From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Sat, 8 Feb 2014 10:51:18 -0500
Subject: [refpolicy] [PATCH 4/4] Grant kernel_t necessary permissions
 for loopback mounts
In-Reply-To: <1391262624-4486-5-git-send-email-aranea@aixah.de>
References: <1391262624-4486-1-git-send-email-aranea@aixah.de>
	<1391262624-4486-5-git-send-email-aranea@aixah.de>
Message-ID: <52F65276.7070406@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 2/1/2014 8:50 AM, Luis Ressel wrote:
> For loopback mounts to work, the kernel requires access permissions to
> fd's passed in by mount and to the source files (labeled mount_loopback_t).
> ---
>  policy/modules/kernel/kernel.te | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
> index 6a2e170..4f9e9cd 100644
> --- a/policy/modules/kernel/kernel.te
> +++ b/policy/modules/kernel/kernel.te
> @@ -287,6 +287,9 @@ files_list_etc(kernel_t)
>  files_list_home(kernel_t)
>  files_read_usr_files(kernel_t)
>  
> +mount_use_fds(kernel_t)
> +mount_read_mount_loopback(kernel_t)
> +
>  mcs_process_set_categories(kernel_t)
>  
>  mls_process_read_up(kernel_t)
 
Merged. I made these optional since they are from a higher layer.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com