From: bigon@debian.org (Laurent Bigonville)
Date: Wed, 16 Apr 2014 20:02:23 +0200
Subject: [refpolicy] [PATCH v2] Allow hugetlbfs_t to be associated to /dev
In-Reply-To: <1397669632-5826-1-git-send-email-bigon@debian.org>
References: <1397669632-5826-1-git-send-email-bigon@debian.org>
Message-ID: <1397671343-20457-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Even if there is not FHS provision for this, systemd is using
/dev/hugepages to mount the hugetlbfs fs by default.

The needed file contexts are already present
---
 policy/modules/kernel/filesystem.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index e7e34bf..7a44522 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -97,6 +97,7 @@ genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
 type hugetlbfs_t;
 fs_xattr_type(hugetlbfs_t)
 files_mountpoint(hugetlbfs_t)
+dev_associate(hugetlbfs_t)
 fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
 
 type ibmasmfs_t;
-- 
1.9.2