Fix dosfs handling in the interface

Fix dosfs handling in the interface

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 39 bytes --]

Allow xend to use dosfs for ia64 boot.

[-- Attachment #2: dosfs.patch --]
[-- Type: text/x-patch, Size: 1248 bytes --]

--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-02-19 11:32:51.000000000 -0500
+++ serefpolicy-2.5.8/policy/modules/kernel/filesystem.if	2007-03-08 08:42:37.000000000 -0500
@@ -1110,11 +1110,31 @@
 		type dosfs_t;
 	')
 
+	manage_dirs_pattern($1,dosfs_t,dosfs_t)
 	manage_files_pattern($1,dosfs_t,dosfs_t)
 ')
 
 ########################################
 ## <summary>
+##	read files
+##	on a DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_read_dos_files',`
+	gen_require(`
+		type dosfs_t;
+	')
+
+	read_files_pattern($1,dosfs_t,dosfs_t)
+')
+
+########################################
+## <summary>
 ##	Read eventpollfs files.
 ## </summary>
 ## <desc>
--- nsaserefpolicy/policy/modules/system/xen.te	2007-01-02 12:57:49.000000000 -0500
+++ serefpolicy-2.5.8/policy/modules/system/xen.te	2007-03-08 08:42:37.000000000 -0500
@@ -357,3 +373,11 @@
 xen_append_log(xm_t)
 xen_stream_connect(xm_t)
 xen_stream_connect_xenstore(xm_t)
+
+#Should have a boolean wrapping these
+fs_list_auto_mountpoints(xend_t)
+files_search_mnt(xend_t)
+fs_write_nfs_files(xend_t)
+fs_read_nfs_files(xend_t)
+fs_getattr_all_fs(xend_t)
+fs_read_dos_files(xend_t)

Re: Fix dosfs handling in the interface

[Christopher J. PeBenito]

On Thu, 2007-03-08 at 10:39 -0500, Daniel J Walsh wrote:
> Allow xend to use dosfs for ia64 boot.
> 
> 
> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (dosfs.patch)
> 
> --- nsaserefpolicy/policy/modules/kernel/filesystem.if  2007-02-19 11:32:51.000000000 -0500
> +++ serefpolicy-2.5.8/policy/modules/kernel/filesystem.if       2007-03-08 08:42:37.000000000 -0500
> @@ -1110,11 +1110,31 @@
>                 type dosfs_t;
>         ')
>  
> +       manage_dirs_pattern($1,dosfs_t,dosfs_t)
>         manage_files_pattern($1,dosfs_t,dosfs_t)
>  ')

Dropped this as it breaks the meaning of the interface.

>  ########################################
>  ## <summary>
> +##     read files
> +##     on a DOS filesystem.
> +## </summary>
> +## <param name="domain">
> +##     <summary>
> +##     Domain allowed access.
> +##     </summary>
> +## </param>
> +#
> +interface(`fs_read_dos_files',`
> +       gen_require(`
> +               type dosfs_t;
> +       ')
> +
> +       read_files_pattern($1,dosfs_t,dosfs_t)
> +')

Moved this up.

> --- nsaserefpolicy/policy/modules/system/xen.te 2007-01-02 12:57:49.000000000 -0500
> +++ serefpolicy-2.5.8/policy/modules/system/xen.te      2007-03-08 08:42:37.000000000 -0500
> @@ -357,3 +373,11 @@
>  xen_append_log(xm_t)
>  xen_stream_connect(xm_t)
>  xen_stream_connect_xenstore(xm_t)
> +
> +#Should have a boolean wrapping these
> +fs_list_auto_mountpoints(xend_t)
> +files_search_mnt(xend_t)
> +fs_write_nfs_files(xend_t)
> +fs_read_nfs_files(xend_t)
> +fs_getattr_all_fs(xend_t)
> +fs_read_dos_files(xend_t)
> 

If these should be conditional, why aren't they?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.