commit: e5a9a4b6a5a10d11bd8934e6b79da7ff6d88597b Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Apr 4 20:52:54 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Apr 11 17:47:59 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e5a9a4b6
Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t Use the new fs_getattr_all_xattr_fs() interface to allow setfiles_t and restorecond_t domain to also get the attributes on pseudo-filesystems that support xattr https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740682 --- policy/modules/system/selinuxutil.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 305ef69..cf0c693 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -332,7 +332,7 @@ kernel_read_system_state(restorecond_t) fs_relabelfrom_noxattr_fs(restorecond_t) fs_dontaudit_list_nfs(restorecond_t) -fs_getattr_xattr_fs(restorecond_t) +fs_getattr_all_xattr_fs(restorecond_t) fs_list_inotifyfs(restorecond_t) selinux_validate_context(restorecond_t) @@ -564,7 +564,7 @@ files_relabel_all_files(setfiles_t) files_read_usr_symlinks(setfiles_t) files_dontaudit_read_all_symlinks(setfiles_t) -fs_getattr_xattr_fs(setfiles_t) +fs_getattr_all_xattr_fs(setfiles_t) fs_list_all(setfiles_t) fs_search_auto_mountpoints(setfiles_t) fs_relabelfrom_noxattr_fs(setfiles_t)
