commit: c3d38164d58c31023e6277a742708e11ee537ec7 Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> AuthorDate: Wed Oct 27 19:18:27 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Nov 11 21:26:50 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c3d38164
filesystem: add fs_use_trans for ramfs Enable extended attributes for inodes on ramfs filesystems, similar to tmpfs filesystems. For example systemd uses ramfs for service credentials[1], and xattr support is needed for per service based labeling[2]. [1]: https://www.freedesktop.org/software/systemd/man/systemd-creds.html [2]: https://github.com/systemd/systemd/pull/21158 Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/kernel/filesystem.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index b12c65b8..81a32650 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -156,9 +156,9 @@ dev_associate_sysfs(pstore_t) genfscon pstore / gen_context(system_u:object_r:pstore_t,s0) type ramfs_t; -fs_type(ramfs_t) +fs_xattr_type(ramfs_t) files_mountpoint(ramfs_t) -genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0) +fs_use_trans ramfs gen_context(system_u:object_r:ramfs_t,s0); type romfs_t; fs_type(romfs_t)
