diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te
index 302796e..8a45060 100644
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@@ -148,7 +148,7 @@ fs_associate_tmpfs(sound_device_t)
#
type sysfs_t;
files_mountpoint(sysfs_t)
-fs_make_fs(sysfs_t)
+fs_type(sysfs_t)
genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
#
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index e184f51..373bc0d 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -8,12 +8,12 @@
## The type of the process performing this action.
##
#
-interface(`fs_make_fs',`
+interface(`fs_type',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
')
- typeattribute $1 fs_type;
+ typeattribute $1 filesystem_type;
')
########################################
@@ -31,7 +31,7 @@ interface(`fs_make_noxattr_fs',`
attribute noxattrfs;
')
- fs_make_fs($1)
+ fs_type($1)
typeattribute $1 noxattrfs;
')
@@ -1498,11 +1498,11 @@ interface(`fs_manage_tmpfs_block_devices',`
#
interface(`fs_mount_all_fs',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem mount;
')
- allow $1 fs_type:filesystem mount;
+ allow $1 filesystem_type:filesystem mount;
')
########################################
@@ -1516,11 +1516,11 @@ interface(`fs_mount_all_fs',`
#
interface(`fs_remount_all_fs',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem remount;
')
- allow $1 fs_type:filesystem remount;
+ allow $1 filesystem_type:filesystem remount;
')
########################################
@@ -1533,11 +1533,11 @@ interface(`fs_remount_all_fs',`
#
interface(`fs_unmount_all_fs',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem unmount;
')
- allow $1 fs_type:filesystem unmount;
+ allow $1 filesystem_type:filesystem unmount;
')
########################################
@@ -1552,11 +1552,11 @@ interface(`fs_unmount_all_fs',`
#
interface(`fs_getattr_all_fs',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem getattr;
')
- allow $1 fs_type:filesystem getattr;
+ allow $1 filesystem_type:filesystem getattr;
')
########################################
@@ -1570,11 +1570,11 @@ interface(`fs_getattr_all_fs',`
#
interface(`fs_dontaudit_getattr_all_fs',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem getattr;
')
- dontaudit $1 fs_type:filesystem getattr;
+ dontaudit $1 filesystem_type:filesystem getattr;
')
########################################
@@ -1587,11 +1587,11 @@ interface(`fs_dontaudit_getattr_all_fs',`
#
interface(`fs_get_all_fs_quotas',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem quotaget;
')
- allow $1 fs_type:filesystem quotaget;
+ allow $1 filesystem_type:filesystem quotaget;
')
########################################
@@ -1604,11 +1604,11 @@ interface(`fs_get_all_fs_quotas',`
#
interface(`fs_set_all_quotas',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class filesystem quotamod;
')
- allow $1 fs_type:filesystem quotamod;
+ allow $1 filesystem_type:filesystem quotamod;
')
########################################
@@ -1617,7 +1617,7 @@ interface(`fs_set_all_quotas',`
#
interface(`fs_getattr_all_files',`
gen_require(`
- attribute fs_type;
+ attribute filesystem_type;
class dir { search getattr };
class file getattr;
class lnk_file getattr;
@@ -1625,10 +1625,10 @@ interface(`fs_getattr_all_files',`
class sock_file getattr;
')
- allow $1 fs_type:dir { search getattr };
- allow $1 fs_type:file getattr;
- allow $1 fs_type:lnk_file getattr;
- allow $1 fs_type:fifo_file getattr;
- allow $1 fs_type:sock_file getattr;
+ allow $1 filesystem_type:dir { search getattr };
+ allow $1 filesystem_type:file getattr;
+ allow $1 filesystem_type:lnk_file getattr;
+ allow $1 filesystem_type:fifo_file getattr;
+ allow $1 filesystem_type:sock_file getattr;
')
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index 5a8b530..42edcd8 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -1,7 +1,7 @@
policy_module(filesystem,1.0)
-attribute fs_type;
+attribute filesystem_type;
attribute noxattrfs;
########################################
@@ -9,7 +9,7 @@ attribute noxattrfs;
# fs_t is the default type for persistent
# filesystems with extended attributes
#
-type fs_t, fs_type;
+type fs_t, filesystem_type;
sid fs context_template(system_u:object_r:fs_t,s0)
