diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 08d37f3..cb361c2 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -2,7 +2,7 @@ arbitrary category sets. - Change reiserfs from xattr filesystem to genfscon as it's xattrs are currently nonfunctional. -- Change files module to use its own interfaces to simplify the module. +- Change files and filesystem modules to use their own interfaces. - Add user fonts to xserver. - Additional interfaces in corecommands, miscfiles, and userdomain from Joy Latten. diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if index e460ebe..9141c54 100644 --- a/refpolicy/policy/modules/kernel/filesystem.if +++ b/refpolicy/policy/modules/kernel/filesystem.if @@ -19,8 +19,6 @@ interface(`fs_type',` ') typeattribute $1 filesystem_type; - - allow $1 self:filesystem associate; ') ######################################## diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te index 57becf4..f8251f1 100644 --- a/refpolicy/policy/modules/kernel/filesystem.te +++ b/refpolicy/policy/modules/kernel/filesystem.te @@ -1,5 +1,5 @@ -policy_module(filesystem,1.3.3) +policy_module(filesystem,1.3.4) ######################################## # @@ -112,8 +112,8 @@ allow tmpfs_t noxattrfs:filesystem associate; # # Filesystems without extended attribute support # -type autofs_t, noxattrfs; -fs_type(autofs_t) +type autofs_t; +fs_noxattr_type(autofs_t) files_mountpoint(autofs_t) genfscon autofs / gen_context(system_u:object_r:autofs_t,s0) genfscon automount / gen_context(system_u:object_r:autofs_t,s0) @@ -122,8 +122,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0) # cifs_t is the type for filesystems and their # files shared from Windows servers # -type cifs_t alias sambafs_t, noxattrfs; -fs_type(cifs_t) +type cifs_t alias sambafs_t; +fs_noxattr_type(cifs_t) genfscon cifs / gen_context(system_u:object_r:cifs_t,s0) genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0) @@ -131,8 +131,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0) # dosfs_t is the type for fat and vfat # filesystems and their files. # -type dosfs_t, noxattrfs; -fs_type(dosfs_t) +type dosfs_t; +fs_noxattr_type(dosfs_t) allow dosfs_t fs_t:filesystem associate; genfscon fat / gen_context(system_u:object_r:dosfs_t,s0) genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0) @@ -143,25 +143,25 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0) # iso9660_t is the type for CD filesystems # and their files. # -type iso9660_t, filesystem_type, noxattrfs; -fs_type(iso9660_t) +type iso9660_t; +fs_noxattr_type(iso9660_t) genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0) genfscon udf / gen_context(system_u:object_r:iso9660_t,s0) # # removable_t is the default type of all removable media # -type removable_t, noxattrfs; +type removable_t; allow removable_t noxattrfs:filesystem associate; -fs_type(removable_t) +fs_noxattr_type(removable_t) files_config_file(removable_t) # # nfs_t is the default type for NFS file systems # and their files. # -type nfs_t, filesystem_type, noxattrfs; -fs_type(nfs_t) +type nfs_t; +fs_noxattr_type(nfs_t) files_mountpoint(nfs_t) genfscon nfs / gen_context(system_u:object_r:nfs_t,s0) genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0) @@ -169,3 +169,10 @@ genfscon afs / gen_context(system_u:object_r:nfs_t,s0) genfscon hfs / gen_context(system_u:object_r:nfs_t,s0) genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0) genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0) + +######################################## +# +# Rules for all filesystem types +# + +allow filesystem_type self:filesystem associate;