[selinux-policy: 198/3172] add tmpfsfile support
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:22:05 UTC 2010
commit 46410fd2b965d219e0c70ec11f7b2ba420791f47
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon May 23 15:49:31 2005 +0000
add tmpfsfile support
refpolicy/policy/modules/system/files.if | 46 ++++++++++++++++++++++++++++++
refpolicy/policy/modules/system/files.te | 3 +-
2 files changed, 48 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index b1fcda2..2d8f3c9 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -74,6 +74,29 @@ attribute tmpfile;
')
########################################
+## <interface name="files_make_tmpfs_file">
+## <description>
+## Transform the type into a file, for use on a
+## virtual memory filesystem (tmpfs).
+## </description>
+## <parameter name="type">
+## The type to be transformed.
+## </parameter>
+## <infoflow type="none"/>
+## </interface>
+#
+define(`files_make_tmpfs_file',`
+requires_block_template(`$0'_depend)
+files_make_file($1)
+filesystem_tmpfs_associate($1)
+typeattribute $1 tmpfsfile;
+')
+
+define(`files_make_tmpfs_file_depend',`
+attribute tmpfsfile;
+')
+
+########################################
#
# files_get_all_file_attributes(domain)
#
@@ -408,6 +431,29 @@ class lnk_file { getattr read };
')
########################################
+## <interface name="files_remove_general_system_config">
+## <description>
+## Delete system configuration files in /etc.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="write" weight="1"/>
+## </interface>
+#
+define(`files_remove_general_system_config',`
+requires_block_template(`$0'_depend)
+allow $1 etc_t:dir { getattr search read write remove_name };
+allow $1 etc_t:file unlink;
+')
+
+define(`files_remove_general_system_config_depend',`
+type etc_t;
+class dir { getattr search read write remove_name };
+class file unlink;
+')
+
+########################################
#
# files_execute_system_config_script(domain)
#
diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te
index c26db14..3dc0026 100644
--- a/refpolicy/policy/modules/system/files.te
+++ b/refpolicy/policy/modules/system/files.te
@@ -4,9 +4,10 @@ policy_module(files,1.0)
attribute file_type;
attribute lockfile;
+attribute mountpoint;
attribute pidfile;
attribute tmpfile;
-attribute mountpoint;
+attribute tmpfsfile;
# default_t is the default type for files that do not
# match any specification in the file_contexts configuration
More information about the scm-commits
mailing list