commit: e66b9abefe4778d33a67e959095e26821da832ae
Author: Chris PeBenito <chpebeni <AT> linux <DOT> microsoft <DOT> com>
AuthorDate: Tue Dec 13 15:06:06 2022 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 19:07:52 2022 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e66b9abe
fstools: Move lines.
Signed-off-by: Chris PeBenito <chpebeni <AT> linux.microsoft.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
policy/modules/system/fstools.te | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 11211b699..3d5525cc4 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -19,14 +19,14 @@ files_tmp_file(fsadm_tmp_t)
type fsadm_run_t;
files_runtime_file(fsadm_run_t)
-ifdef(`distro_gentoo',`
-type fsadm_db_t;
-files_type(fsadm_db_t)
-')
-
type swapfile_t; # customizable
files_type(swapfile_t)
+ifdef(`distro_gentoo',`
+ type fsadm_db_t;
+ files_type(fsadm_db_t)
+')
+
########################################
#
# local policy
@@ -60,10 +60,6 @@ allow fsadm_t fsadm_run_t:dir manage_dir_perms;
allow fsadm_t fsadm_run_t:file manage_file_perms;
files_runtime_filetrans(fsadm_t, fsadm_run_t, dir)
-ifdef(`distro_gentoo',`
-manage_files_pattern(fsadm_t, fsadm_db_t, fsadm_db_t)
-')
-
# log files
allow fsadm_t fsadm_log_t:dir setattr;
manage_files_pattern(fsadm_t, fsadm_log_t, fsadm_log_t)
@@ -178,6 +174,10 @@ ifdef(`distro_debian',`
term_dontaudit_use_unallocated_ttys(fsadm_t)
')
+ifdef(`distro_gentoo',`
+ manage_files_pattern(fsadm_t, fsadm_db_t, fsadm_db_t)
+')
+
ifdef(`distro_redhat',`
optional_policy(`
unconfined_domain(fsadm_t)
