From: bigon@debian.org (Laurent Bigonville)
Date: Wed, 6 May 2015 11:59:53 +0200
Subject: [refpolicy] [PATCH] Add fc for /sys/fs/debug as debugfs_t
In-Reply-To: <5548BA67.8010409@redhat.com>
References: <1430828885-19446-1-git-send-email-bigon@debian.org>
	<5548BA67.8010409@redhat.com>
Message-ID: <20150506115953.0afe5d22@soldur.bigon.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Le Tue, 05 May 2015 14:41:11 +0200,
Miroslav Grepl <mgrepl@redhat.com> a ?crit :

> On 05/05/2015 02:28 PM, Laurent Bigonville wrote:
> > From: Laurent Bigonville <bigon@bigon.be>
> > 
> > ---
> >  policy/modules/kernel/kernel.fc | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/policy/modules/kernel/kernel.fc
> > b/policy/modules/kernel/kernel.fc index 7be4ddf..2f8b6f1 100644
> > --- a/policy/modules/kernel/kernel.fc
> > +++ b/policy/modules/kernel/kernel.fc
> > @@ -1 +1 @@
> > -# This module currently does not have any file contexts.
> > +/sys/fs/debugfs(/.*)?
> > gen_context(system_u:object_r:debugfs_t,s0)
> > 
> In Fedora, we have
> 
> +/sys/kernel/debug -d   gen_context(system_u:object_r:debugfs_t,s0)
> +/sys/kernel/debug/.*   <<none>>

And you are actually correct I think, it's /sys/kernel and
not /sys/fs ... I'll resend a patch

Laurent Bigonville