From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sun, 13 Jan 2013 19:30:30 +0100 Subject: [refpolicy] [PATCH 07/13] Label var_lock_t as a mountpoint in Debian In-Reply-To: <1358026351-12955-8-git-send-email-bigon@debian.org> References: <1358026351-12955-1-git-send-email-bigon@debian.org> <1358026351-12955-8-git-send-email-bigon@debian.org> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs) mountpoint and the lock subdirectory just that - a subdirectory? I've seen 5 distributions using /var/run as either be a tmpfs, or a symlink to /run which is a tmpfs. On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs > mount. > --- > policy/modules/kernel/files.te | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/policy/modules/kernel/files.te > b/policy/modules/kernel/files.te > index 148d87a..a5554e8 100644 > --- a/policy/modules/kernel/files.te > +++ b/policy/modules/kernel/files.te > @@ -232,3 +232,7 @@ allow files_unconfined_type file_type:filesystem *; > tunable_policy(`allow_execmod',` > allow files_unconfined_type file_type:file execmod; > ') > + > +ifdef(`distro_debian',` > + files_mountpoint(var_lock_t) > +') > -- > 1.7.10.4 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130113/02f64557/attachment.html