[refpolicy] [PATCH 1/2] Label /var/run/mdadm/map as mdadm_map_t

Dominick Grift dominick.grift at gmail.com
Wed Sep 12 11:49:35 CDT 2012



On Wed, 2012-09-12 at 01:31 +0200, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon at bigon.be>
> 
> mdadm is now creating map file under /run/mdadm/map
> ---
>  raid.fc |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/raid.fc b/raid.fc
> index ed9c70d..e3c8bfb 100644
> --- a/raid.fc
> +++ b/raid.fc
> @@ -4,3 +4,4 @@
>  /sbin/mdmpd		--	gen_context(system_u:object_r:mdadm_exec_t,s0)
>  
>  /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0)
> +/var/run/mdadm/map	--	gen_context(system_u:object_r:mdadm_map_t,s0)

I think its probably best to drop mdadm_map_t and make it an alias of
mdadm_var_run_t instead

I have some changes from both myself and fedora for raid module in the
pipeline.

It sucks though because both fedora as well as refpolicy made mdadm_t a
unconfined type. That basically makes it almost impossible for us to
develop it further and receive feedback on it.



More information about the refpolicy mailing list