From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 04 Mar 2009 11:16:10 -0500
Subject: [refpolicy] kernel_filesystem.patch
In-Reply-To: <49AC5BA9.60302@redhat.com>
References: <49AC5BA9.60302@redhat.com>
Message-ID: <1236183370.26944.53.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2009-03-02 at 17:20 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_filesystem.patch
> 
> 
> Add label for /dev/shm to be tmpfs_t

I'm not sure we want this.  If a tmpfs isn't mounted there, I think we
want the directory to remain device_t.

> Add lots of interfaces for cifs, nfs, dos 

I did some rearrangement.  I also dropped the
fs_dontaudit_list_cifs_dirs() as there already is a
fs_dontaudit_list_cifs().

Otherwise, merged.

> to handle things like xdm appending .xsession-errors in homedirs if they are nfs, or cifs
> 
> Allow people to mounton cifs and nfs file systems (they do)
> 
> Interfaces to handle new fusefs in the homedir.
> 
> Fix sorting on btfs in filesystem.te
> 
> Add type for ecryptfs_t
> 
> Add types for vmblock file systems
> 
> Setup ncpfs and dazukofs as nfs_t 

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150