From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 12 Sep 2012 18:49:35 +0200
Subject: [refpolicy] [PATCH 1/2] Label /var/run/mdadm/map as mdadm_map_t
In-Reply-To: <1347406308-20976-1-git-send-email-bigon@debian.org>
References: <1347406308-20976-1-git-send-email-bigon@debian.org>
Message-ID: <1347468575.2915.16.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Wed, 2012-09-12 at 01:31 +0200, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> mdadm is now creating map file under /run/mdadm/map
> ---
>  raid.fc |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/raid.fc b/raid.fc
> index ed9c70d..e3c8bfb 100644
> --- a/raid.fc
> +++ b/raid.fc
> @@ -4,3 +4,4 @@
>  /sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
>  
>  /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
> +/var/run/mdadm/map	--	gen_context(system_u:object_r:mdadm_map_t,s0)

I think its probably best to drop mdadm_map_t and make it an alias of
mdadm_var_run_t instead

I have some changes from both myself and fedora for raid module in the
pipeline.

It sucks though because both fedora as well as refpolicy made mdadm_t a
unconfined type. That basically makes it almost impossible for us to
develop it further and receive feedback on it.