From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 19 Mar 2010 13:30:24 -0400
Subject: [refpolicy] system_mount.patch
In-Reply-To: <4B8453FF.2090208@redhat.com>
References: <4B8453FF.2090208@redhat.com>
Message-ID: <1269019824.5623.211.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2010-02-23 at 17:17 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/system_mount.patch
> 
> File context for fusermount so I can stop xguest from using mount
> 
> New file context for mount
> 
> Dontaudit broken leaks
> 
> Lots of new access for mount.

How much of this new access is due to fusermount?  Dbus usage, exec'ing
things unrelated to mount like ssh, transitioning to rpcd?  Sounds like
fusermount might need its own type after all.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150