40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
From 972e4dbcdf87067924239db5dcc89a099298700c Mon Sep 17 00:00:00 2001
|
|
From: Nikola Knazekova <nknazeko@redhat.com>
|
|
Date: Mon, 7 Nov 2022 15:20:12 +0100
|
|
Subject: [PATCH] Add interface to watch all filesystems
|
|
|
|
Resolves: rhbz#2139363
|
|
---
|
|
policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++
|
|
1 file changed, 18 insertions(+)
|
|
|
|
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
|
|
index d7645a534f..918bf32963 100644
|
|
--- a/policy/modules/kernel/filesystem.if
|
|
+++ b/policy/modules/kernel/filesystem.if
|
|
@@ -6426,6 +6426,24 @@ interface(`fs_unmount_all_fs',`
|
|
allow $1 filesystem_type:filesystem unmount;
|
|
')
|
|
|
|
+########################################
|
|
+## <summary>
|
|
+## Watch all filesystems.
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed access.
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`fs_watch_all_fs',`
|
|
+ gen_require(`
|
|
+ attribute filesystem_type;
|
|
+ ')
|
|
+
|
|
+ allow $1 filesystem_type:filesystem watch;
|
|
+')
|
|
+
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all filesystems.
|