From mboxrd@z Thu Jan 1 00:00:00 1970 From: mthode@mthode.org (Matthew Thode) Date: Mon, 20 Jan 2014 10:31:49 -0600 Subject: [refpolicy] [PATCH 1/1] Extending support for SELinux on ZFS In-Reply-To: <1387573580-8603-1-git-send-email-mthode@mthode.org> References: <1387573580-8603-1-git-send-email-mthode@mthode.org> Message-ID: <52DD4F75.9060809@mthode.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/20/2013 03:06 PM, Matthew Thode wrote: > Signed-off-by: Matthew Thode > --- > policy/modules/kernel/storage.fc | 5 +++++ > policy/modules/system/fstools.fc | 6 ++++++ > policy/modules/system/mount.fc | 4 ++++ > 3 files changed, 15 insertions(+) > > diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc > index 54f1827..4315bd5 100644 > --- a/policy/modules/kernel/storage.fc > +++ b/policy/modules/kernel/storage.fc > @@ -79,5 +79,10 @@ ifdef(`distro_redhat', ` > > /dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0) > > +/dev/zfs -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) > +/dev/zpios -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) > +/dev/zvol(/.*)? -l gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) > +/dev/zd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) > + > /lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) > /lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0) > diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc > index 948ce2a..39e6c25 100644 > --- a/policy/modules/system/fstools.fc > +++ b/policy/modules/system/fstools.fc > @@ -36,6 +36,12 @@ > /sbin/swapoff -- gen_context(system_u:object_r:fsadm_exec_t,s0) > /sbin/swapon.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) > /sbin/tune2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) > +/sbin/zpios -- gen_context(system_u:object_r:fsadm_exec_t,s0) > +/sbin/ztest -- gen_context(system_u:object_r:fsadm_exec_t,s0) > +/sbin/zinject -- gen_context(system_u:object_r:fsadm_exec_t,s0) > +/sbin/zhack -- gen_context(system_u:object_r:fsadm_exec_t,s0) > +/sbin/zdb -- gen_context(system_u:object_r:fsadm_exec_t,s0) > +/sbin/zstreamdump -- gen_context(system_u:object_r:fsadm_exec_t,s0) > > /usr/bin/partition_uuid -- gen_context(system_u:object_r:fsadm_exec_t,s0) > /usr/bin/raw -- gen_context(system_u:object_r:fsadm_exec_t,s0) > diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc > index 4619000..a5e1c6e 100644 > --- a/policy/modules/system/mount.fc > +++ b/policy/modules/system/mount.fc > @@ -2,6 +2,10 @@ > /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) > /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) > > +/sbin/mount.zfs -- gen_context(system_u:object_r:mount_exec_t,s0) > +/sbin/zpool -- gen_context(system_u:object_r:mount_exec_t,s0) > +/sbin/zfs -- gen_context(system_u:object_r:mount_exec_t,s0) > + > /usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) > > /var/run/mount(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0) > What's the status on the acceptance of this patch? -- -- Matthew Thode -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140120/e1d8a852/attachment.bin