From: dwalsh@redhat.com (Daniel J Walsh) Date: Mon, 14 Jan 2013 11:51:17 -0500 Subject: [refpolicy] [PATCH 07/13] Label var_lock_t as a mountpoint in Debian In-Reply-To: <1358107385.2495.12.camel@d30> References: <1358026351-12955-1-git-send-email-bigon@debian.org> <1358026351-12955-8-git-send-email-bigon@debian.org> <1358107385.2495.12.camel@d30> Message-ID: <50F43785.1090304@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/13/2013 03:03 PM, Dominick Grift wrote: > On Sun, 2013-01-13 at 19:30 +0100, Sven Vermeulen wrote: >> Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs) >> mountpoint and the lock subdirectory just that - a subdirectory? >> >> I've seen 5 distributions using /var/run as either be a tmpfs, or a >> symlink to /run which is a tmpfs. >> >> > > They both are mountpoints in debian (/run and /run/lock) > > At least that is what i saw from Laurents mount command output > >> On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville >> wrote: >> >>> From: Laurent Bigonville >>> >>> In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs >>> mount. --- policy/modules/kernel/files.te | 4 ++++ 1 file changed, 4 >>> insertions(+) >>> >>> diff --git a/policy/modules/kernel/files.te >>> b/policy/modules/kernel/files.te index 148d87a..a5554e8 100644 --- >>> a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te >>> @@ -232,3 +232,7 @@ allow files_unconfined_type file_type:filesystem >>> *; tunable_policy(`allow_execmod',` allow files_unconfined_type >>> file_type:file execmod; ') + +ifdef(`distro_debian',` + >>> files_mountpoint(var_lock_t) +') -- 1.7.10.4 >>> >>> _______________________________________________ refpolicy mailing list >>> refpolicy at oss.tresys.com >>> http://oss.tresys.com/mailman/listinfo/refpolicy >>> >> Is /var/run/lock a (tmpfs) mountpoint, or is /var/run a (tmpfs) >> mountpoint and the lock subdirectory just that - a subdirectory? >> >> >> I've seen 5 distributions using /var/run as either be a tmpfs, or a >> symlink to /run which is a tmpfs. >> >> >> >> On Sat, Jan 12, 2013 at 10:32 PM, Laurent Bigonville >> wrote: From: Laurent Bigonville >> >> In Debian, /var/lock is a symlink to /var/run/lock which is a tmpfs >> mount. --- policy/modules/kernel/files.te | 4 ++++ 1 file changed, 4 >> insertions(+) >> >> diff --git a/policy/modules/kernel/files.te >> b/policy/modules/kernel/files.te index 148d87a..a5554e8 100644 --- >> a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ >> -232,3 +232,7 @@ allow files_unconfined_type file_type:filesystem *; >> tunable_policy(`allow_execmod',` allow files_unconfined_type >> file_type:file execmod; ') + +ifdef(`distro_debian',` + >> files_mountpoint(var_lock_t) +') -- 1.7.10.4 >> >> _______________________________________________ refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy >> >> >> _______________________________________________ refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy > > > _______________________________________________ refpolicy mailing list > refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy > I see no reason to wrap this in a ifdef block. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlD0N4UACgkQrlYvE4MpobOI8gCdG3IZQaI/q14VS9e/G8BkxjG7 RrYAoIIcGndvqlI7mmgDxA7snYhm7yXc =4p6K -----END PGP SIGNATURE-----