From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 08 Feb 2011 17:31:03 -0500
Subject: [refpolicy] Devices file differences in Fedora
Message-ID: <4D51C427.6020103@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add label for /dev/crash
printk device does not exist

Add labels for /dev/mqueue, /lib/udev/devices/, /sys
Fedora has same labels as gentoo, remove ifdef

Add interfaces for

dev_read_generic_files
+dev_read_generic_files(mdadm_t)
+dev_read_generic_files(systemd_passwd_agent_t)

dev_relabelfrom_generic_chr_files
+	dev_relabelfrom_generic_chr_files(init_t)   -  systemd needs this

dev_read_generic_chr_files
+	dev_read_generic_chr_files(init_t)  - systemd

dev_rw_generic_blk_files

+	dev_rw_generic_blk_files(mount_t)

dev_read_generic_symlinks
+	dev_read_generic_symlinks(virt_domain)

dev_rw_all_inherited_chr_files
dev_rw_all_inherited_blk_files
+	dev_rw_all_inherited_chr_files(sandbox_domain)  -- sandbox
+	dev_rw_all_inherited_blk_files(sandbox_domain)  -- sandbox

dev_relabel_autofs_dev
+	dev_relabel_autofs_dev(init_t)  - systemd

dev_read_crash                          - No user yet

dev_dontaudit_read_kmsg
+	dev_dontaudit_read_kmsg(initrc_t)
dev_associate_sysfs
+	dev_associate_sysfs(cgroup_t)     - cgroups
+	dev_associate_sysfs($1_image_t)   - svirt/libvirt needs this

dev_manage_sysfs_dirs			- systemd
+	dev_manage_sysfs_dirs(init_t)

dev_write_usbmon_dev
+		dev_write_usbmon_dev(netutils_t)

unconfined domains have to be able to create device_node lnk files.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1RxCcACgkQrlYvE4MpobP95QCfYfxXDmkeB/BpraRubdGGCYRV
BCQAnRKf610wSLqH3d580biSMXCGAdCd
=h7PT
-----END PGP SIGNATURE-----