[refpolicy] [PATCH 2/3] user access to DOS files
guido at trentalancia.com
Thu Sep 6 12:05:37 CDT 2012
On 06/09/2012 18:31, Guido Trentalancia wrote:
> On 06/09/2012 16:24, Laurent Bigonville wrote:
>> Le Tue, 4 Sep 2012 23:21:08 +0200,
>> Laurent Bigonville <bigon at debian.org> a écrit :
>>> + tunable_policy(`user_manage_dos_files',`
>>> + fs_manage_dos_dirs($1_t)
>>> + fs_manage_dos_files($1_t)
>>> + ')
>> I was reading the code further and isn't the proposed patch actually
>> redundant with user_rw_noexattrfile?
>> So shouldn't the proposed patch simply be dropped?
> Fortunately, it has not been applied, I think. And if it causes problems
> and degradation of current policy, as you now recognize, why did you
> post it in the first place then ?
If you want to have some fun with filesystem-related things, then a very
light supplemental patch might be needed for latest versions of the
ntfs-3g project, as far as I remember from testing. It would need to
have FUSE support, but optionalized (through good use of tunable policy
which means do not allow by default the loading of fuse.ko kernel module
and a few other related permissions that are only needed in FUSE
More information about the refpolicy