Add lost+found filesystem label to /var/log and /var/log/audit.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/kernel/files.fc | 6 ++++++
1 file changed, 6 insertions(+)
--- refpolicy-25082012/policy/modules/kernel/files.fc 2012-08-25
17:52:10.037296340 +0200
+++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
2012-08-26 00:38:29.364804301 +0200
@@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
+/var/log/lost\+found -d
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+/var/log/lost\+found/.* <<none>>
+
+/var/log/audit/lost\+found -d
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+/var/log/audit/lost\+found/.* <<none>>
+
/var/lost\+found -d
gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/var/lost\+found/.* <<none>>
On 08/25/12 19:08, Guido Trentalancia wrote:
> Add lost+found filesystem label to /var/log and /var/log/audit.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/kernel/files.fc | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> --- refpolicy-25082012/policy/modules/kernel/files.fc 2012-08-25
> 17:52:10.037296340 +0200
> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
> 2012-08-26 00:38:29.364804301 +0200
> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
>
> /var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
>
> +/var/log/lost\+found -d
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/lost\+found/.* <<none>>
> +
> +/var/log/audit/lost\+found -d
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> +/var/log/audit/lost\+found/.* <<none>>
> +
> /var/lost\+found -d
> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
> /var/lost\+found/.* <<none>>
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 29/08/2012 16:49, Christopher J. PeBenito wrote:
> On 08/25/12 19:08, Guido Trentalancia wrote:
>> Add lost+found filesystem label to /var/log and /var/log/audit.
>>
>> Signed-off-by: Guido Trentalancia <[email protected]>
>> ---
>> policy/modules/kernel/files.fc | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> --- refpolicy-25082012/policy/modules/kernel/files.fc 2012-08-25
>> 17:52:10.037296340 +0200
>> +++ refpolicy-25082012-lost_found-fc/policy/modules/kernel/files.fc
>> 2012-08-26 00:38:29.364804301 +0200
>> @@ -243,6 +243,12 @@ ifndef(`distro_redhat',`
>>
>> /var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
>>
>> +/var/log/lost\+found -d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> +/var/log/lost\+found/.* <<none>>
>> +
>> +/var/log/audit/lost\+found -d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> +/var/log/audit/lost\+found/.* <<none>>
>> +
>> /var/lost\+found -d
>> gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
>> /var/lost\+found/.* <<none>>
>
> Merged.
Perhaps, it might be profitable to have such labels automatically and
dynamically added to the policy upon filesystem mount by the means of
code modifications ?
Just an idea...
Regards,
Guido