From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-662458-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id C8480138247
	for <garchives@archives.gentoo.org>; Thu, 23 Jan 2014 20:00:51 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 972B6E0AE3;
	Thu, 23 Jan 2014 20:00:49 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B9EEAE0AE2
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Jan 2014 20:00:48 +0000 (UTC)
Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id A833F33F0AF
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Jan 2014 20:00:47 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by spoonbill.gentoo.org (Postfix) with ESMTP id 33074183B3
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Jan 2014 20:00:46 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1390507167.14d96d1fa40e6d7c911904703ee00bd653194ca0.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/storage.fc policy/modules/system/fstools.fc policy/modules/system/mount.fc
X-VCS-Directories: policy/modules/system/ policy/modules/kernel/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 14d96d1fa40e6d7c911904703ee00bd653194ca0
X-VCS-Branch: master
Date: Thu, 23 Jan 2014 20:00:46 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: f68ae322-c3e7-4873-9c6f-79b6f569d2bf
X-Archives-Hash: 7836121ee85b178fbeaf338c34cabb24

commit:     14d96d1fa40e6d7c911904703ee00bd653194ca0
Author:     Matthew Thode <mthode <AT> mthode <DOT> org>
AuthorDate: Fri Dec 20 21:06:20 2013 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Jan 23 19:59:27 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=14d96d1f

Extending support for SELinux on ZFS

Signed-off-by: Matthew Thode <mthode <AT> mthode.org>

---
 policy/modules/kernel/storage.fc | 5 +++++
 policy/modules/system/fstools.fc | 6 ++++++
 policy/modules/system/mount.fc   | 4 ++++
 3 files changed, 15 insertions(+)

diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 54f1827..4315bd5 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -79,5 +79,10 @@ ifdef(`distro_redhat', `
 
 /dev/usb/rio500		-c	gen_context(system_u:object_r:removable_device_t,s0)
 
+/dev/zfs			-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/zpios			-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/zvol(/.*)?		-l	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/zd.*			-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+
 /lib/udev/devices/loop.* -b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /lib/udev/devices/fuse	-c	gen_context(system_u:object_r:fuse_device_t,s0)

diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
index e2e6b71..9b835cf 100644
--- a/policy/modules/system/fstools.fc
+++ b/policy/modules/system/fstools.fc
@@ -36,6 +36,12 @@
 /sbin/swapoff		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /sbin/swapon.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /sbin/tune2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zpios			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/ztest			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zinject		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zhack			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zdb			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zstreamdump	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 
 /usr/bin/partition_uuid	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /usr/bin/raw		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc
index 4619000..a5e1c6e 100644
--- a/policy/modules/system/mount.fc
+++ b/policy/modules/system/mount.fc
@@ -2,6 +2,10 @@
 /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 
+/sbin/mount.zfs			--	gen_context(system_u:object_r:mount_exec_t,s0)
+/sbin/zpool				--	gen_context(system_u:object_r:mount_exec_t,s0)
+/sbin/zfs				--	gen_context(system_u:object_r:mount_exec_t,s0)
+
 /usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
 
 /var/run/mount(/.*)?			gen_context(system_u:object_r:mount_var_run_t,s0)