LinuxLists.cc - [refpolicy] [PATCH] Add fc for /sys/fs/debug as debugfs

2015-05-05 12:28:05

Subject: [refpolicy] [PATCH] Add fc for /sys/fs/debug as debugfs_t

From: Laurent Bigonville <[email protected]>

---
policy/modules/kernel/kernel.fc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
index 7be4ddf..2f8b6f1 100644
--- a/policy/modules/kernel/kernel.fc
+++ b/policy/modules/kernel/kernel.fc
@@ -1 +1 @@
-# This module currently does not have any file contexts.
+/sys/fs/debugfs(/.*)? gen_context(system_u:object_r:debugfs_t,s0)
--
2.1.4

2015-05-05 12:41:11

by mgrepl

[permalink] [raw]

Subject: [refpolicy] [PATCH] Add fc for /sys/fs/debug as debugfs_t

On 05/05/2015 02:28 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> ---
> policy/modules/kernel/kernel.fc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
> index 7be4ddf..2f8b6f1 100644
> --- a/policy/modules/kernel/kernel.fc
> +++ b/policy/modules/kernel/kernel.fc
> @@ -1 +1 @@
> -# This module currently does not have any file contexts.
> +/sys/fs/debugfs(/.*)? gen_context(system_u:object_r:debugfs_t,s0)
>
In Fedora, we have

+/sys/kernel/debug -d gen_context(system_u:object_r:debugfs_t,s0)
+/sys/kernel/debug/.* <<none>>

--
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.

2015-05-06 09:59:53

by Laurent Bigonville

[permalink] [raw]

Subject: [refpolicy] [PATCH] Add fc for /sys/fs/debug as debugfs_t

Le Tue, 05 May 2015 14:41:11 +0200,
Miroslav Grepl <[email protected]> a ?crit :

> On 05/05/2015 02:28 PM, Laurent Bigonville wrote:
> > From: Laurent Bigonville <[email protected]>
> >
> > ---
> > policy/modules/kernel/kernel.fc | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/policy/modules/kernel/kernel.fc
> > b/policy/modules/kernel/kernel.fc index 7be4ddf..2f8b6f1 100644
> > --- a/policy/modules/kernel/kernel.fc
> > +++ b/policy/modules/kernel/kernel.fc
> > @@ -1 +1 @@
> > -# This module currently does not have any file contexts.
> > +/sys/fs/debugfs(/.*)?
> > gen_context(system_u:object_r:debugfs_t,s0)
> >
> In Fedora, we have
>
> +/sys/kernel/debug -d gen_context(system_u:object_r:debugfs_t,s0)
> +/sys/kernel/debug/.* <<none>>

And you are actually correct I think, it's /sys/kernel and
not /sys/fs ... I'll resend a patch

Laurent Bigonville