From: bigon@debian.org (Laurent Bigonville)
Date: Wed,  5 Dec 2012 21:39:24 +0100
Subject: [refpolicy] [PATCH 3/7] Label /var/run/shm as tmpfs_t
In-Reply-To: <1354739968-4547-1-git-send-email-bigon@debian.org>
References: <1354739968-4547-1-git-send-email-bigon@debian.org>
Message-ID: <1354739968-4547-3-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

In Debian, /dev/shm is a symlink to /var/run/shm. Label that mountpoint
the same way.
---
 policy/modules/kernel/filesystem.fc |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index cda5588..4da589c 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -14,3 +14,6 @@
 # for systemd systems:
 /sys/fs/cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
 /sys/fs/cgroup/.*		<<none>>
+
+/var/run/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
+/var/run/shm/.*			<<none>>
-- 
1.7.10.4