[selinux-policy: 193/3172] add mls sensitivity to genfscon, initial sids and fs_use

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:21:39 UTC 2010 

commit e32c0d3b8674b6024faeb77599c65aa40e533ab0
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 20 20:43:18 2005 +0000

    add mls sensitivity to genfscon, initial sids and fs_use

 refpolicy/policy/modules/kernel/devices.te    |    2 +-
 refpolicy/policy/modules/kernel/filesystem.te |   44 ++++++++++++------------
 refpolicy/policy/modules/kernel/kernel.te     |   42 ++++++++++++------------
 refpolicy/policy/modules/system/files.te      |    2 +-
 4 files changed, 45 insertions(+), 45 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te
index 3fcac88..94cc79f 100644
--- a/refpolicy/policy/modules/kernel/devices.te
+++ b/refpolicy/policy/modules/kernel/devices.te
@@ -105,7 +105,7 @@ filesystem_tmpfs_associate(mouse_device_t)
 type mtrr_device_t, device_node;
 filesystem_associate(mtrr_device_t)
 filesystem_tmpfs_associate(mtrr_device_t)
-genfscon proc /mtrr system_u:object_r:mtrr_device_t
+genfscon proc /mtrr context_template(system_u:object_r:mtrr_device_t,s0)
 
 #
 # null_device_t is the type of /dev/null.
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index fe81f05..b23cbd9 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -16,31 +16,31 @@ type fs_t, fs_type;
 # Non-persistent/pseudo filesystems
 #
 type bdev_t, fs_type;
-genfscon bdev / system_u:object_r:bdev_t
+genfscon bdev / context_template(system_u:object_r:bdev_t,s0)
 
 type binfmt_misc_fs_t, fs_type;
-genfscon binfmt_misc / system_u:object_r:binfmt_misc_fs_t
+genfscon binfmt_misc / context_template(system_u:object_r:binfmt_misc_fs_t,s0)
 
 type eventpollfs_t, fs_type;
-genfscon eventpollfs / system_u:object_r:eventpollfs_t
+genfscon eventpollfs / context_template(system_u:object_r:eventpollfs_t,s0)
 
 type futexfs_t, fs_type;
-genfscon futexfs / system_u:object_r:futexfs_t
+genfscon futexfs / context_template(system_u:object_r:futexfs_t,s0)
 
 type nfsd_fs_t, fs_type;
-genfscon nfsd / system_u:object_r:nfsd_fs_t
+genfscon nfsd / context_template(system_u:object_r:nfsd_fs_t,s0)
 
 type ramfs_t, fs_type;
 allow ramfs_t self:filesystem associate;
-genfscon ramfs / system_u:object_r:ramfs_t
+genfscon ramfs / context_template(system_u:object_r:ramfs_t,s0)
 
 type romfs_t, fs_type;
 allow romfs_t self:filesystem associate;
-genfscon romfs / system_u:object_r:romfs_t
-genfscon cramfs / system_u:object_r:romfs_t
+genfscon romfs / context_template(system_u:object_r:romfs_t,s0)
+genfscon cramfs / context_template(system_u:object_r:romfs_t,s0)
 
 type rpc_pipefs_t, fs_type;
-genfscon rpc_pipefs / system_u:object_r:rpc_pipefs_t
+genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0)
 
 #
 # tmpfs_t is the type for tmpfs filesystems
@@ -61,8 +61,8 @@ allow tmpfs_t usbfs_t:filesystem associate;
 #
 type autofs_t, fs_type;
 allow autofs_t self:filesystem associate;
-genfscon autofs / system_u:object_r:autofs_t
-genfscon automount / system_u:object_r:autofs_t
+genfscon autofs / context_template(system_u:object_r:autofs_t,s0)
+genfscon automount / context_template(system_u:object_r:autofs_t,s0)
 
 #
 # cifs_t is the type for filesystems and their
@@ -70,8 +70,8 @@ genfscon automount / system_u:object_r:autofs_t
 #
 type cifs_t alias sambafs_t, fs_type;
 allow cifs_t self:filesystem associate;
-genfscon cifs / system_u:object_r:cifs_t
-genfscon smbfs / system_u:object_r:cifs_t
+genfscon cifs / context_template(system_u:object_r:cifs_t,s0)
+genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
 
 #
 # dosfs_t is the type for fat and vfat
@@ -79,10 +79,10 @@ genfscon smbfs / system_u:object_r:cifs_t
 #
 type dosfs_t, fs_type;
 allow dosfs_t self:filesystem associate;
-genfscon vfat / system_u:object_r:dosfs_t
-genfscon msdos / system_u:object_r:dosfs_t
-genfscon fat / system_u:object_r:dosfs_t
-genfscon ntfs / system_u:object_r:dosfs_t
+genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
+genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)
+genfscon fat / context_template(system_u:object_r:dosfs_t,s0)
+genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)
 
 #
 # iso9660_t is the type for CD filesystems
@@ -90,8 +90,8 @@ genfscon ntfs / system_u:object_r:dosfs_t
 #
 type iso9660_t, fs_type;
 allow iso9660_t self:filesystem associate;
-genfscon iso9660 / system_u:object_r:iso9660_t
-genfscon udf / system_u:object_r:iso9660_t
+genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)
+genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
 
 #
 # removable_t is the default type of all removable media
@@ -112,6 +112,6 @@ allow removable_t usbfs_t:filesystem associate;
 type nfs_t, fs_type;
 files_make_mountpoint(nfs_t)
 allow nfs_t self:filesystem associate;
-genfscon nfs / system_u:object_r:nfs_t
-genfscon nfs4 / system_u:object_r:nfs_t
-genfscon afs / system_u:object_r:nfs_t
+genfscon nfs / context_template(system_u:object_r:nfs_t,s0)
+genfscon nfs4 / context_template(system_u:object_r:nfs_t,s0)
+genfscon afs / context_template(system_u:object_r:nfs_t,s0)
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 8a2637c..4e108d2 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -36,7 +36,7 @@ type unlabeled_t;
 #
 type security_t;
 filesystem_make_filesystem(security_t)
-genfscon selinuxfs / system_u:object_r:security_t
+genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
 
 #
 # sysfs_t is the type for /sys
@@ -44,7 +44,7 @@ genfscon selinuxfs / system_u:object_r:security_t
 type sysfs_t;
 files_make_mountpoint(sysfs_t)
 filesystem_make_filesystem(sysfs_t)
-genfscon sysfs / system_u:object_r:sysfs_t
+genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
 
 #
 # usbfs_t is the type for /proc/bus/usb
@@ -52,8 +52,8 @@ genfscon sysfs / system_u:object_r:sysfs_t
 type usbfs_t alias usbdevfs_t;
 files_make_mountpoint(usbfs_t)
 filesystem_make_filesystem(usbfs_t)
-genfscon usbfs / system_u:object_r:usbfs_t
-genfscon usbdevfs / system_u:object_r:usbfs_t
+genfscon usbfs / context_template(system_u:object_r:usbfs_t,s0)
+genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0)
 
 #
 # Procfs types
@@ -62,24 +62,24 @@ genfscon usbdevfs / system_u:object_r:usbfs_t
 type proc_t;
 files_make_mountpoint(proc_t)
 filesystem_make_filesystem(proc_t)
-genfscon proc / system_u:object_r:proc_t
-genfscon proc /sysvipc system_u:object_r:proc_t
+genfscon proc / context_template(system_u:object_r:proc_t,s0)
+genfscon proc /sysvipc context_template(system_u:object_r:proc_t,s0)
 
 # kernel message interface
 type proc_kmsg_t;
-genfscon proc /kmsg system_u:object_r:proc_kmsg_t
+genfscon proc /kmsg context_template(system_u:object_r:proc_kmsg_t,s0)
 neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr;
 
