From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 20 Apr 2012 16:12:07 -0400
Subject: [refpolicy] [PATCH 10/13] Adding dontaudits for mount
In-Reply-To: <20120322201233.GK3387@siphos.be>
References: <20120322200229.GA3387@siphos.be> <20120322201233.GK3387@siphos.be>
Message-ID: <4F91C317.8070704@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/22/12 16:12, Sven Vermeulen wrote:
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/system/mount.te |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> index fba350b..57c2a00 100644
> --- a/policy/modules/system/mount.te
> +++ b/policy/modules/system/mount.te
> @@ -89,7 +89,8 @@ files_read_isid_type_files(mount_t)
>  # For reading cert files
>  files_read_usr_files(mount_t)
>  files_list_mnt(mount_t)
> -files_dontaudit_write_root_dirs(mount_t)
> +files_dontaudit_write_all_mountpoints(mount_t)
> +files_dontaudit_setattr_all_mountpoints(mount_t)
>  
>  fs_getattr_xattr_fs(mount_t)
>  fs_getattr_cifs(mount_t)
> @@ -113,6 +114,7 @@ storage_raw_read_removable_device(mount_t)
>  storage_raw_write_removable_device(mount_t)
>  
>  term_use_all_terms(mount_t)
> +term_dontaudit_manage_pty_dirs(mount_t)
>  
>  auth_use_nsswitch(mount_t)
  
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com