1 |
commit: 888b3e739f286506fbdb064b3ae7cd84c4ffb8a4 |
2 |
Author: Chris PeBenito <pebenito <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Feb 8 15:49:47 2014 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 9 10:52:45 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=888b3e73 |
7 |
|
8 |
Rename mount_read_mount_loopback() to mount_read_loopback_file(). |
9 |
|
10 |
Also make kernel block optional since the calls are to a higher layer. |
11 |
|
12 |
--- |
13 |
policy/modules/kernel/kernel.te | 8 +++++--- |
14 |
policy/modules/system/mount.if | 2 +- |
15 |
policy/modules/system/mount.te | 2 +- |
16 |
3 files changed, 7 insertions(+), 5 deletions(-) |
17 |
|
18 |
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te |
19 |
index c47eb45..5fa2926 100644 |
20 |
--- a/policy/modules/kernel/kernel.te |
21 |
+++ b/policy/modules/kernel/kernel.te |
22 |
@@ -287,9 +287,6 @@ files_list_etc(kernel_t) |
23 |
files_list_home(kernel_t) |
24 |
files_read_usr_files(kernel_t) |
25 |
|
26 |
-mount_use_fds(kernel_t) |
27 |
-mount_read_mount_loopback(kernel_t) |
28 |
- |
29 |
mcs_process_set_categories(kernel_t) |
30 |
|
31 |
mls_process_read_up(kernel_t) |
32 |
@@ -320,6 +317,11 @@ optional_policy(` |
33 |
') |
34 |
|
35 |
optional_policy(` |
36 |
+ mount_use_fds(kernel_t) |
37 |
+ mount_read_loopback_file(kernel_t) |
38 |
+') |
39 |
+ |
40 |
+optional_policy(` |
41 |
nis_use_ypbind(kernel_t) |
42 |
') |
43 |
|
44 |
|
45 |
diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if |
46 |
index 802fd3d..cf80631 100644 |
47 |
--- a/policy/modules/system/mount.if |
48 |
+++ b/policy/modules/system/mount.if |
49 |
@@ -184,7 +184,7 @@ interface(`mount_run_unconfined',` |
50 |
## </summary> |
51 |
## </param> |
52 |
# |
53 |
-interface(`mount_read_mount_loopback',` |
54 |
+interface(`mount_read_loopback_file',` |
55 |
gen_require(` |
56 |
type mount_t; |
57 |
') |
58 |
|
59 |
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te |
60 |
index 1b9030a..bf84971 100644 |
61 |
--- a/policy/modules/system/mount.te |
62 |
+++ b/policy/modules/system/mount.te |
63 |
@@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t) |
64 |
# setuid/setgid needed to mount cifs |
65 |
allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid }; |
66 |
|
67 |
-mount_read_mount_loopback(mount_t) |
68 |
+mount_read_loopback_file(mount_t) |
69 |
|
70 |
allow mount_t mount_tmp_t:file manage_file_perms; |
71 |
allow mount_t mount_tmp_t:dir manage_dir_perms; |