From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 20 Jul 2011 19:18:17 +0200
Subject: [refpolicy] [PATCH 1/1] Allow mount to work on all file locations
Message-ID: <20110720171817.GD18951@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

In order for mount to work with all file locations, it needs relabelfrom
privileges as well (next to the relabelto ones).

The same patch is also already present in fedora's repository.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/mount.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 57d7294..429596f 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -77,7 +77,7 @@ files_etc_filetrans_etc_runtime(mount_t, file)
 files_mounton_all_mountpoints(mount_t)
 files_unmount_rootfs(mount_t)
 # These rules need to be generalized.  Only admin, initrc should have it:
-files_relabelto_all_file_type_fs(mount_t)
+files_relabel_all_file_type_fs(mount_t)
 files_mount_all_file_type_fs(mount_t)
 files_unmount_all_file_type_fs(mount_t)
 # for when /etc/mtab loses its type
-- 
1.7.3.4