[selinux-policy: 1312/3172] make fs use its own interfaces.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:58:45 UTC 2010 

commit da14da8cb9cdfb2418441415ea64289c133f6bad
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Mar 29 19:55:30 2006 +0000

    make fs use its own interfaces.

 refpolicy/Changelog                           |    2 +-
 refpolicy/policy/modules/kernel/filesystem.if |    2 -
 refpolicy/policy/modules/kernel/filesystem.te |   33 +++++++++++++++----------
 3 files changed, 21 insertions(+), 16 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 08d37f3..cb361c2 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -2,7 +2,7 @@
   arbitrary category sets.
 - Change reiserfs from xattr filesystem to genfscon as it's xattrs
   are currently nonfunctional.
-- Change files module to use its own interfaces to simplify the module.
+- Change files and filesystem modules to use their own interfaces.
 - Add user fonts to xserver.
 - Additional interfaces in corecommands, miscfiles, and userdomain
   from Joy Latten.
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index e460ebe..9141c54 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -19,8 +19,6 @@ interface(`fs_type',`
 	')
 
 	typeattribute $1 filesystem_type;
-
-	allow $1 self:filesystem associate;
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index 57becf4..f8251f1 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -1,5 +1,5 @@
 
-policy_module(filesystem,1.3.3)
+policy_module(filesystem,1.3.4)
 
 ########################################
 #
@@ -112,8 +112,8 @@ allow tmpfs_t noxattrfs:filesystem associate;
 #
 # Filesystems without extended attribute support
 #
-type autofs_t, noxattrfs;
-fs_type(autofs_t)
+type autofs_t;
+fs_noxattr_type(autofs_t)
 files_mountpoint(autofs_t)
 genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
 genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
@@ -122,8 +122,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
 # cifs_t is the type for filesystems and their
 # files shared from Windows servers
 #
-type cifs_t alias sambafs_t, noxattrfs;
-fs_type(cifs_t)
+type cifs_t alias sambafs_t;
+fs_noxattr_type(cifs_t)
 genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
 genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
 
@@ -131,8 +131,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
 # dosfs_t is the type for fat and vfat
 # filesystems and their files.
 #
-type dosfs_t, noxattrfs;
-fs_type(dosfs_t)
+type dosfs_t;
+fs_noxattr_type(dosfs_t)
 allow dosfs_t fs_t:filesystem associate;
 genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
 genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
@@ -143,25 +143,25 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
 # iso9660_t is the type for CD filesystems
 # and their files.
 #
-type iso9660_t, filesystem_type, noxattrfs;
-fs_type(iso9660_t)
+type iso9660_t;
+fs_noxattr_type(iso9660_t)
 genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
 genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
 
 #
 # removable_t is the default type of all removable media
 #
-type removable_t, noxattrfs;
+type removable_t;
 allow removable_t noxattrfs:filesystem associate;
-fs_type(removable_t)
+fs_noxattr_type(removable_t)
 files_config_file(removable_t)
 
 #
 # nfs_t is the default type for NFS file systems
 # and their files.
 #
-type nfs_t, filesystem_type, noxattrfs;
-fs_type(nfs_t)
+type nfs_t;
+fs_noxattr_type(nfs_t)
 files_mountpoint(nfs_t)
 genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
@@ -169,3 +169,10 @@ genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
 genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
 genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
+
+########################################
+#
+# Rules for all filesystem types
+#
+
+allow filesystem_type self:filesystem associate;

More information about the scm-commits mailing list