[yocto] [meta-selinux][PATCH 1/4] refpolicy: associate tmpfs_t (shm) to device_t (devtmpfs) file systems

Mon, 24 Mar 2014 18:11:25 -0700 

From: Wenzong Fan <wenzong....@windriver.com>

The patch is backported from upstream.

Signed-off-by: Wenzong Fan <wenzong....@windriver.com>
---
 ...associate-tmpfs_t-shm-to-device_t-devtmpf.patch |   30 ++++++++++++++++++++
 .../refpolicy/refpolicy_2.20130424.inc             |    1 +
 2 files changed, 31 insertions(+)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch

diff --git 
a/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
 
b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
new file mode 100644
index 0000000..094d9e5
--- /dev/null
+++ 
b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
@@ -0,0 +1,30 @@
+Upstream-Status: backport
+
+Signed-off-by: Wenzong Fan <wenzong....@windriver.com>
+=========================
+From e3072cb7bf8f9e09598f01c9eb58d9cfb319d8a1 Mon Sep 17 00:00:00 2001
+From: Dominick Grift <dominick.gr...@gmail.com>
+Date: Tue, 24 Sep 2013 15:39:21 +0200
+Subject: [PATCH] filesystem: associate tmpfs_t (shm) to device_t (devtmpfs)
+ file systems
+
+Signed-off-by: Dominick Grift <dominick.gr...@gmail.com>
+---
+ policy/modules/kernel/filesystem.te |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/kernel/filesystem.te 
b/policy/modules/kernel/filesystem.te
+index ed59e5e..f72cde1 100644
+--- a/policy/modules/kernel/filesystem.te
++++ b/policy/modules/kernel/filesystem.te
+@@ -177,6 +177,7 @@ genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
+ # tmpfs_t is the type for tmpfs filesystems
+ #
+ type tmpfs_t;
++dev_associate(tmpfs_t)
+ fs_type(tmpfs_t)
+ files_type(tmpfs_t)
+ files_mountpoint(tmpfs_t)
+-- 
+1.7.10.4
+
diff --git a/recipes-security/refpolicy/refpolicy_2.20130424.inc 
b/recipes-security/refpolicy/refpolicy_2.20130424.inc
index 9e5e426..08ed04c 100644
--- a/recipes-security/refpolicy/refpolicy_2.20130424.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20130424.inc
@@ -58,6 +58,7 @@ SRC_URI += 
"file://poky-policy-fix-xconsole_device_t-as-a-dev_node.patch \
 
 # Backport from upstream
 SRC_URI += "file://Allow-ping-to-get-set-capabilities.patch \
+            file://filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch \
            "
 
 include refpolicy_common.inc
-- 
1.7.9.5

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to