← Back to branch summary

~ubuntu-branches/ubuntu/natty/refpolicy-ubuntu/natty

« back to all changes in this revision

Viewing changes to policy/modules/kernel/filesystem.if

  • Committer: Bazaar Package Importer
  • Author(s): Caleb Case
  • Date: 2009-10-19 01:48:39 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20091019014839-0rpi67ygkrjya30k
Tags: 0.2.20090730-0ubuntu1
https://launchpad.net/bugs/434084
* Updated to upstream release 2.20090730
* Handle Upstart direct execution of daemons.
* Pre-depend on selinux to ensure that the trigger is handled (LP: #434084).

Show diffs side-by-side

added added

removed removed

Lines of Context:
policy/modules/kernel/filesystem.if
103
103
                attribute noxattrfs;
104
104
        ')
105
105
 
106
 
        can_exec($1,noxattrfs)
 
106
        can_exec($1, noxattrfs)
107
107
')
108
108
 
109
109
########################################
759
759
 
760
760
########################################
761
761
## <summary>
 
762
##      Dont audit attempts to write to noxattrfs files.
 
763
## </summary>
 
764
## <param name="domain">
 
765
##      <summary>
 
766
##      Domain allowed access.
 
767
##      </summary>
 
768
## </param>
 
769
#
 
770
interface(`fs_dontaudit_write_noxattr_fs_files',`
 
771
        gen_require(`
 
772
                attribute noxattrfs;
 
773
        ')
 
774
 
 
775
        dontaudit $1 noxattrfs:file write;
 
776
')
 
777
 
 
778
########################################
 
779
## <summary>
762
780
##      Create, read, write, and delete all noxattrfs files.
763
781
## </summary>
764
782
## <param name="domain">
1437
1455
                type fusefs_t;
1438
1456
        ')
1439
1457
 
1440
 
        read_files_pattern($1,fusefs_t,fusefs_t)
 
1458
        read_files_pattern($1, fusefs_t, fusefs_t)
1441
1459
')
1442
1460
 
1443
1461
########################################
2154
2172
                type removable_t;
2155
2173
        ')
2156
2174
 
 
2175
        allow $1 removable_t:dir list_dir_perms;
2157
2176
        rw_blk_files_pattern($1, removable_t, removable_t)
2158
2177
')
2159
2178
 
3624
3643
        ')
3625
3644
 
3626
3645
        allow $1 filesystem_type:filesystem getattr;
 
3646
        files_getattr_all_file_type_fs($1)
3627
3647
')
3628
3648
 
3629
3649
########################################