From: aranea@aixah.de (Luis Ressel)
Date: Sat,  1 Feb 2014 14:50:24 +0100
Subject: [refpolicy] [PATCH 4/4] Grant kernel_t necessary permissions for
	loopback mounts
In-Reply-To: <1391262624-4486-1-git-send-email-aranea@aixah.de>
References: <1391262624-4486-1-git-send-email-aranea@aixah.de>
Message-ID: <1391262624-4486-5-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

For loopback mounts to work, the kernel requires access permissions to
fd's passed in by mount and to the source files (labeled mount_loopback_t).
---
 policy/modules/kernel/kernel.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 6a2e170..4f9e9cd 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -287,6 +287,9 @@ files_list_etc(kernel_t)
 files_list_home(kernel_t)
 files_read_usr_files(kernel_t)
 
+mount_use_fds(kernel_t)
+mount_read_mount_loopback(kernel_t)
+
 mcs_process_set_categories(kernel_t)
 
 mls_process_read_up(kernel_t)
-- 
1.8.5.3