From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 31 Dec 2012 23:52:29 +0100
Subject: [refpolicy] [PATCH 10/12] Puppet runs statfs against selinuxfs
In-Reply-To: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be>
References: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1356994351-29191-11-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When dealing with SELinux information in puppet, puppet invokes binaries such as
getsebool and setsebool. These binaries run statfs against the selinuxfs mounts.
If the statfs returns failure, then these binaries return "SELinux is not
enabled" even though this is false.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 puppet.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/puppet.te b/puppet.te
index f836236..4e45b07 100644
--- a/puppet.te
+++ b/puppet.te
@@ -127,6 +127,7 @@ files_relabel_config_dirs(puppet_t)
 files_relabel_config_files(puppet_t)
 files_search_var_lib(puppet_t)
 
+selinux_get_fs_mount(puppet_t)
 selinux_search_fs(puppet_t)
 selinux_set_all_booleans(puppet_t)
 selinux_set_generic_booleans(puppet_t)
-- 
1.7.8.6