LinuxLists.cc - [refpolicy] [PATCH] getattr on unlabeled blk devs

2016-08-03 05:48:19

Subject: [refpolicy] [PATCH] getattr on unlabeled blk devs

The following has been in my tree for a few years. It allows initrc_t to stat
devices early in the boot process.

>From ad46ce856a1a780cf6c3a0bb741794019e03edc2 Mon Sep 17 00:00:00 2001
From: Dominick Grift <[email protected]>
Date: Sat, 9 Nov 2013 10:45:09 +0100
Subject: [PATCH] init: startpar (initrc_t) gets attributes of /dev/dm-0
(device_t) early on boot, soon later the node context is properly reset
(debian only) init: startpar (initrc_t) gets attributes of /proc/kcore file

Signed-off-by: Dominick Grift <[email protected]>
---
policy/modules/system/init.te | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

Index: refpolicy/policy/modules/system/init.te
===================================================================
--- refpolicy.orig/policy/modules/system/init.te
+++ refpolicy/policy/modules/system/init.te
@@ -563,6 +563,9 @@ userdom_read_user_home_content_files(ini
userdom_use_user_terminals(initrc_t)

ifdef(`distro_debian',`
+ kernel_getattr_core_if(initrc_t)
+
+ dev_getattr_generic_blk_files(initrc_t)
dev_setattr_generic_dirs(initrc_t)

fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)

2016-08-06 19:58:15

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH] getattr on unlabeled blk devs

On 08/03/16 01:48, Russell Coker wrote:
> The following has been in my tree for a few years. It allows initrc_t to stat
> devices early in the boot process.
>
>
>>From ad46ce856a1a780cf6c3a0bb741794019e03edc2 Mon Sep 17 00:00:00 2001
> From: Dominick Grift <[email protected]>
> Date: Sat, 9 Nov 2013 10:45:09 +0100
> Subject: [PATCH] init: startpar (initrc_t) gets attributes of /dev/dm-0
> (device_t) early on boot, soon later the node context is properly reset
> (debian only) init: startpar (initrc_t) gets attributes of /proc/kcore file
>
> Signed-off-by: Dominick Grift <[email protected]>
> ---
> policy/modules/system/init.te | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> Index: refpolicy/policy/modules/system/init.te
> ===================================================================
> --- refpolicy.orig/policy/modules/system/init.te
> +++ refpolicy/policy/modules/system/init.te
> @@ -563,6 +563,9 @@ userdom_read_user_home_content_files(ini
> userdom_use_user_terminals(initrc_t)
>
> ifdef(`distro_debian',`
> + kernel_getattr_core_if(initrc_t)
> +
> + dev_getattr_generic_blk_files(initrc_t)
> dev_setattr_generic_dirs(initrc_t)
>
> fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)

Merged.

--
Chris PeBenito