# Use xattrs for the following filesystem types.
@@ -31,37 +31,37 @@ fs_use_task sockfs context_template(system_u:object_r:fs_t,s0);
#
# Non-persistent/pseudo filesystems
#
-type bdev_t, fs_type;
+type bdev_t, filesystem_type;
genfscon bdev / context_template(system_u:object_r:bdev_t,s0)
-type binfmt_misc_fs_t, fs_type;
+type binfmt_misc_fs_t, filesystem_type;
genfscon binfmt_misc / context_template(system_u:object_r:binfmt_misc_fs_t,s0)
-type eventpollfs_t, fs_type;
+type eventpollfs_t, filesystem_type;
genfscon eventpollfs / context_template(system_u:object_r:eventpollfs_t,s0)
-type futexfs_t, fs_type;
+type futexfs_t, filesystem_type;
genfscon futexfs / context_template(system_u:object_r:futexfs_t,s0)
-type nfsd_fs_t, fs_type;
+type nfsd_fs_t, filesystem_type;
genfscon nfsd / context_template(system_u:object_r:nfsd_fs_t,s0)
-type ramfs_t, fs_type;
+type ramfs_t, filesystem_type;
allow ramfs_t self:filesystem associate;
genfscon ramfs / context_template(system_u:object_r:ramfs_t,s0)
-type romfs_t, fs_type;
+type romfs_t, filesystem_type;
allow romfs_t self:filesystem associate;
genfscon romfs / context_template(system_u:object_r:romfs_t,s0)
genfscon cramfs / context_template(system_u:object_r:romfs_t,s0)
-type rpc_pipefs_t, fs_type;
+type rpc_pipefs_t, filesystem_type;
genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0)
#
# tmpfs_t is the type for tmpfs filesystems
#
-type tmpfs_t, fs_type;
+type tmpfs_t, filesystem_type;
files_file_type(tmpfs_t)
# Use a transition SID based on the allocating task SID and the
@@ -79,7 +79,7 @@ allow tmpfs_t noxattrfs:filesystem associate;
#
# Filesystems without extended attribute support
#
-type autofs_t, fs_type, noxattrfs;
+type autofs_t, filesystem_type, noxattrfs;
allow autofs_t self:filesystem associate;
genfscon autofs / context_template(system_u:object_r:autofs_t,s0)
genfscon automount / context_template(system_u:object_r:autofs_t,s0)
@@ -88,7 +88,7 @@ genfscon automount / context_template(system_u:object_r:autofs_t,s0)
# cifs_t is the type for filesystems and their
# files shared from Windows servers
#
-type cifs_t alias sambafs_t, fs_type, noxattrfs;
+type cifs_t alias sambafs_t, filesystem_type, noxattrfs;
allow cifs_t self:filesystem associate;
genfscon cifs / context_template(system_u:object_r:cifs_t,s0)
genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
@@ -97,7 +97,7 @@ genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
# dosfs_t is the type for fat and vfat
# filesystems and their files.
#
-type dosfs_t, fs_type, noxattrfs;
+type dosfs_t, filesystem_type, noxattrfs;
allow dosfs_t self:filesystem associate;
genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)
@@ -108,7 +108,7 @@ genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)
# iso9660_t is the type for CD filesystems
# and their files.
#
-type iso9660_t, fs_type, noxattrfs;
+type iso9660_t, filesystem_type, noxattrfs;
allow iso9660_t self:filesystem associate;
genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)
genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
@@ -116,14 +116,14 @@ genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
#
# removable_t is the default type of all removable media
#
-type removable_t, fs_type, noxattrfs;
+type removable_t, filesystem_type, noxattrfs;
allow removable_t noxattrfs:filesystem associate;
