From 568efbe8957e04364c345dfef353d320b30b863a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Aug 05 2009 14:07:35 +0000 Subject: fix ordering of interface calls in lvm. --- diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 5e6ef6d..f21d3c7 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -215,12 +215,8 @@ kernel_read_kernel_sysctls(lvm_t) kernel_dontaudit_getattr_core_if(lvm_t) kernel_use_fds(lvm_t) -selinux_get_fs_mount(lvm_t) -selinux_validate_context(lvm_t) -selinux_compute_access_vector(lvm_t) -selinux_compute_create_context(lvm_t) -selinux_compute_relabel_context(lvm_t) -selinux_compute_user_contexts(lvm_t) +corecmd_exec_bin(lvm_t) +corecmd_exec_shell(lvm_t) dev_create_generic_chr_files(lvm_t) dev_delete_generic_dirs(lvm_t) @@ -244,6 +240,15 @@ dev_dontaudit_getattr_generic_blk_files(lvm_t) dev_dontaudit_getattr_generic_pipes(lvm_t) dev_create_generic_dirs(lvm_t) +domain_use_interactive_fds(lvm_t) +domain_read_all_domains_state(lvm_t) + +files_read_usr_files(lvm_t) +files_read_etc_files(lvm_t) +files_read_etc_runtime_files(lvm_t) +# for when /usr is not mounted: +files_dontaudit_search_isid_type_dirs(lvm_t) + fs_getattr_xattr_fs(lvm_t) fs_search_auto_mountpoints(lvm_t) fs_list_tmpfs(lvm_t) @@ -251,6 +256,13 @@ fs_read_tmpfs_symlinks(lvm_t) fs_dontaudit_read_removable_files(lvm_t) fs_dontaudit_getattr_tmpfs_files(lvm_t) +selinux_get_fs_mount(lvm_t) +selinux_validate_context(lvm_t) +selinux_compute_access_vector(lvm_t) +selinux_compute_create_context(lvm_t) +selinux_compute_relabel_context(lvm_t) +selinux_compute_user_contexts(lvm_t) + storage_relabel_fixed_disk(lvm_t) storage_dontaudit_read_removable_device(lvm_t) # LVM creates block devices in /dev/mapper or /dev/ @@ -262,18 +274,6 @@ storage_dev_filetrans_fixed_disk(lvm_t) # Access raw devices and old /dev/lvm (c 109,0). Is this needed? storage_manage_fixed_disk(lvm_t) -corecmd_exec_bin(lvm_t) -corecmd_exec_shell(lvm_t) - -domain_use_interactive_fds(lvm_t) -domain_read_all_domains_state(lvm_t) - -files_read_usr_files(lvm_t) -files_read_etc_files(lvm_t) -files_read_etc_runtime_files(lvm_t) -# for when /usr is not mounted: -files_dontaudit_search_isid_type_dirs(lvm_t) - init_use_fds(lvm_t) init_dontaudit_getattr_initctl(lvm_t) init_use_script_ptys(lvm_t)