[yocto] [meta-selinux][PATCH 1/4] refpolicy: associate tmpfs_t (shm) to device_t (devtmpfs) file systems
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Mon Mar 24 18:07:47 PDT 2014
From: Wenzong Fan <wenzong.fan at windriver.com>
The patch is backported from upstream.
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
...associate-tmpfs_t-shm-to-device_t-devtmpf.patch | 30 ++++++++++++++++++++
.../refpolicy/refpolicy_2.20130424.inc | 1 +
2 files changed, 31 insertions(+)
create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
diff --git a/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
new file mode 100644
index 0000000..094d9e5
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-2.20130424/filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch
@@ -0,0 +1,30 @@
+Upstream-Status: backport
+
+Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
+=========================
+From e3072cb7bf8f9e09598f01c9eb58d9cfb319d8a1 Mon Sep 17 00:00:00 2001
+From: Dominick Grift <dominick.grift at gmail.com>
+Date: Tue, 24 Sep 2013 15:39:21 +0200
+Subject: [PATCH] filesystem: associate tmpfs_t (shm) to device_t (devtmpfs)
+ file systems
+
+Signed-off-by: Dominick Grift <dominick.grift at gmail.com>
+---
+ policy/modules/kernel/filesystem.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
+index ed59e5e..f72cde1 100644
+--- a/policy/modules/kernel/filesystem.te
++++ b/policy/modules/kernel/filesystem.te
+@@ -177,6 +177,7 @@ genfscon vxfs / gen_context(system_u:object_r:vxfs_t,s0)
+ # tmpfs_t is the type for tmpfs filesystems
+ #
+ type tmpfs_t;
++dev_associate(tmpfs_t)
+ fs_type(tmpfs_t)
+ files_type(tmpfs_t)
+ files_mountpoint(tmpfs_t)
+--
+1.7.10.4
+
diff --git a/recipes-security/refpolicy/refpolicy_2.20130424.inc b/recipes-security/refpolicy/refpolicy_2.20130424.inc
index 9e5e426..08ed04c 100644
--- a/recipes-security/refpolicy/refpolicy_2.20130424.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20130424.inc
@@ -58,6 +58,7 @@ SRC_URI += "file://poky-policy-fix-xconsole_device_t-as-a-dev_node.patch \
# Backport from upstream
SRC_URI += "file://Allow-ping-to-get-set-capabilities.patch \
+ file://filesystem-associate-tmpfs_t-shm-to-device_t-devtmpf.patch \
"
include refpolicy_common.inc
--
1.7.9.5
More information about the yocto
mailing list