From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A0E08138A1F for ; Fri, 11 Apr 2014 17:49:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B807CE0AAC; Fri, 11 Apr 2014 17:48:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 25A4AE0AA7 for ; Fri, 11 Apr 2014 17:48:57 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 54F3C3401A8 for ; Fri, 11 Apr 2014 17:48:56 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id DB76C188CE for ; Fri, 11 Apr 2014 17:48:53 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1397238479.e5a9a4b6a5a10d11bd8934e6b79da7ff6d88597b.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/selinuxutil.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: e5a9a4b6a5a10d11bd8934e6b79da7ff6d88597b X-VCS-Branch: master Date: Fri, 11 Apr 2014 17:48:53 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 8aa22b2a-e08e-4da3-aa3b-86acd4aa5c17 X-Archives-Hash: 8d679581971db9d18feef8ffe8d71675 commit: e5a9a4b6a5a10d11bd8934e6b79da7ff6d88597b Author: Laurent Bigonville bigon be> AuthorDate: Fri Apr 4 20:52:54 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Fri Apr 11 17:47:59 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e5a9a4b6 Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t Use the new fs_getattr_all_xattr_fs() interface to allow setfiles_t and restorecond_t domain to also get the attributes on pseudo-filesystems that support xattr https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740682 --- policy/modules/system/selinuxutil.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 305ef69..cf0c693 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -332,7 +332,7 @@ kernel_read_system_state(restorecond_t) fs_relabelfrom_noxattr_fs(restorecond_t) fs_dontaudit_list_nfs(restorecond_t) -fs_getattr_xattr_fs(restorecond_t) +fs_getattr_all_xattr_fs(restorecond_t) fs_list_inotifyfs(restorecond_t) selinux_validate_context(restorecond_t) @@ -564,7 +564,7 @@ files_relabel_all_files(setfiles_t) files_read_usr_symlinks(setfiles_t) files_dontaudit_read_all_symlinks(setfiles_t) -fs_getattr_xattr_fs(setfiles_t) +fs_getattr_all_xattr_fs(setfiles_t) fs_list_all(setfiles_t) fs_search_auto_mountpoints(setfiles_t) fs_relabelfrom_noxattr_fs(setfiles_t)