[refpolicy] [PATCH 1/3] Allow mount_t to follow mount_loopback_t symlinks

Luis Ressel aranea at aixah.de
Wed Jan 29 17:45:10 EST 2014


This is useful for some application scenarios and doesn't harm security.
---
 policy/modules/system/mount.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 03f0911..7d01431 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -44,6 +44,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
 allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
 
 allow mount_t mount_loopback_t:file read_file_perms;
+allow mount_t mount_loopback_t:lnk_file read_file_perms;
 
 allow mount_t mount_tmp_t:file manage_file_perms;
 allow mount_t mount_tmp_t:dir manage_dir_perms;
-- 
1.8.5.3



More information about the refpolicy mailing list