,10 @@ manage_dirs_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t)
manage_files_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t)
files_tmp_filetrans(lvm_t, lvm_tmp_t, { file dir })
+manage_dirs_pattern(lvm_t, lvm_tmpfs_t, lvm_tmpfs_t)
+manage_files_pattern(lvm_t, lvm_tmpfs_t, lvm_tmpfs_t)
+fs_tmpfs_filetrans(lvm_t, lvm_tmpfs_t, { dir file })
+
# /lib/lvm-<version> holds the actual LVM binaries (and symlinks)
read_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)
read_lnk_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)
