[refpolicy] [PATCH 1/2] Label /var/run/mdadm/map as mdadm_map_t

Daniel J Walsh dwalsh at redhat.com
Thu Sep 13 10:36:47 CDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2012 12:49 PM, Dominick Grift wrote:
> 
> 
> On Wed, 2012-09-12 at 01:31 +0200, Laurent Bigonville wrote:
>> From: Laurent Bigonville <bigon at bigon.be>
>> 
>> mdadm is now creating map file under /run/mdadm/map --- raid.fc |    1 + 
>> 1 file changed, 1 insertion(+)
>> 
>> diff --git a/raid.fc b/raid.fc index ed9c70d..e3c8bfb 100644 ---
>> a/raid.fc +++ b/raid.fc @@ -4,3 +4,4 @@ /sbin/mdmpd		--
>> gen_context(system_u:object_r:mdadm_exec_t,s0)
>> 
>> /var/run/mdadm(/.*)?		gen_context(system_u:object_r:mdadm_var_run_t,s0) 
>> +/var/run/mdadm/map	--	gen_context(system_u:object_r:mdadm_map_t,s0)
> 
> I think its probably best to drop mdadm_map_t and make it an alias of 
> mdadm_var_run_t instead
> 
> I have some changes from both myself and fedora for raid module in the 
> pipeline.
> 
> It sucks though because both fedora as well as refpolicy made mdadm_t a 
> unconfined type. That basically makes it almost impossible for us to 
> develop it further and receive feedback on it.
> 
> _______________________________________________ refpolicy mailing list 
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
> 
Dominick lets turn that off in Rawhide.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBR/Y8ACgkQrlYvE4MpobO3CQCgqM77dqA/OM9r7a16r7PNfAHP
rnwAoNCHmqHjQmcN/g1eQj4vj7MlMhSi
=2osU
-----END PGP SIGNATURE-----


More information about the refpolicy mailing list