rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/kernel/storage.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   d40c0ecf7acd6745f32017a378b8cba953e78605
  2.   refpolicy
  3.   policy
  4.   modules
  5.   kernel
  6.   storage.te
Blob History Raw
Chris PeBenito e181fe
Chris PeBenito b518fc 
policy_module(storage,1.0.1)
Chris PeBenito 960373
Chris PeBenito fd89e1 
########################################
Chris PeBenito fd89e1 
#
Chris PeBenito fd89e1 
# Declarations
Chris PeBenito fd89e1 
#
Chris PeBenito fd89e1
Chris PeBenito 8e0280 
attribute fixed_disk_raw_read;
Chris PeBenito 8e0280 
attribute fixed_disk_raw_write;
Chris PeBenito 8e0280 
attribute scsi_generic_read;
Chris PeBenito 8e0280 
attribute scsi_generic_write;
Chris PeBenito b518fc 
attribute storage_unconfined_type;
Chris PeBenito 8e0280
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# fixed_disk_device_t is the type of
Chris PeBenito b4cd15 
# /dev/hd* and /dev/sd*.
Chris PeBenito b4cd15 
#
Chris PeBenito b518fc 
type fixed_disk_device_t;
Karl MacMillan f0c985 
dev_node(fixed_disk_device_t)
Chris PeBenito b4cd15
Chris PeBenito b518fc 
neverallow ~{ fixed_disk_raw_read storage_unconfined_type } fixed_disk_device_t:{ chr_file blk_file } read;
Chris PeBenito b518fc 
neverallow ~{ fixed_disk_raw_write storage_unconfined_type } fixed_disk_device_t:{ chr_file blk_file } { append write };
Chris PeBenito b4cd15
Chris PeBenito 8e0280 
#
Chris PeBenito b4cd15 
# scsi_generic_device_t is the type of /dev/sg*
Chris PeBenito b4cd15 
# it gives access to ALL SCSI devices (both fixed and removable)
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
type scsi_generic_device_t;
Karl MacMillan f0c985 
dev_node(scsi_generic_device_t)
Chris PeBenito b4cd15
Chris PeBenito b518fc 
neverallow ~{ scsi_generic_read storage_unconfined_type } scsi_generic_device_t:{ chr_file blk_file } read;
Chris PeBenito b518fc 
neverallow ~{ scsi_generic_write storage_unconfined_type } scsi_generic_device_t:{ chr_file blk_file } { append write };
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# removable_device_t is the type of
Chris PeBenito b4cd15 
# /dev/scd* and /dev/fd*.
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
type removable_device_t;
Karl MacMillan f0c985 
dev_node(removable_device_t)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# tape_device_t is the type of
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
type tape_device_t;
Karl MacMillan f0c985 
dev_node(tape_device_t)
Chris PeBenito b518fc
Chris PeBenito b518fc 
########################################
Chris PeBenito b518fc 
#
Chris PeBenito b518fc 
# Unconfined access to this module
Chris PeBenito b518fc 
#
Chris PeBenito b518fc
Chris PeBenito b518fc 
allow storage_unconfined_type { fixed_disk_device_t removable_device_t }:blk_file *;
Chris PeBenito b518fc 
allow storage_unconfined_type { scsi_generic_device_t tape_device_t }:chr_file *;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation