From 3fde607ca5a130a1a57a7a6a5c34dd7b56f8a84d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Oct 25 2007 23:48:40 +0000 Subject: - Add ecryptfs definition --- diff --git a/policy-20070703.patch b/policy-20070703.patch index 6b17619..4033445 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -4383,16 +4383,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.0.8/policy/modules/kernel/filesystem.te --- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-10-22 13:21:41.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.te 2007-10-22 13:22:31.000000000 -0400 -@@ -29,6 +29,7 @@ ++++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.te 2007-10-25 19:46:18.000000000 -0400 +@@ -21,6 +21,7 @@ + + # Use xattrs for the following filesystem types. + # Requires that a security xattr handler exist for the filesystem. ++fs_use_xattr ecryptfs gen_context(system_u:object_r:fs_t,s0); + fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0); + fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0); + fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0); +@@ -28,6 +29,7 @@ + fs_use_xattr gfs2 gen_context(system_u:object_r:fs_t,s0); fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0); fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0); - fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0); +fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0); + fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0); # Use the allocating task SID to label inodes in the following filesystem - # types, and label the filesystem itself with the specified context. -@@ -80,6 +81,7 @@ +@@ -80,6 +82,7 @@ type fusefs_t; fs_noxattr_type(fusefs_t) allow fusefs_t self:filesystem associate; @@ -4400,7 +4408,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy genfscon fuse / gen_context(system_u:object_r:fusefs_t,s0) genfscon fuseblk / gen_context(system_u:object_r:fusefs_t,s0) -@@ -116,6 +118,7 @@ +@@ -116,6 +119,7 @@ type ramfs_t; fs_type(ramfs_t) @@ -4408,7 +4416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0) type romfs_t; -@@ -133,6 +136,11 @@ +@@ -133,6 +137,11 @@ genfscon spufs / gen_context(system_u:object_r:spufs_t,s0) files_mountpoint(spufs_t)