[refpolicy] [PATCH 2/3] user access to DOS files

Guido Trentalancia guido at trentalancia.com
Thu Sep 6 12:05:37 CDT 2012


On 06/09/2012 18:31, Guido Trentalancia wrote:
> On 06/09/2012 16:24, Laurent Bigonville wrote:
>> Le Tue,  4 Sep 2012 23:21:08 +0200,
>> Laurent Bigonville <bigon at debian.org> a écrit :
>>
>>> +	tunable_policy(`user_manage_dos_files',`
>>> +		fs_manage_dos_dirs($1_t)
>>> +		fs_manage_dos_files($1_t)
>>> +	')
>>> +
>>>    ')
>>
>> I was reading the code further and isn't the proposed patch actually
>> redundant with user_rw_noexattrfile?
>>
>>           tunable_policy(`user_rw_noexattrfile',`
>>                   fs_manage_noxattr_fs_files($1_t)
>>                   fs_manage_noxattr_fs_dirs($1_t)
>>           ',`
>>                   fs_read_noxattr_fs_files($1_t)
>>           ')
>>
>> So shouldn't the proposed patch simply be dropped?
>
> Fortunately, it has not been applied, I think. And if it causes problems
> and degradation of current policy, as you now recognize, why did you
> post it in the first place then ?

If you want to have some fun with filesystem-related things, then a very 
light supplemental patch might be needed for latest versions of the 
ntfs-3g project, as far as I remember from testing. It would need to 
have FUSE support, but optionalized (through good use of tunable policy 
which means do not allow by default the loading of fuse.ko kernel module 
and a few other related permissions that are only needed in FUSE 
supporting versions).


More information about the refpolicy mailing list