refpolicy: associate tmpfs_t (shm) to device_t (devtmpfs) file systems

The patch is backported from upstream. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Wenzong Fan <wenzong.fan@windriver.com> 2014-04-03 14:05:47 -0400
committer: Joe MacDonald <joe@deserted.net> 2014-04-03 14:46:09 -0400
commit: e8fa933234dfae2df9bb1246850f082b0f1e0fe3 (patch)
tree: c400721f2846ed043c2666771b6cbfb27ba2893b
parent: 68b17d7b418d9d23550c4372a89c54627b02e29d (diff)
download: meta-selinux-e8fa933234dfae2df9bb1246850f082b0f1e0fe3.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
new file mode 100644
index 0000000..094d9e5
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
@@ -0,0 +1,30 @@
+Upstream-Status: backport
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+=========================
+From e3072cb7bf8f9e09598f01c9eb58d9cfb319d8a1 Mon Sep 17 00:00:00 2001
+From: Dominick Grift <dominick.grift@gmail.com>
+Date: Tue, 24 Sep 2013 15:39:21 +0200
+Subject: [PATCH] filesystem: associate tmpfs_t (shm) to device_t (devtmpfs)
+ file systems
+Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
+---
+ policy/modules/kernel/filesystem.te |    1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
+index ed59e5e..f72cde1 100644
+--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
+@@ -177,6 +177,7 @@ genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
+ # tmpfs_t is the type for tmpfs filesystems
+ #
+ type tmpfs_t;
+dev_associate(tmpfs_t)
+ fs_type(tmpfs_t)
+ files_type(tmpfs_t)
+ files_mountpoint(tmpfs_t)
+-- 
+1.7.10.4
diff --git a/recipes-security/refpolicy/refpolicy_2.20130424.inc b/recipes-security/refpolicy/refpolicy_2.20130424.inc
index b9fadb4..a5f142f 100644
--- a/recipes-security/refpolicy/refpolicy_2.20130424.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20130424.inc
@@ -60,6 +60,7 @@ SRC_URI += "file://poky-policy-fix-xconsole_device_t-as-a-dev_node.patch \
 # Backport from upstream
 SRC_URI += "file://Allow-ping-to-get-set-capabilities.patch \
+            file://filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch \
           "
 include refpolicy_common.inc
author	Wenzong Fan <wenzong.fan@windriver.com>	2014-04-03 14:05:47 -0400
committer	Joe MacDonald <joe@deserted.net>	2014-04-03 14:46:09 -0400
commit	e8fa933234dfae2df9bb1246850f082b0f1e0fe3 (patch)
tree	c400721f2846ed043c2666771b6cbfb27ba2893b
parent	68b17d7b418d9d23550c4372a89c54627b02e29d (diff)
download	meta-selinux-e8fa933234dfae2df9bb1246850f082b0f1e0fe3.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch new file mode 100644 index 0000000..094d9e5 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
@@ -0,0 +1,30 @@
		1	Upstream-Status: backport
		2
		3	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
		4	=========================
		5	From e3072cb7bf8f9e09598f01c9eb58d9cfb319d8a1 Mon Sep 17 00:00:00 2001
		6	From: Dominick Grift <dominick.grift@gmail.com>
		7	Date: Tue, 24 Sep 2013 15:39:21 +0200
		8	Subject: [PATCH] filesystem: associate tmpfs_t (shm) to device_t (devtmpfs)
		9	file systems
		10
		11	Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
		12	---
		13	policy/modules/kernel/filesystem.te \| 1 +
		14	1 file changed, 1 insertion(+)
		15
		16	diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
		17	index ed59e5e..f72cde1 100644
		18	--- a/policy/modules/kernel/filesystem.te
		19	+++ b/policy/modules/kernel/filesystem.te
		20	@@ -177,6 +177,7 @@ genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
		21	# tmpfs_t is the type for tmpfs filesystems
		22	#
		23	type tmpfs_t;
		24	+dev_associate(tmpfs_t)
		25	fs_type(tmpfs_t)
		26	files_type(tmpfs_t)
		27	files_mountpoint(tmpfs_t)
		28	--
		29	1.7.10.4
		30


diff --git a/recipes-security/refpolicy/refpolicy_2.20130424.inc b/recipes-security/refpolicy/refpolicy_2.20130424.inc index b9fadb4..a5f142f 100644 --- a/recipes-security/refpolicy/refpolicy_2.20130424.inc +++ b/recipes-security/refpolicy/refpolicy_2.20130424.inc
@@ -60,6 +60,7 @@ SRC_URI += "file://poky-policy-fix-xconsole_device_t-as-a-dev_node.patch \
60		60
61	# Backport from upstream	61	# Backport from upstream
62	SRC_URI += "file://Allow-ping-to-get-set-capabilities.patch \	62	SRC_URI += "file://Allow-ping-to-get-set-capabilities.patch \
		63	file://filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch \
63	"	64	"
64		65
65	include refpolicy_common.inc	66	include refpolicy_common.inc