#
# nfs_t is the default type for NFS file systems
# and their files.
#
-type nfs_t, fs_type, noxattrfs;
+type nfs_t, filesystem_type, noxattrfs;
files_mountpoint(nfs_t)
allow nfs_t self:filesystem associate;
genfscon nfs / context_template(system_u:object_r:nfs_t,s0)
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index bc938cf..80398fe 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -55,7 +55,7 @@ sid tcp_socket context_template(system_u:object_r:unlabeled_t,s0)
type proc_t;
files_mountpoint(proc_t)
-fs_make_fs(proc_t)
+fs_type(proc_t)
genfscon proc / context_template(system_u:object_r:proc_t,s0)
genfscon proc /sysvipc context_template(system_u:object_r:proc_t,s0)
diff --git a/refpolicy/policy/modules/kernel/selinux.te b/refpolicy/policy/modules/kernel/selinux.te
index 69f6e10..25c104a 100644
--- a/refpolicy/policy/modules/kernel/selinux.te
+++ b/refpolicy/policy/modules/kernel/selinux.te
@@ -12,6 +12,6 @@ policy_module(selinux,1.0)
# applied to selinuxfs inodes.
#
type security_t;
-fs_make_fs(security_t)
+fs_type(security_t)
sid security context_template(system_u:object_r:security_t,s0)
genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
diff --git a/refpolicy/policy/modules/kernel/terminal.te b/refpolicy/policy/modules/kernel/terminal.te
index 83bedfc..ce98f3d 100644
--- a/refpolicy/policy/modules/kernel/terminal.te
+++ b/refpolicy/policy/modules/kernel/terminal.te
@@ -22,7 +22,7 @@ dev_node(console_device_t)
#
type devpts_t;
files_mountpoint(devpts_t)
-fs_make_fs(devpts_t)
+fs_type(devpts_t)
fs_use_trans devpts context_template(system_u:object_r:devpts_t,s0);
#
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 30d7443..9f70fef 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -747,9 +747,9 @@ interface(`files_manage_isid_type_chr_node',`
')
########################################
-##
-## Get listing home home directories.
-##
+##
+## Get listing of home directories.
+##
##
## The type of the process performing this action.
##
@@ -764,6 +764,32 @@ interface(`files_list_home',`
')
########################################
+##
+## Create, read, write, and delete objects in
+## lost+found directories.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`files_manage_lost_found',`
+ gen_require(`
+ type lost_found_t;
+ class dir create_dir_perms;
+ class file create_file_perms;
+ class sock_file create_file_perms;
+ class fifo_file create_file_perms;
+ class lnk_file create_lnk_perms;
+ ')
+
+ allow $1 lost_found_t:dir create_dir_perms;
+ allow $1 lost_found_t:file create_file_perms;
+ allow $1 lost_found_t:sock_file create_file_perms;
+ allow $1 lost_found_t:fifo_file create_file_perms;
+ allow $1 lost_found_t:lnk_file create_lnk_perms;
+')
+
+########################################
#
# files_search_mnt(domain)
#
diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te
index 1ce9c12..17eae07 100644
--- a/refpolicy/policy/modules/system/fstools.te
+++ b/refpolicy/policy/modules/system/fstools.te
@@ -75,6 +75,7 @@ files_list_home(fsadm_t)
files_read_usr_files(fsadm_t)
files_read_generic_etc_files(fsadm_t)
files_list_mnt(fsadm_t)
+files_manage_lost_found(fsadm_t)
# Write to /etc/mtab.
files_manage_etc_runtime_files(fsadm_t)
# Access to /initrd devices
@@ -122,11 +123,6 @@ allow fsadm_t default_t:notdevfile_class_set r_file_perms;
# mkreiserfs needs this
allow fsadm_t proc_t:filesystem getattr;
-# Access lost+found.
-allow fsadm_t lost_found_t:dir create_dir_perms;
-allow fsadm_t lost_found_t:{ file sock_file fifo_file } create_file_perms;
-allow fsadm_t lost_found_t:lnk_file create_lnk_perms;
-
allow fsadm_t file_t:dir { search read getattr rmdir create };
# Recreate /mnt/cdrom.