From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Sat, 8 Feb 2014 10:51:15 -0500
Subject: [refpolicy] [PATCH 3/4] Allow mount_t usage of /dev/loop-control
In-Reply-To: <1391262624-4486-4-git-send-email-aranea@aixah.de>
References: <1391262624-4486-1-git-send-email-aranea@aixah.de>
	<1391262624-4486-4-git-send-email-aranea@aixah.de>
Message-ID: <52F65273.6000608@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 2/1/2014 8:50 AM, Luis Ressel wrote:
> If loopback devices are not pregenerated (kernel option
> CONFIG_BLK_DEV_LOOP_MIN_COUNT=0), mount needs to write to
> /dev/loop-control do create them dynamically when needed.
> ---
>  policy/modules/system/mount.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> index 9cd37d9..90c928b 100644
> --- a/policy/modules/system/mount.te
> +++ b/policy/modules/system/mount.te
> @@ -77,6 +77,7 @@ dev_list_all_dev_nodes(mount_t)
>  dev_read_sysfs(mount_t)
>  dev_dontaudit_write_sysfs_dirs(mount_t)
>  dev_rw_lvm_control(mount_t)
> +dev_rw_loop_control(mount_t)
>  dev_dontaudit_getattr_all_chr_files(mount_t)
>  dev_dontaudit_getattr_memory_dev(mount_t)
>  dev_getattr_sound_dev(mount_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com