From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 23 Jan 2013 07:29:37 -0500 Subject: [refpolicy] [PATCH 01/13] Label /var/run/shm as tmpfs_t for Debian In-Reply-To: <1358026351-12955-2-git-send-email-bigon@debian.org> References: <1358026351-12955-1-git-send-email-bigon@debian.org> <1358026351-12955-2-git-send-email-bigon@debian.org> Message-ID: <50FFD7B1.60504@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/12/13 16:32, Laurent Bigonville wrote: > From: Laurent Bigonville > > In Debian, /dev/shm is a symlink to /var/run/shm. Label that mountpoint > the same way. > --- > policy/modules/kernel/filesystem.fc | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc > index cda5588..3d67e80 100644 > --- a/policy/modules/kernel/filesystem.fc > +++ b/policy/modules/kernel/filesystem.fc > @@ -14,3 +14,8 @@ > # for systemd systems: > /sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0) > /sys/fs/cgroup/.* <> > + > +ifdef(`distro_debian',` > +/var/run/shm -d gen_context(system_u:object_r:tmpfs_t,s0) > +/var/run/shm/.* <> > +') Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com