| 1 |
commit: a642219232df040aabe6b91a5afa15df4506d0c9 |
| 2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 3 |
AuthorDate: Sat Dec 29 14:53:11 2012 +0000 |
| 4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 5 |
CommitDate: Sat Dec 29 14:53:11 2012 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a6422192 |
| 7 |
|
| 8 |
Add file transition for /dev/.lvm created by lvm_t |
| 9 |
|
| 10 |
Gentoo's scripts default the locking directory (early in the boot process) to |
| 11 |
/dev/.lvm. Although this is properly marked as lvm_lock_t, the first run(s) of |
| 12 |
the LVM utilities (like pvscan) wants to create this directory but fails. |
| 13 |
|
| 14 |
--- |
| 15 |
policy/modules/system/lvm.te | 2 ++ |
| 16 |
1 files changed, 2 insertions(+), 0 deletions(-) |
| 17 |
|
| 18 |
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te |
| 19 |
index d0ad89d..663cc8d 100644 |
| 20 |
--- a/policy/modules/system/lvm.te |
| 21 |
+++ b/policy/modules/system/lvm.te |
| 22 |
@@ -365,6 +365,8 @@ ifdef(`distro_gentoo',` |
| 23 |
|
| 24 |
kernel_request_load_module(lvm_t) |
| 25 |
|
| 26 |
+ dev_filetrans(lvm_t, lvm_lock_t, dir, ".lvm") |
| 27 |
+ |
| 28 |
optional_policy(` |
| 29 |
udev_read_pid_files(lvm_t) |
| 30 |
') |
Archives