[selinux-policy: 2450/3172] Improve filesystem interfaces: fs_getattr_xattr_fs() fs_getattr_all_fs() fs_search_auto_mountpoints(

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:37:32 UTC 2010 

commit 12f73d8b69359d1368ae5bf48e2360f289bd68d2
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Mar 1 14:50:55 2010 -0500

    Improve filesystem interfaces:
    fs_getattr_xattr_fs()
    fs_getattr_all_fs()
    fs_search_auto_mountpoints()

 policy/modules/kernel/filesystem.if |   43 +++++++++++++++++++++++++++++++---
 1 files changed, 39 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index eb723b4..aa52f45 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -169,15 +169,30 @@ interface(`fs_unmount_xattr_fs',`
 
 ########################################
 ## <summary>
-##	Get the attributes of a persistent
-##	filesystem which has extended
+##	Get the attributes of persistent
+##	filesystems which have extended
 ##	attributes, such as ext3, JFS, or XFS.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to
+##	get the attributes of a persistent
+##	filesystems which have extended
+##	attributes, such as ext3, JFS, or XFS.
+##	Example attributes:
+##	</p>
+##	<ul>
+##		<li>Type of the file system (e.g., ext3)</li>
+##		<li>Size of the file system</li>
+##		<li>Available space on the file system</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="5"/>
 ## <rolecap/>
 #
 interface(`fs_getattr_xattr_fs',`
@@ -407,11 +422,19 @@ interface(`fs_getattr_autofs',`
 ##	Search automount filesystem to use automatically
 ##	mounted filesystems.
 ## </summary>
+## <desc>
+##	Allow the specified domain to search mount points
+##	that have filesystems that are mounted by
+##	the automount service.  Generally this will
+##	be required for any domain that accesses objects
+##	on these filesystems.
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="5"/>
 #
 interface(`fs_search_auto_mountpoints',`
 	gen_require(`
@@ -3837,14 +3860,26 @@ interface(`fs_unmount_all_fs',`
 
 ########################################
 ## <summary>
-##	Get the attributes of all persistent
-##	filesystems.
+##	Get the attributes of all filesystems.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to
+##	et the attributes of all filesystems.
+##	Example attributes:
+##	</p>
+##	<ul>
+##		<li>Type of the file system (e.g., ext3)</li>
+##		<li>Size of the file system</li>
+##		<li>Available space on the file system</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="5"/>
 ## <rolecap/>
 #
 interface(`fs_getattr_all_fs',`

More information about the scm-commits mailing list