[selinux-policy: 2871/3172] Any app that executes service command will not do a getattr of all mounted file systems
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:15:40 UTC 2010
commit 8187343042e567c59a8cd5fabe1e16116d0fd19c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Sep 8 08:56:13 2010 -0400
Any app that executes service command will not do a getattr of all mounted file systems
policy/modules/system/init.if | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index c504f34..f28524b 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -945,6 +945,8 @@ interface(`init_labeled_script_domtrans',`
')
typeattribute $1 initrc_transition_domain;
+ # service script searches all filesystems via mountpoint
+ fs_search_all($1)
domtrans_pattern($1, $2, initrc_t)
files_search_etc($1)
')
More information about the scm-commits
mailing list