2012-11-27 15:29:18

by Matthew Thode

[permalink] [raw]
Subject: [refpolicy] [PATCH] Implement zfs support

Just adding zfs to the list of defined filesystems in filesystem.te

Signed-off-by: Matthew Thode <[email protected]>
---
policy/modules/kernel/filesystem.te
1 files changed, 1 insertions(+), 0 deletions (-)

diff --git a/policy/modules/kernel/filesystem.te
b/policy/modules/kernel/filesystem.te
index 6bd38c8..e746ee5 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -33,6 +33,7 @@ fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
+fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);

# Use the allocating task SID to label inodes in the following filesystem
# types, and label the filesystem itself with the specified context.
--
1.7.8.6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20121127/102d5a79/attachment.bin


2012-11-28 21:43:14

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] Implement zfs support

On 11/27/12 10:29, Matthew Thode wrote:
> Just adding zfs to the list of defined filesystems in filesystem.te
>
> Signed-off-by: Matthew Thode <[email protected]>
> ---
> policy/modules/kernel/filesystem.te
> 1 files changed, 1 insertions(+), 0 deletions (-)
>
> diff --git a/policy/modules/kernel/filesystem.te
> b/policy/modules/kernel/filesystem.te
> index 6bd38c8..e746ee5 100644
> --- a/policy/modules/kernel/filesystem.te
> +++ b/policy/modules/kernel/filesystem.te
> @@ -33,6 +33,7 @@ fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
> fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
> fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
> fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
> +fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);
>
> # Use the allocating task SID to label inodes in the following filesystem
> # types, and label the filesystem itself with the specified context.

Is the security label support in the upstream ZFS on Linux repo?

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com

2012-11-28 22:06:41

by Matthew Thode

[permalink] [raw]
Subject: [refpolicy] [PATCH] Implement zfs support

On 11/28/2012 03:43 PM, Christopher J. PeBenito wrote:
> On 11/27/12 10:29, Matthew Thode wrote:
>> Just adding zfs to the list of defined filesystems in filesystem.te
>>
>> Signed-off-by: Matthew Thode <[email protected]>
>> ---
>> policy/modules/kernel/filesystem.te
>> 1 files changed, 1 insertions(+), 0 deletions (-)
>>
>> diff --git a/policy/modules/kernel/filesystem.te
>> b/policy/modules/kernel/filesystem.te
>> index 6bd38c8..e746ee5 100644
>> --- a/policy/modules/kernel/filesystem.te
>> +++ b/policy/modules/kernel/filesystem.te
>> @@ -33,6 +33,7 @@ fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
>> fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
>> fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
>> fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
>> +fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);
>>
>> # Use the allocating task SID to label inodes in the following filesystem
>> # types, and label the filesystem itself with the specified context.
>
> Is the security label support in the upstream ZFS on Linux repo?
>
xattrs are there fully :D

xattr=sa
https://github.com/zfsonlinux/zfs/issues/671

--
-- Matthew Thode

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20121128/790ebd30/attachment.bin

2012-12-07 17:22:01

by Matthew Thode

[permalink] [raw]
Subject: [refpolicy] [PATCH] Implement zfs support

On 11/28/2012 04:06 PM, Matthew Thode wrote:
> On 11/28/2012 03:43 PM, Christopher J. PeBenito wrote:
>> On 11/27/12 10:29, Matthew Thode wrote:
>>> Just adding zfs to the list of defined filesystems in filesystem.te
>>>
>>> Signed-off-by: Matthew Thode <[email protected]>
>>> ---
>>> policy/modules/kernel/filesystem.te
>>> 1 files changed, 1 insertions(+), 0 deletions (-)
>>>
>>> diff --git a/policy/modules/kernel/filesystem.te
>>> b/policy/modules/kernel/filesystem.te
>>> index 6bd38c8..e746ee5 100644
>>> --- a/policy/modules/kernel/filesystem.te
>>> +++ b/policy/modules/kernel/filesystem.te
>>> @@ -33,6 +33,7 @@ fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
>>> fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
>>> fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
>>> fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
>>> +fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);
>>>
>>> # Use the allocating task SID to label inodes in the following filesystem
>>> # types, and label the filesystem itself with the specified context.
>>
>> Is the security label support in the upstream ZFS on Linux repo?
>>
> xattrs are there fully :D
>
> xattr=sa
> https://github.com/zfsonlinux/zfs/issues/671
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
any update on this?

--
-- Matthew Thode

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20121207/753337e1/attachment-0001.bin

2012-12-07 18:26:57

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] Implement zfs support

On 12/7/2012 12:22 PM, Matthew Thode wrote:
> On 11/28/2012 04:06 PM, Matthew Thode wrote:
>> On 11/28/2012 03:43 PM, Christopher J. PeBenito wrote:
>>> On 11/27/12 10:29, Matthew Thode wrote:
>>>> Just adding zfs to the list of defined filesystems in filesystem.te
>>>>
>>>> Signed-off-by: Matthew Thode <[email protected]>
>>>> ---
>>>> policy/modules/kernel/filesystem.te
>>>> 1 files changed, 1 insertions(+), 0 deletions (-)
>>>>
>>>> diff --git a/policy/modules/kernel/filesystem.te
>>>> b/policy/modules/kernel/filesystem.te
>>>> index 6bd38c8..e746ee5 100644
>>>> --- a/policy/modules/kernel/filesystem.te
>>>> +++ b/policy/modules/kernel/filesystem.te
>>>> @@ -33,6 +33,7 @@ fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
>>>> fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
>>>> fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
>>>> fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
>>>> +fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);
>>>>
>>>> # Use the allocating task SID to label inodes in the following filesystem
>>>> # types, and label the filesystem itself with the specified context.
>>>
>>> Is the security label support in the upstream ZFS on Linux repo?
>>>
>> xattrs are there fully :D
>>
>> xattr=sa
>> https://github.com/zfsonlinux/zfs/issues/671
>>
> any update on this?

Its fine; I just forgot to merge it. Its in there now.

--
Chris PeBenito
<[email protected]>
Developer,
Hardened Gentoo Linux