From: cgzones@googlemail.com (=?UTF-8?q?Christian=20G=C3=B6ttsche?=)
Date: Mon, 1 Jan 2018 12:32:34 +0100
Subject: [refpolicy] [PATCH] filesystem: add fs_rw_inherited_hugetlbfs_files
for apache module
Message-ID: <20180101113234.18607-1-cgzones@googlemail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
---
policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index a5e969ddd..41f196199 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -2304,6 +2304,24 @@ interface(`fs_manage_hugetlbfs_dirs',`
manage_dirs_pattern($1, hugetlbfs_t, hugetlbfs_t)
')
+########################################
+##
+## Read and write inherited hugetlbfs files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`fs_rw_inherited_hugetlbfs_files',`
+ gen_require(`
+ type hugetlbfs_t;
+ ')
+
+ allow $1 hugetlbfs_t:file rw_inherited_file_perms;
+')
+
########################################
##
## Read and write hugetlbfs files.
--
2.15.1