diff options
| author |   Kenton Groombridge <me@concord.sh> | 2021-02-01 15:46:24 -0500 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2021-02-06 12:54:11 -0800 |
| commit | db53283aab8d16614c4c72b3967d8570083a2e20 (patch) | |
| tree | c0bcd6e5e63a0ad2120705b6920b78331ab0e31b | |
| parent | certbot: add support for acme.sh (diff) | |
| download | hardened-refpolicy-db53283a.tar.gz hardened-refpolicy-db53283a.tar.bz2 hardened-refpolicy-db53283a.zip | |
lvm: add lvm_tmpfs_t type and rules
cryptsetup uses tmpfs when performing some operations on encrypted
volumes such as changing keys.
Signed-off-by: Kenton Groombridge <me@concord.sh>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/system/lvm.te | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index a0cc3bd90..990531320 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -42,6 +42,9 @@ init_unit_file(lvm_unit_t) type lvm_tmp_t; files_tmp_file(lvm_tmp_t) +type lvm_tmpfs_t; +files_tmpfs_file(lvm_tmpfs_t) + type lvm_var_lib_t; files_type(lvm_var_lib_t) @@ -183,6 +186,10 @@ manage_dirs_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t) manage_files_pattern(lvm_t, lvm_tmp_t, lvm_tmp_t) files_tmp_filetrans(lvm_t, lvm_tmp_t, { file dir }) +manage_dirs_pattern(lvm_t, lvm_tmpfs_t, lvm_tmpfs_t) +manage_files_pattern(lvm_t, lvm_tmpfs_t, lvm_tmpfs_t) +fs_tmpfs_filetrans(lvm_t, lvm_tmpfs_t, { dir file }) + # /lib/lvm-<version> holds the actual LVM binaries (and symlinks) read_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t) read_lnk_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t) |