From: mgrepl@redhat.com (Miroslav Grepl)
Date: Tue, 05 May 2015 14:41:11 +0200
Subject: [refpolicy] [PATCH] Add fc for /sys/fs/debug as debugfs_t
In-Reply-To: <1430828885-19446-1-git-send-email-bigon@debian.org>
References: <1430828885-19446-1-git-send-email-bigon@debian.org>
Message-ID: <5548BA67.8010409@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/05/2015 02:28 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> ---
>  policy/modules/kernel/kernel.fc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
> index 7be4ddf..2f8b6f1 100644
> --- a/policy/modules/kernel/kernel.fc
> +++ b/policy/modules/kernel/kernel.fc
> @@ -1 +1 @@
> -# This module currently does not have any file contexts.
> +/sys/fs/debugfs(/.*)?		gen_context(system_u:object_r:debugfs_t,s0)
> 
In Fedora, we have

+/sys/kernel/debug -d   gen_context(system_u:object_r:debugfs_t,s0)
+/sys/kernel/debug/.*   <<none>>


-- 
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.