[refpolicy] [PATCH 1/1] Allow mount to work on all file locations

Sven Vermeulen sven.vermeulen at siphos.be
Sun Sep 4 07:21:14 CDT 2011


In order for mount to work with all file locations, it needs
relabelfrom privileges as well (next to the relabelto ones).

The same patch is also already present in fedora's repository.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/system/mount.te |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 57d7294..429596f 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -77,7 +77,7 @@ files_etc_filetrans_etc_runtime(mount_t, file)
 files_mounton_all_mountpoints(mount_t)
 files_unmount_rootfs(mount_t)
 # These rules need to be generalized.  Only admin, initrc should have it:
-files_relabelto_all_file_type_fs(mount_t)
+files_relabel_all_file_type_fs(mount_t)
 files_mount_all_file_type_fs(mount_t)
 files_unmount_all_file_type_fs(mount_t)
 # for when /etc/mtab loses its type
-- 
1.7.3.4



More information about the refpolicy mailing list