Generic interface to platform dependent persistent storage
https://www.kernel.org/doc/Documentation/ABI/testing/pstore
This basically works pretty much the same as cgroup file systems from a
SELinux perspective
the genfscon ensures that initial labeling is correct, so we do not have
to specify a file context explicitly, instead just use <<none>>
The same applies to /sys/fs/cgroup
I also removed the files_type() calls as they are duplicate (it is
already called in files_mountpoint)
Signed-off-by: Dominick Grift <[email protected]>
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 3d67e80..50db308 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -11,9 +11,11 @@
/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
/lib/udev/devices/shm/.* <<none>>
-# for systemd systems:
-/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
-/sys/fs/cgroup/.* <<none>>
+/sys/fs/cgroup -d <<none>>
+/sys/fs/cgroup/.* <<none>>
+
+/sys/fs/pstore -d <<none>>
+/sys/fs/pstore/.* <<none>>
ifdef(`distro_debian',`
/var/run/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 1c66416..8f1fc04 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -70,9 +70,8 @@
type cgroup_t;
fs_type(cgroup_t)
-files_type(cgroup_t)
files_mountpoint(cgroup_t)
-dev_associate_sysfs(cgroup_t) # only for systemd systems
+dev_associate_sysfs(cgroup_t)
genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
type configfs_t;
@@ -125,6 +124,12 @@
fs_type(oprofilefs_t)
genfscon oprofilefs / gen_context(system_u:object_r:oprofilefs_t,s0)
+type pstore_t;
+fs_type(pstore_t)
+files_mountpoint(pstore_t)
+dev_associate_sysfs(pstore_t)
+genfscon pstore / gen_context(system_u:object_r:pstore_t,s0)
+
type ramfs_t;
fs_type(ramfs_t)
files_mountpoint(ramfs_t)