commit: b86c4b022307c8477a9373e0677b9eb51240e71b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Nov 27 21:58:05 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Nov 27 21:58:05 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b86c4b02
Fix bug #529430 - Various policy fixes to support lvmetad,
dmeventd/lvm-monitoring
---
policy/modules/system/lvm.fc | 9 +++++++++
policy/modules/system/lvm.te | 5 +++++
2 files changed, 14 insertions(+)
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
index 13a5759..ea5ba34 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -105,3 +105,12 @@ ifdef(`distro_gentoo',`
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
/var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
+
+ifdef(`distro_gentoo',`
+# Bug 529430 comment 7
+/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0)
+/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
+
+# Bug 529430 comment 8
+/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0)
+')
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index a5952f7..a1485fb 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -365,6 +365,11 @@ ifdef(`distro_gentoo',`
allow lvm_t self:socket create_stream_socket_perms;
create_dirs_pattern(lvm_t, lvm_etc_t, lvm_metadata_t)
+ # Bug 529430 comment 6
+ create_dirs_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
+ # BUg 529430 comment 8
+ manage_fifo_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
+
filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, dir, "cache")
kernel_request_load_module(lvm_t)
