[selinux-policy: 2213/3172] fix ordering of interface calls in lvm.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:16:30 UTC 2010 

commit 568efbe8957e04364c345dfef353d320b30b863a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 5 10:07:35 2009 -0400

    fix ordering of interface calls in lvm.

 policy/modules/system/lvm.te |   36 ++++++++++++++++++------------------
 1 files changed, 18 insertions(+), 18 deletions(-)
---
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 5e6ef6d..f21d3c7 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -215,12 +215,8 @@ kernel_read_kernel_sysctls(lvm_t)
 kernel_dontaudit_getattr_core_if(lvm_t)
 kernel_use_fds(lvm_t)
 
-selinux_get_fs_mount(lvm_t)
-selinux_validate_context(lvm_t)
-selinux_compute_access_vector(lvm_t)
-selinux_compute_create_context(lvm_t)
-selinux_compute_relabel_context(lvm_t)
-selinux_compute_user_contexts(lvm_t)
+corecmd_exec_bin(lvm_t)
+corecmd_exec_shell(lvm_t)
 
 dev_create_generic_chr_files(lvm_t)
 dev_delete_generic_dirs(lvm_t)
@@ -244,6 +240,15 @@ dev_dontaudit_getattr_generic_blk_files(lvm_t)
 dev_dontaudit_getattr_generic_pipes(lvm_t)
 dev_create_generic_dirs(lvm_t)
 
+domain_use_interactive_fds(lvm_t)
+domain_read_all_domains_state(lvm_t)
+
+files_read_usr_files(lvm_t)
+files_read_etc_files(lvm_t)
+files_read_etc_runtime_files(lvm_t)
+# for when /usr is not mounted:
+files_dontaudit_search_isid_type_dirs(lvm_t)
+
 fs_getattr_xattr_fs(lvm_t)
 fs_search_auto_mountpoints(lvm_t)
 fs_list_tmpfs(lvm_t)
@@ -251,6 +256,13 @@ fs_read_tmpfs_symlinks(lvm_t)
 fs_dontaudit_read_removable_files(lvm_t)
 fs_dontaudit_getattr_tmpfs_files(lvm_t)
 
+selinux_get_fs_mount(lvm_t)
+selinux_validate_context(lvm_t)
+selinux_compute_access_vector(lvm_t)
+selinux_compute_create_context(lvm_t)
+selinux_compute_relabel_context(lvm_t)
+selinux_compute_user_contexts(lvm_t)
+
 storage_relabel_fixed_disk(lvm_t)
 storage_dontaudit_read_removable_device(lvm_t)
 # LVM creates block devices in /dev/mapper or /dev/<vg>
@@ -262,18 +274,6 @@ storage_dev_filetrans_fixed_disk(lvm_t)
 # Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
 storage_manage_fixed_disk(lvm_t)
 
-corecmd_exec_bin(lvm_t)
-corecmd_exec_shell(lvm_t)
-
-domain_use_interactive_fds(lvm_t)
-domain_read_all_domains_state(lvm_t)
-
-files_read_usr_files(lvm_t)
-files_read_etc_files(lvm_t)
-files_read_etc_runtime_files(lvm_t)
-# for when /usr is not mounted:
-files_dontaudit_search_isid_type_dirs(lvm_t)
-
 init_use_fds(lvm_t)
 init_dontaudit_getattr_initctl(lvm_t)
 init_use_script_ptys(lvm_t)

More information about the scm-commits mailing list