From: bigon@debian.org (Laurent Bigonville)
Date: Sat, 12 Jan 2013 22:32:25 +0100
Subject: [refpolicy] [PATCH 07/13] Label var_lock_t as a mountpoint in Debian
In-Reply-To: <1358026351-12955-1-git-send-email-bigon@debian.org>
References: <1358026351-12955-1-git-send-email-bigon@debian.org>
Message-ID: <1358026351-12955-8-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs
mount.
---
 policy/modules/kernel/files.te |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 148d87a..a5554e8 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -232,3 +232,7 @@ allow files_unconfined_type file_type:filesystem *;
 tunable_policy(`allow_execmod',`
 	allow files_unconfined_type file_type:file execmod;
 ')
+
+ifdef(`distro_debian',`
+	files_mountpoint(var_lock_t)
+')
-- 
1.7.10.4