From: dominick.grift@gmail.com (Dominick Grift) Date: Wed, 11 Sep 2013 10:53:08 +0200 Subject: [refpolicy] [PATCH] [V2] Initial pstore support Message-ID: <1378889588-1766-1-git-send-email-dominick.grift@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Generic interface to platform dependent persistent storage https://www.kernel.org/doc/Documentation/ABI/testing/pstore This basically works pretty much the same as cgroup file systems from a SELinux perspective Make sure that the installed /sys/fs/pstore directory is labeled properly so that the pstore file system can be mounted on that I also removed the files_type() calls as they are duplicate (it is already called in files_mountpoint) Signed-off-by: Dominick Grift diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc index 3d67e80..d7c11a0 100644 --- a/policy/modules/kernel/filesystem.fc +++ b/policy/modules/kernel/filesystem.fc @@ -11,9 +11,11 @@ /lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0) /lib/udev/devices/shm/.* <> -# for systemd systems: -/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0) -/sys/fs/cgroup/.* <> +/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0) +/sys/fs/cgroup/.* <> + +/sys/fs/pstore -d gen_context(system_u:object_r:pstore_t,s0) +/sys/fs/pstore/.* <> ifdef(`distro_debian',` /var/run/shm -d gen_context(system_u:object_r:tmpfs_t,s0) diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index 1c66416..8f1fc04 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -70,9 +70,8 @@ type cgroup_t; fs_type(cgroup_t) -files_type(cgroup_t) files_mountpoint(cgroup_t) -dev_associate_sysfs(cgroup_t) # only for systemd systems +dev_associate_sysfs(cgroup_t) genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0) type configfs_t; @@ -125,6 +124,12 @@ fs_type(oprofilefs_t) genfscon oprofilefs / gen_context(system_u:object_r:oprofilefs_t,s0) +type pstore_t; +fs_type(pstore_t) +files_mountpoint(pstore_t) +dev_associate_sysfs(pstore_t) +genfscon pstore / gen_context(system_u:object_r:pstore_t,s0) + type ramfs_t; fs_type(ramfs_t) files_mountpoint(ramfs_t)