[selinux-policy: 2215/3172] fix ordering in mount.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:16:40 UTC 2010 

commit f0e959b4d2687462a3606b698783252f63b38535
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 5 10:16:41 2009 -0400

    fix ordering in mount.

 policy/modules/system/mount.te |   53 ++++++++++++++++++++-------------------
 1 files changed, 27 insertions(+), 26 deletions(-)
---
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index db30a48..42df7e5 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -51,6 +51,9 @@ kernel_read_system_state(mount_t)
 kernel_read_kernel_sysctls(mount_t)
 kernel_dontaudit_getattr_core_if(mount_t)
 
+# required for mount.smbfs
+corecmd_exec_bin(mount_t)
+
 dev_getattr_all_blk_files(mount_t)
 dev_list_all_dev_nodes(mount_t)
 dev_rw_lvm_control(mount_t)
@@ -58,26 +61,6 @@ dev_dontaudit_getattr_all_chr_files(mount_t)
 dev_dontaudit_getattr_memory_dev(mount_t)
 dev_getattr_sound_dev(mount_t)
 
-storage_raw_read_fixed_disk(mount_t)
-storage_raw_write_fixed_disk(mount_t)
-storage_raw_read_removable_device(mount_t)
-storage_raw_write_removable_device(mount_t)
-
-fs_getattr_xattr_fs(mount_t)
-fs_getattr_cifs(mount_t)
-fs_mount_all_fs(mount_t)
-fs_unmount_all_fs(mount_t)
-fs_remount_all_fs(mount_t)
-fs_relabelfrom_all_fs(mount_t)
-fs_list_auto_mountpoints(mount_t)
-fs_rw_tmpfs_chr_files(mount_t)
-fs_read_tmpfs_symlinks(mount_t)
-
-term_use_all_terms(mount_t)
-
-# required for mount.smbfs
-corecmd_exec_bin(mount_t)
-
 domain_use_interactive_fds(mount_t)
 
 files_search_all(mount_t)
@@ -97,22 +80,40 @@ files_read_isid_type_files(mount_t)
 files_read_usr_files(mount_t)
 files_list_mnt(mount_t)
 
+fs_getattr_xattr_fs(mount_t)
+fs_getattr_cifs(mount_t)
+fs_mount_all_fs(mount_t)
+fs_unmount_all_fs(mount_t)
+fs_remount_all_fs(mount_t)
+fs_relabelfrom_all_fs(mount_t)
+fs_list_auto_mountpoints(mount_t)
+fs_rw_tmpfs_chr_files(mount_t)
+fs_read_tmpfs_symlinks(mount_t)
+
+mls_file_read_all_levels(mount_t)
+mls_file_write_all_levels(mount_t)
+
+selinux_get_enforce_mode(mount_t)
+
+storage_raw_read_fixed_disk(mount_t)
+storage_raw_write_fixed_disk(mount_t)
+storage_raw_read_removable_device(mount_t)
+storage_raw_write_removable_device(mount_t)
+
+term_use_all_terms(mount_t)
+
+auth_use_nsswitch(mount_t)
+
 init_use_fds(mount_t)
 init_use_script_ptys(mount_t)
 init_dontaudit_getattr_initctl(mount_t)
 
-auth_use_nsswitch(mount_t)
-
 logging_send_syslog_msg(mount_t)
 
 miscfiles_read_localization(mount_t)
 
-mls_file_read_all_levels(mount_t)
-mls_file_write_all_levels(mount_t)
-
 sysnet_use_portmap(mount_t)
 
-selinux_get_enforce_mode(mount_t)
 seutil_read_config(mount_t)
 
 userdom_use_all_users_fds(mount_t)

More information about the scm-commits mailing list