[refpolicy] [PATCH 3/3] Grant kernel_t necessary permissions for loopback mounts

Luis Ressel aranea at aixah.de
Wed Jan 29 17:45:12 EST 2014


For loopback mounts to work, the kernel requires access permissions to
fd's passed in by mount and to the source files (labeled mount_loopback_t).
---
 policy/modules/kernel/kernel.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 6a2e170..0742a0c 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -287,6 +287,10 @@ files_list_etc(kernel_t)
 files_list_home(kernel_t)
 files_read_usr_files(kernel_t)
 
+allow kernel_t mount_t:fd use;
+allow kernel_t mount_loopback_t:fd use;
+allow kernel_t mount_loopback_t:file read_file_perms;
+
 mcs_process_set_categories(kernel_t)
 
 mls_process_read_up(kernel_t)
-- 
1.8.5.3



More information about the refpolicy mailing list