From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 4 Apr 2014 15:44:29 -0400 Subject: [refpolicy] [PATCH 2/3] Associate the new xattrfs attribute to some pseudo filesystems In-Reply-To: <1395267458-8368-2-git-send-email-bigon@debian.org> References: <1395267458-8368-1-git-send-email-bigon@debian.org> <1395267458-8368-2-git-send-email-bigon@debian.org> Message-ID: <533F0B9D.9030602@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 03/19/2014 06:17 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > Associate the new xattrfs attribute to the pseudo filesystems that we > know support xattr > > This patch adds the attribute to: > > - device_t > - devpts_t > - hugetlbfs > - sysfs_t > - tmpfs_t It would seem that fs_t should also be in that list. I think the set can be merged with that fixed. > --- > policy/modules/kernel/devices.te | 4 ++-- > policy/modules/kernel/filesystem.te | 4 ++-- > policy/modules/kernel/terminal.te | 2 +- > 3 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te > index 520f4ee..e42c5ee 100644 > --- a/policy/modules/kernel/devices.te > +++ b/policy/modules/kernel/devices.te > @@ -18,7 +18,7 @@ fs_associate_tmpfs(device_t) > files_type(device_t) > files_mountpoint(device_t) > files_associate_tmp(device_t) > -fs_type(device_t) > +fs_xattr_type(device_t) > fs_use_trans devtmpfs gen_context(system_u:object_r:device_t,s0); > > # > @@ -224,7 +224,7 @@ dev_node(sound_device_t) > # > type sysfs_t; > files_mountpoint(sysfs_t) > -fs_type(sysfs_t) > +fs_xattr_type(sysfs_t) > genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0) > > # > diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te > index 4207e8f..4328cd8 100644 > --- a/policy/modules/kernel/filesystem.te > +++ b/policy/modules/kernel/filesystem.te > @@ -95,7 +95,7 @@ fs_type(futexfs_t) > genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) > > type hugetlbfs_t; > -fs_type(hugetlbfs_t) > +fs_xattr_type(hugetlbfs_t) > files_mountpoint(hugetlbfs_t) > fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0); > > @@ -175,7 +175,7 @@ genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0) > # > type tmpfs_t; > dev_associate(tmpfs_t) > -fs_type(tmpfs_t) > +fs_xattr_type(tmpfs_t) > files_type(tmpfs_t) > files_mountpoint(tmpfs_t) > files_poly_parent(tmpfs_t) > diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te > index e05079a..01dbf46 100644 > --- a/policy/modules/kernel/terminal.te > +++ b/policy/modules/kernel/terminal.te > @@ -27,7 +27,7 @@ dev_node(console_device_t) > type devpts_t; > files_mountpoint(devpts_t) > fs_associate_tmpfs(devpts_t) > -fs_type(devpts_t) > +fs_xattr_type(devpts_t) > fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0); > > # > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com