[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

Jason Zaman Thu, 11 Nov 2021 13:27:47 -0800

commit:     c428d96914b347500d42a2e959950845d52512e6
Author:     Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Mon Nov  1 17:01:20 2021 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 21:26:50 2021 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c428d969


fs: add pseudofs attribute and interfaces

Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/kernel/filesystem.if | 21 +++++++++++++++++++++
 policy/modules/kernel/filesystem.te |  3 ++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/filesystem.if 
b/policy/modules/kernel/filesystem.if
index 22759baa..1c7beefd 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -43,6 +43,27 @@ interface(`fs_noxattr_type',`
        typeattribute $1 noxattrfs;
 ')
 
+########################################
+## <summary>
+##     Transform specified type into a filesystem
+##     type which is a pseudo filesystem.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`fs_pseudo_type',`
+       gen_require(`
+               attribute pseudofs;
+       ')
+
+       fs_type($1)
+
+       typeattribute $1 pseudofs;
+')
+
 ########################################
 ## <summary>
 ##     Transform specified type into a filesystem

diff --git a/policy/modules/kernel/filesystem.te 
b/policy/modules/kernel/filesystem.te
index 81a32650..ddd10c2a 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -9,6 +9,7 @@ attribute filesystem_image_file_type;
 attribute filesystem_type;
 attribute filesystem_unconfined_type;
 attribute noxattrfs;
+attribute pseudofs;
 attribute xattrfs;
 
 ##############################
@@ -104,7 +105,7 @@ files_mountpoint(ecryptfs_t)
 genfscon ecryptfs / gen_context(system_u:object_r:ecryptfs_t,s0)
 
 type efivarfs_t;
-fs_noxattr_type(efivarfs_t)
+fs_pseudo_type(efivarfs_t)
 files_mountpoint(efivarfs_t)
 genfscon efivarfs / gen_context(system_u:object_r:efivarfs_t,s0)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

Reply via email to