From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=) Date: Thu, 8 Jun 2017 19:13:58 +0200 Subject: [refpolicy] [PATCH] selinux: fix context of secure_mode_policyload boolean Message-ID: <20170608171358.26280-1-cgzones@googlemail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: cgzones genfscon in interfaces seems not to work --- policy/modules/kernel/selinux.fc | 4 ++++ policy/modules/kernel/selinux.if | 2 ++ policy/modules/kernel/selinux.te | 4 ++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/selinux.fc b/policy/modules/kernel/selinux.fc index 7be4ddf74..6d902f77b 100644 --- a/policy/modules/kernel/selinux.fc +++ b/policy/modules/kernel/selinux.fc @@ -1 +1,5 @@ # This module currently does not have any file contexts. + +/sys/fs/selinux(/.*)? gen_context(system_u:object_r:security_t,s0) +/sys/fs/selinux/null -c gen_context(system_u:object_r:null_device_t,s0) +/sys/fs/selinux/booleans/secure_mode_policyload -- gen_context(system_u:object_r:secure_mode_policyload_t,s0) diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if index 7380d805c..ddfd5a14f 100644 --- a/policy/modules/kernel/selinux.if +++ b/policy/modules/kernel/selinux.if @@ -32,6 +32,8 @@ ## # interface(`selinux_labeled_boolean',` + refpolicywarn(`$0($*) has been deprecated.') + gen_require(` attribute boolean_type; ') diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te index c61fc1c12..bf0274411 100644 --- a/policy/modules/kernel/selinux.te +++ b/policy/modules/kernel/selinux.te @@ -20,8 +20,8 @@ attribute can_setenforce; attribute can_setsecparam; attribute selinux_unconfined_type; -type secure_mode_policyload_t; -selinux_labeled_boolean(secure_mode_policyload_t, secure_mode_policyload) +type secure_mode_policyload_t, boolean_type; +genfscon selinuxfs /booleans/secure_mode_policyload gen_context(system_u:object_r:secure_mode_policyload_t,s0) # # security_t is the target type when checking -- 2.11.0