[refpolicy] [PATCH 2/5] dontaudit mount writes to newly mounted filesystems
Chris Richards
gizmo at giz-works.com
Mon Nov 8 19:25:32 CST 2010
Signed-off-by: Chris Richards <gizmo at giz-works.com>
---
policy/modules/kernel/files.if | 20 +++++++++++++++++++-
1 files changed, 19 insertions(+), 1 deletions(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 5302dac..8f69b85 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1463,7 +1463,25 @@ interface(`files_list_root',`
allow $1 root_t:lnk_file { read_lnk_file_perms ioctl lock };
')
-########################################
+#############################################################
+## <summary>
+## Do not audit attempts to write to / dirs.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`files_dontaudit_write_root_dirs',`
+ gen_require(`
+ type root_t;
+ ')
+
+ dontaudit $1 root_t:dir write;
+')
+
+###################
## <summary>
## Do not audit attempts to write
## files in the root directory.
--
1.7.3.2
More information about the refpolicy
mailing list