From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 20 Jun 2012 10:14:05 -0400 Subject: [refpolicy] PATCH: allow mount to write to all of its runtime files In-Reply-To: <201206151635.q5FGZvOD021663@vivaldi13.register.it> References: <201206151635.q5FGZvOD021663@vivaldi13.register.it> Message-ID: <4FE1DAAD.2000802@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/15/12 12:35, Guido Trentalancia wrote: > Allow mount to write not only to /etc/mtab but also to the /etc/mtab~[0-9]{0,20} > lock files (the number corresponds to the PID). Such files are still mistakenly > being labelled as etc_t instead of etc_runtime_t (thus preventing the successful > completion of the write operation and the accumulation of unremovable stale lock > files over several operation attempts as in normal system reboots, for example). > > Do the same with the standard mount temporary file /etc/mtab.tmp. > > The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv > for the location of such files. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/kernel/files.fc | 3 +++ > 1 file changed, 3 insertions(+) > > --- refpolicy-04062012/policy/modules/kernel/files.fc 2012-06-15 19:33:36.615158614 +0200 > +++ refpolicy-file-contexts/policy/modules/kernel/files.fc 2012-06-15 19:32:42.001703874 +0200 > @@ -54,6 +54,9 @@ ifdef(`distro_suse',` > /etc/killpower -- gen_context(system_u:object_r:etc_runtime_t,s0) > /etc/localtime -l gen_context(system_u:object_r:etc_t,s0) > /etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0) > +/etc/mtab~ -- gen_context(system_u:object_r:etc_runtime_t,s0) > +/etc/mtab~[0-9]+ -- gen_context(system_u:object_r:etc_runtime_t,s0) why not just merge these two lines into /etc/mtab~[0-9]* ? -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com