Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
Date: Mon, 05 Jun 2017 17:26:04
Message-Id: 1496682978.8c64d75ad5512d94b6fb4705b546483e2a09837c.perfinion@gentoo
1 commit: 8c64d75ad5512d94b6fb4705b546483e2a09837c
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Sun Jun 4 16:33:44 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 5 17:16:18 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8c64d75a
7
8 filesystem: introduce fs_cgroup_filetrans interface
9
10 policy/modules/kernel/filesystem.if | 36 ++++++++++++++++++++++++++++++++++++
11 1 file changed, 36 insertions(+)
12
13 diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
14 index c9c67369..f28614f2 100644
15 --- a/policy/modules/kernel/filesystem.if
16 +++ b/policy/modules/kernel/filesystem.if
17 @@ -944,6 +944,42 @@ interface(`fs_mounton_cgroup', `
18
19 ########################################
20 ## <summary>
21 +## Create an object in a cgroup tmpfs filesystem, with a private
22 +## type using a type transition.
23 +## </summary>
24 +## <param name="domain">
25 +## <summary>
26 +## Domain allowed access.
27 +## </summary>
28 +## </param>
29 +## <param name="private type">
30 +## <summary>
31 +## The type of the object to be created.
32 +## </summary>
33 +## </param>
34 +## <param name="object">
35 +## <summary>
36 +## The object class of the object being created.
37 +## </summary>
38 +## </param>
39 +## <param name="name" optional="true">
40 +## <summary>
41 +## The name of the object being created.
42 +## </summary>
43 +## </param>
44 +#
45 +interface(`fs_cgroup_filetrans',`
46 + gen_require(`
47 + type cgroup_t, tmpfs_t;
48 + ')
49 +
50 + allow $2 tmpfs_t:filesystem associate;
51 + filetrans_pattern($1, cgroup_t, $2, $3, $4)
52 + fs_search_sysfs($1)
53 +')
54 +
55 +########################################
56 +## <summary>
57 ## Do not audit attempts to read
58 ## dirs on a CIFS or SMB filesystem.
59 ## </summary>
Report Message
Find on MARC Find on Google Groups