From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 3 Jan 2018 16:48:51 -0500
Subject: [refpolicy] [PATCH] filesystem: add
 fs_rw_inherited_hugetlbfs_files for apache module
In-Reply-To: <20180101113234.18607-1-cgzones@googlemail.com>
References: <20180101113234.18607-1-cgzones@googlemail.com>
Message-ID: <c5ed8f47-18e9-af68-1698-03f06da6725e@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/01/2018 06:32 AM, Christian G?ttsche via refpolicy wrote:
> ---
>   policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++
>   1 file changed, 18 insertions(+)
> 
> diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
> index a5e969ddd..41f196199 100644
> --- a/policy/modules/kernel/filesystem.if
> +++ b/policy/modules/kernel/filesystem.if
> @@ -2304,6 +2304,24 @@ interface(`fs_manage_hugetlbfs_dirs',`
>   	manage_dirs_pattern($1, hugetlbfs_t, hugetlbfs_t)
>   ')
>   
> +########################################
> +## <summary>
> +##	Read and write inherited hugetlbfs files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`fs_rw_inherited_hugetlbfs_files',`
> +	gen_require(`
> +		type hugetlbfs_t;
> +	')
> +
> +	allow $1 hugetlbfs_t:file rw_inherited_file_perms;
> +')
> +
>   ########################################
>   ## <summary>
>   ##	Read and write hugetlbfs files.
> 

Merged.


-- 
Chris PeBenito