From: bigon@debian.org (Laurent Bigonville)
Date: Sat, 12 Jan 2013 22:32:19 +0100
Subject: [refpolicy] [PATCH 01/13] Label /var/run/shm as tmpfs_t for Debian
In-Reply-To: <1358026351-12955-1-git-send-email-bigon@debian.org>
References: <1358026351-12955-1-git-send-email-bigon@debian.org>
Message-ID: <1358026351-12955-2-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

In Debian, /dev/shm is a symlink to /var/run/shm. Label that mountpoint
the same way.
---
 policy/modules/kernel/filesystem.fc |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index cda5588..3d67e80 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -14,3 +14,8 @@
 # for systemd systems:
 /sys/fs/cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
 /sys/fs/cgroup/.*		<<none>>
+
+ifdef(`distro_debian',`
+/var/run/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
+/var/run/shm/.*			<<none>>
+')
-- 
1.7.10.4