Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Sun, 09 Feb 2014 10:55:07
Message-Id: 1391943159.66ca50b63cc764ead95713fd5f7cf481320b340f.swift@gentoo
1 commit: 66ca50b63cc764ead95713fd5f7cf481320b340f
2 Author: Luis Ressel <aranea <AT> aixah <DOT> de>
3 AuthorDate: Sat Feb 1 13:50:22 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 9 10:52:39 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=66ca50b6
7
8 system/mount.if: Add mount_read_mount_loopback interface
9
10 ---
11 policy/modules/system/mount.if | 18 ++++++++++++++++++
12 policy/modules/system/mount.te | 2 +-
13 2 files changed, 19 insertions(+), 1 deletion(-)
14
15 diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
16 index 4584457..802fd3d 100644
17 --- a/policy/modules/system/mount.if
18 +++ b/policy/modules/system/mount.if
19 @@ -173,3 +173,21 @@ interface(`mount_run_unconfined',`
20 mount_domtrans_unconfined($1)
21 role $2 types unconfined_mount_t;
22 ')
23 +
24 +########################################
25 +## <summary>
26 +## Read mount_loopback files.
27 +## </summary>
28 +## <param name="domain">
29 +## <summary>
30 +## Domain allowed access.
31 +## </summary>
32 +## </param>
33 +#
34 +interface(`mount_read_mount_loopback',`
35 + gen_require(`
36 + type mount_t;
37 + ')
38 +
39 + allow $1 mount_loopback_t:file read_file_perms;
40 +')
41
42 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
43 index a5f8709..3c5fa5f 100644
44 --- a/policy/modules/system/mount.te
45 +++ b/policy/modules/system/mount.te
46 @@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
47 # setuid/setgid needed to mount cifs
48 allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
49
50 -allow mount_t mount_loopback_t:file read_file_perms;
51 +mount_read_mount_loopback(mount_t)
52
53 allow mount_t mount_tmp_t:file manage_file_perms;
54 allow mount_t mount_tmp_t:dir manage_dir_perms;
Report Message
Find on MARC Find on Google Groups