From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 21 Apr 2014 09:09:33 -0400
Subject: [refpolicy] [PATCH v2] Allow hugetlbfs_t to be associated to
 /dev
In-Reply-To: <1397671343-20457-1-git-send-email-bigon@debian.org>
References: <1397669632-5826-1-git-send-email-bigon@debian.org>
	<1397671343-20457-1-git-send-email-bigon@debian.org>
Message-ID: <5355188D.7010101@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/16/2014 02:02 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> Even if there is not FHS provision for this, systemd is using
> /dev/hugepages to mount the hugetlbfs fs by default.
> 
> The needed file contexts are already present
> ---
>  policy/modules/kernel/filesystem.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
> index e7e34bf..7a44522 100644
> --- a/policy/modules/kernel/filesystem.te
> +++ b/policy/modules/kernel/filesystem.te
> @@ -97,6 +97,7 @@ genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
>  type hugetlbfs_t;
>  fs_xattr_type(hugetlbfs_t)
>  files_mountpoint(hugetlbfs_t)
> +dev_associate(hugetlbfs_t)
>  fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
>  
>  type ibmasmfs_t;
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com