[selinux-policy: 1666/3172] Add support for libselinux 2.0.5 init_selinuxmnt() changes.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:29:03 UTC 2010
commit 86d754eed685c11aa7ddc9c1731ecdedb36fa739
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Feb 27 17:02:35 2007 +0000
Add support for libselinux 2.0.5 init_selinuxmnt() changes.
Changelog | 1 +
policy/modules/kernel/selinux.if | 9 +++++++++
policy/modules/kernel/selinux.te | 2 +-
3 files changed, 11 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index 256b41e..5d40a43 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
- Patch for misc fixes to bluetooth from Dan Walsh.
- Patch for misc fixes to kerberos from Dan Walsh.
- Patch to start deprecating usercanread attribute from Ryan Bradetich.
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index 8ee0795..a7d7e7e 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -16,6 +16,15 @@
## </param>
#
interface(`selinux_get_fs_mount',`
+ gen_require(`
+ type security_t;
+ ')
+
+ # starting in libselinux 2.0.5, init_selinuxmnt() will
+ # attempt to short circuit by checking if SELINUXMNT
+ # (/selinux) is already a selinuxfs
+ allow $1 security_t:filesystem getattr;
+
# read /proc/filesystems to see if selinuxfs is supported
# then read /proc/self/mount to see where selinuxfs is mounted
kernel_read_system_state($1)
diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
index af39331..5f24a25 100644
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@@ -1,5 +1,5 @@
-policy_module(selinux,1.2.0)
+policy_module(selinux,1.2.1)
########################################
#
More information about the scm-commits
mailing list