From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 20 Dec 2013 15:22:06 -0500 Subject: [refpolicy] [PATCH 1/1] Extending support for SELinux on ZFS In-Reply-To: <52B4A527.107@mthode.org> References: <1387560695-24878-1-git-send-email-mthode@mthode.org> <52B4A382.9070507@tresys.com> <52B4A527.107@mthode.org> Message-ID: <52B4A6EE.8060007@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/20/13 15:14, Matthew Thode wrote: > On 12/20/2013 02:07 PM, Christopher J. PeBenito wrote: >> On 12/20/13 12:31, Matthew Thode wrote: >>> Signed-off-by: Matthew Thode >>> --- >>> policy/modules/kernel/storage.fc | 5 +++++ >>> policy/modules/system/fstools.fc | 6 ++++++ >>> policy/modules/system/mount.fc | 4 ++++ >>> 3 files changed, 15 insertions(+) >>> >>> diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc >>> index 54f1827..4315bd5 100644 >>> --- a/policy/modules/kernel/storage.fc >>> +++ b/policy/modules/kernel/storage.fc >>> @@ -79,5 +79,10 @@ ifdef(`distro_redhat', ` >>> >>> /dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0) >>> >>> +/dev/zfs -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) >>> +/dev/zpios -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) >>> +/dev/zvol(/.*)? -l gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) >> >> Normally we leave the symlinks stay the generic type, in this case device_t. That type is sufficiently protected and the symlink isn't sensitive, so it doesn't merit having a different type. Otherwise the patch looks ok. > Would you like me to resubmit? Please do. I was going to apply it and then fix it, but it fails to apply; looks like a conflict from something I just merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com