From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH v3 1/3] Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface
Date: Fri, 11 Apr 2014 09:15:20 -0400 [thread overview]
Message-ID: <5347EAE8.701@tresys.com> (raw)
In-Reply-To: <1396644774-8809-1-git-send-email-bigon@debian.org>
On 04/04/2014 04:52 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> Create a new attribute and fs_getattr_all_xattr_fs() interface that will
> be used for all the filesystems that support xattr
This set is merged.
> ---
> policy/modules/kernel/filesystem.if | 58 +++++++++++++++++++++++++++++++++++++
> policy/modules/kernel/filesystem.te | 1 +
> 2 files changed, 59 insertions(+)
>
> diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
> index 8416beb..d24ae64 100644
> --- a/policy/modules/kernel/filesystem.if
> +++ b/policy/modules/kernel/filesystem.if
> @@ -108,6 +108,64 @@ interface(`fs_exec_noxattr',`
>
> ########################################
> ## <summary>
> +## Transform specified type into a filesystem
> +## type which has extended attribute
> +## support.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`fs_xattr_type',`
> + gen_require(`
> + attribute xattrfs;
> + ')
> +
> + fs_type($1)
> +
> + typeattribute $1 xattrfs;
> +')
> +
> +########################################
> +## <summary>
> +## Get the attributes of all the
> +## filesystems which have extended
> +## attributes.
> +## This includes pseudo filesystems.
> +## </summary>
> +## <desc>
> +## <p>
> +## Allow the specified domain to
> +## get the attributes of a filesystems
> +## which have extended attributes.
> +## Example attributes:
> +## </p>
> +## <ul>
> +## <li>Type of the file system (e.g., tmpfs)</li>
> +## <li>Size of the file system</li>
> +## <li>Available space on the file system</li>
> +## </ul>
> +## </desc>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <infoflow type="read" weight="5"/>
> +## <rolecap/>
> +#
> +interface(`fs_getattr_all_xattr_fs',`
> + gen_require(`
> + attribute xattrfs;
> + ')
> +
> + allow $1 xattrfs:filesystem getattr;
> +')
> +
> +########################################
> +## <summary>
> ## Mount a persistent filesystem which
> ## has extended attributes, such as
> ## ext3, JFS, or XFS.
> diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
> index d9cc21f..4207e8f 100644
> --- a/policy/modules/kernel/filesystem.te
> +++ b/policy/modules/kernel/filesystem.te
> @@ -8,6 +8,7 @@ policy_module(filesystem, 1.18.0)
> attribute filesystem_type;
> attribute filesystem_unconfined_type;
> attribute noxattrfs;
> +attribute xattrfs;
>
> ##############################
> #
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
prev parent reply other threads:[~2014-04-11 13:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-04 20:52 [refpolicy] [PATCH v3 1/3] Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface Laurent Bigonville
2014-04-04 20:52 ` [refpolicy] [PATCH v3 2/3] Associate the new xattrfs attribute to fs_t and some pseudo-fs Laurent Bigonville
2014-04-04 20:52 ` [refpolicy] [PATCH v3 3/3] Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t Laurent Bigonville
2014-04-11 13:15 ` Christopher J. PeBenito [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5347EAE8.701@tresys.com \
--to=cpebenito@tresys.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.