From: bigon@debian.org (Laurent Bigonville)
Date: Wed, 19 Mar 2014 23:17:38 +0100
Subject: [refpolicy] [PATCH 3/3] Allow setfiles_t and restorecond_t to
	getattr on pseudo-fs
In-Reply-To: <1395267458-8368-1-git-send-email-bigon@debian.org>
References: <1395267458-8368-1-git-send-email-bigon@debian.org>
Message-ID: <1395267458-8368-3-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Use the new fs_getattr_all_xattr_fs() interface to allow setfiles_t and
restorecond_t domain to get the attributes on pseudo-filesystems that
support xattr

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740682
---
 policy/modules/system/selinuxutil.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index f4d17cd..aa9772f 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -330,6 +330,7 @@ kernel_read_system_state(restorecond_t)
 
 fs_relabelfrom_noxattr_fs(restorecond_t)
 fs_dontaudit_list_nfs(restorecond_t)
+fs_getattr_all_xattr_fs(restorecond_t)
 fs_getattr_xattr_fs(restorecond_t)
 fs_list_inotifyfs(restorecond_t)
 
@@ -558,6 +559,7 @@ files_relabel_all_files(setfiles_t)
 files_read_usr_symlinks(setfiles_t)
 files_dontaudit_read_all_symlinks(setfiles_t)
 
+fs_getattr_all_xattr_fs(setfiles_t)
 fs_getattr_xattr_fs(setfiles_t)
 fs_list_all(setfiles_t)
 fs_search_auto_mountpoints(setfiles_t)
-- 
1.9.1