[selinux-policy: 2323/3172] RAID patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:26:17 UTC 2010
commit 0cad9a734eba3a9b6f619c0bf909d1b99c7e59dd
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Nov 25 11:17:19 2009 -0500
RAID patch from Dan Walsh.
policy/modules/system/raid.fc | 1 +
policy/modules/system/raid.te | 9 ++++++++-
2 files changed, 9 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/system/raid.fc b/policy/modules/system/raid.fc
index 0709927..ed9c70d 100644
--- a/policy/modules/system/raid.fc
+++ b/policy/modules/system/raid.fc
@@ -1,3 +1,4 @@
+/dev/.mdadm.map -- gen_context(system_u:object_r:mdadm_map_t,s0)
/sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0)
/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0)
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index 9814e67..7b23940 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -1,5 +1,5 @@
-policy_module(raid, 1.9.0)
+policy_module(raid, 1.9.1)
########################################
#
@@ -11,6 +11,9 @@ type mdadm_exec_t;
init_daemon_domain(mdadm_t, mdadm_exec_t)
role system_r types mdadm_t;
+type mdadm_map_t;
+files_type(mdadm_map_t)
+
type mdadm_var_run_t;
files_pid_file(mdadm_var_run_t)
@@ -24,6 +27,10 @@ dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
allow mdadm_t self:fifo_file rw_fifo_file_perms;
+# create .mdadm files in /dev
+allow mdadm_t mdadm_map_t:file manage_file_perms;
+dev_filetrans(mdadm_t, mdadm_map_t, file)
+
manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
files_pid_filetrans(mdadm_t, mdadm_var_run_t, file)
More information about the scm-commits
mailing list