commit: b715e919f47327b139754f16e514d03ae3a46bb1
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Feb 15 18:34:07 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 15 18:34:07 2015 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b715e919
Fix bug #535986 - Mark configfs_t as file type/mount point
---
policy/modules/kernel/filesystem.te | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/policy/modules/kernel/filesystem.te
b/policy/modules/kernel/filesystem.te
index f78adef..32ecb93 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -306,3 +306,8 @@ allow filesystem_unconfined_type filesystem_type:filesystem
*;
# pseudo filesystem types that are applied to both the filesystem
# and its files.
allow filesystem_unconfined_type filesystem_type:{ dir file lnk_file sock_file
fifo_file chr_file blk_file } *;
+
+ifdef(`distro_gentoo',`
+ # Fix bug 535986 - Mark configfs_t as file type (and mountpoint
probably as well)
+ files_mountpoint(configfs_t)
+')
