From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 13 Jan 2013 21:03:05 +0100 Subject: [refpolicy] [PATCH 07/13] Label var_lock_t as a mountpoint in Debian In-Reply-To: References: <1358026351-12955-1-git-send-email-bigon@debian.org> <1358026351-12955-8-git-send-email-bigon@debian.org> Message-ID: <1358107385.2495.12.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2013-01-13 at 19:30 +0100, Sven Vermeulen wrote: > Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs) mountpoint > and the lock subdirectory just that - a subdirectory? > > I've seen 5 distributions using /var/run as either be a tmpfs, or a symlink > to /run which is a tmpfs. > > They both are mountpoints in debian (/run and /run/lock) At least that is what i saw from Laurents mount command output > On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville wrote: > > > From: Laurent Bigonville > > > > In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs > > mount. > > --- > > policy/modules/kernel/files.te | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/policy/modules/kernel/files.te > > b/policy/modules/kernel/files.te > > index 148d87a..a5554e8 100644 > > --- a/policy/modules/kernel/files.te > > +++ b/policy/modules/kernel/files.te > > @@ -232,3 +232,7 @@ allow files_unconfined_type file_type:filesystem *; > > tunable_policy(`allow_execmod',` > > allow files_unconfined_type file_type:file execmod; > > ') > > + > > +ifdef(`distro_debian',` > > + files_mountpoint(var_lock_t) > > +') > > -- > > 1.7.10.4 > > > > _______________________________________________ > > refpolicy mailing list > > refpolicy at oss.tresys.com > > http://oss.tresys.com/mailman/listinfo/refpolicy > > > Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs) > mountpoint and the lock subdirectory just that - a subdirectory? > > > I've seen 5 distributions using /var/run as either be a tmpfs, or a > symlink to /run which is a tmpfs. > > > > On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville > wrote: > From: Laurent Bigonville > > In Debian, /var/lock is a symlink to /var/run/lock which is a > tmpfs > mount. > --- > policy/modules/kernel/files.te | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/policy/modules/kernel/files.te > b/policy/modules/kernel/files.te > index 148d87a..a5554e8 100644 > --- a/policy/modules/kernel/files.te > +++ b/policy/modules/kernel/files.te > @@ -232,3 +232,7 @@ allow files_unconfined_type > file_type:filesystem *; > tunable_policy(`allow_execmod',` > allow files_unconfined_type file_type:file execmod; > ') > + > +ifdef(`distro_debian',` > + files_mountpoint(var_lock_t) > +') > -- > 1.7.10.4 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy