From: aranea@aixah.de (Luis Ressel)
Date: Mon, 11 Aug 2014 15:37:08 +0200
Subject: [refpolicy] [PATCH 3/3] Add neccessary permissions for losetup
In-Reply-To: <1407763998-26586-3-git-send-email-aranea@aixah.de>
References: <1407763998-26586-1-git-send-email-aranea@aixah.de>
	<1407763998-26586-3-git-send-email-aranea@aixah.de>
Message-ID: <20140811153708.1f77e543@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 11 Aug 2014 15:33:18 +0200
Luis Ressel <aranea@aixah.de> wrote:

> diff --git a/policy/modules/system/fstools.te
> b/policy/modules/system/fstools.te index b876224..1d40813 100644
> --- a/policy/modules/system/fstools.te
> +++ b/policy/modules/system/fstools.te
> @@ -94,6 +94,8 @@ dev_rw_sysfs(fsadm_t)
>  dev_getattr_usbfs_dirs(fsadm_t)
>  # Access to /dev/mapper/control
>  dev_rw_lvm_control(fsadm_t)
> +# for losetup
> +dev_rw_loop_control(fsadm_t)
>  
>  domain_use_interactive_fds(fsadm_t)
>  
> @@ -125,6 +127,9 @@ files_search_all(fsadm_t)
>  mls_file_read_all_levels(fsadm_t)
>  mls_file_write_all_levels(fsadm_t)
>  
> +# losetup: bind mount_loopback_t files to loop devices
> +mount_rw_loopback_files(fsadm_t)
> +
>  storage_raw_read_fixed_disk(fsadm_t)
>  storage_raw_write_fixed_disk(fsadm_t)
>  storage_raw_read_removable_device(fsadm_t)

I hope these are at the correct positions now as Chris requested.


Regards,
Luis Ressel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140811/9a409739/attachment.bin