In order for mount to work with all file locations, it needs relabelfrom
privileges as well (next to the relabelto ones).
The same patch is also already present in fedora's repository.
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/system/mount.te | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 57d7294..429596f 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -77,7 +77,7 @@ files_etc_filetrans_etc_runtime(mount_t, file)
files_mounton_all_mountpoints(mount_t)
files_unmount_rootfs(mount_t)
# These rules need to be generalized. Only admin, initrc should have it:
-files_relabelto_all_file_type_fs(mount_t)
+files_relabel_all_file_type_fs(mount_t)
files_mount_all_file_type_fs(mount_t)
files_unmount_all_file_type_fs(mount_t)
# for when /etc/mtab loses its type
--
1.7.3.4