← Back to branch summary

~ubuntu-branches/ubuntu/natty/refpolicy-ubuntu/natty

« back to all changes in this revision

Viewing changes to policy/modules/system/mount.te

  • Committer: Bazaar Package Importer
  • Author(s): Caleb Case
  • Date: 2009-10-19 01:48:39 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20091019014839-0rpi67ygkrjya30k
Tags: 0.2.20090730-0ubuntu1
https://launchpad.net/bugs/434084
* Updated to upstream release 2.20090730
* Handle Upstart direct execution of daemons.
* Pre-depend on selinux to ensure that the trigger is handled (LP: #434084).

Show diffs side-by-side

added added

removed removed

Lines of Context:
policy/modules/system/mount.te
1
1
 
2
 
policy_module(mount, 1.10.0)
 
2
policy_module(mount, 1.10.1)
3
3
 
4
4
########################################
5
5
#
11
11
## Allow the mount command to mount any directory or file.
12
12
## </p>
13
13
## </desc>
14
 
gen_tunable(allow_mount_anyfile,false)
 
14
gen_tunable(allow_mount_anyfile, false)
15
15
 
16
16
type mount_t;
17
17
type mount_exec_t;
18
 
init_system_domain(mount_t,mount_exec_t)
 
18
init_system_domain(mount_t, mount_exec_t)
19
19
role system_r types mount_t;
20
20
 
21
21
type mount_loopback_t; # customizable
28
28
# this is optionally declared in monolithic
29
29
# policy--duplicate type declaration
30
30
type unconfined_mount_t;
31
 
application_domain(unconfined_mount_t,mount_exec_t)
 
31
application_domain(unconfined_mount_t, mount_exec_t)
32
32
 
33
33
########################################
34
34
#
45
45
 
46
46
can_exec(mount_t, mount_exec_t)
47
47
 
48
 
files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir })
 
48
files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
49
49
 
50
50
kernel_read_system_state(mount_t)
51
51
kernel_read_kernel_sysctls(mount_t)
83
83
files_search_all(mount_t)
84
84
files_read_etc_files(mount_t)
85
85
files_manage_etc_runtime_files(mount_t)
86
 
files_etc_filetrans_etc_runtime(mount_t,file)
 
86
files_etc_filetrans_etc_runtime(mount_t, file)
87
87
files_mounton_all_mountpoints(mount_t)
88
88
files_unmount_rootfs(mount_t)
89
89
# These rules need to be generalized.  Only admin, initrc should have it:
193
193
#
194
194
 
195
195
optional_policy(`
196
 
        files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
 
196
        files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
197
197
        unconfined_domain(unconfined_mount_t)
198
198
')