 # /proc kcore: inaccessible
 type proc_kcore_t;
 neverallow * proc_kcore_t:file ~getattr;
-genfscon proc /kcore system_u:object_r:proc_kcore_t
+genfscon proc /kcore context_template(system_u:object_r:proc_kcore_t,s0)
 
 type proc_mdstat_t;
-genfscon proc /mdstat system_u:object_r:proc_mdstat_t
+genfscon proc /mdstat context_template(system_u:object_r:proc_mdstat_t,s0)
 
 type proc_net_t;
-genfscon proc /net system_u:object_r:proc_net_t
+genfscon proc /net context_template(system_u:object_r:proc_net_t,s0)
 
 #
 # Sysctl types
@@ -87,48 +87,48 @@ genfscon proc /net system_u:object_r:proc_net_t
 
 # /proc/irq directory and files
 type sysctl_irq_t;
-genfscon proc /irq system_u:object_r:sysctl_irq_t
+genfscon proc /irq context_template(system_u:object_r:sysctl_irq_t,s0)
 
 # /proc/net/rpc directory and files
 type sysctl_rpc_t;
-genfscon proc /net/rpc system_u:object_r:sysctl_rpc_t
+genfscon proc /net/rpc context_template(system_u:object_r:sysctl_rpc_t,s0)
 
 # /proc/sys directory, base directory of sysctls
 type sysctl_t;
-genfscon proc /sys system_u:object_r:sysctl_t
+genfscon proc /sys context_template(system_u:object_r:sysctl_t,s0)
 
 # /proc/sys/fs directory and files
 type sysctl_fs_t;
 files_make_mountpoint(sysctl_fs_t)
-genfscon proc /sys/fs system_u:object_r:sysctl_fs_t
+genfscon proc /sys/fs context_template(system_u:object_r:sysctl_fs_t,s0)
 
 # /proc/sys/kernel directory and files
 type sysctl_kernel_t;
-genfscon proc /sys/kernel system_u:object_r:sysctl_kernel_t
+genfscon proc /sys/kernel context_template(system_u:object_r:sysctl_kernel_t,s0)
 
 # /proc/sys/kernel/modprobe file
 type sysctl_modprobe_t;
-genfscon proc /sys/kernel/modprobe system_u:object_r:sysctl_modprobe_t
+genfscon proc /sys/kernel/modprobe context_template(system_u:object_r:sysctl_modprobe_t,s0)
 
 # /proc/sys/kernel/hotplug file
 type sysctl_hotplug_t;
-genfscon proc /sys/kernel/hotplug system_u:object_r:sysctl_hotplug_t
+genfscon proc /sys/kernel/hotplug context_template(system_u:object_r:sysctl_hotplug_t,s0)
 
 # /proc/sys/net directory and files
 type sysctl_net_t;
-genfscon proc /sys/net system_u:object_r:sysctl_net_t
+genfscon proc /sys/net context_template(system_u:object_r:sysctl_net_t,s0)
 
 # /proc/sys/net/unix directory and files
 type sysctl_net_unix_t;
-genfscon proc /sys/net/unix system_u:object_r:sysctl_net_unix_t
+genfscon proc /sys/net/unix context_template(system_u:object_r:sysctl_net_unix_t,s0)
 
 # /proc/sys/vm directory and files
 type sysctl_vm_t;
-genfscon proc /sys/vm system_u:object_r:sysctl_vm_t
+genfscon proc /sys/vm context_template(system_u:object_r:sysctl_vm_t,s0)
 
 # /proc/sys/dev directory and files
 type sysctl_dev_t;
-genfscon proc /sys/dev system_u:object_r:sysctl_dev_t
+genfscon proc /sys/dev context_template(system_u:object_r:sysctl_dev_t,s0)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te
index c3aa666..c26db14 100644
--- a/refpolicy/policy/modules/system/files.te
+++ b/refpolicy/policy/modules/system/files.te
@@ -83,7 +83,7 @@ filesystem_associate(root_t)
 filesystem_noxattr_associate(root_t)
 kernel_read_directory_from(root_t)
 kernel_make_root_filesystem_mountpoint(root_t)
-genfscon rootfs / system_u:object_r:root_t
+genfscon rootfs / context_template(system_u:object_r:root_t,s0)
 
 #
 # src_t is the type of files in the system src directories.

More information about the scm-commits mailing list